Tag Archives: WLAN analysis

Setting a new standard for WLAN analysis

Today, we announced the release of Omnipliance WiFi, the industry’s first WLAN analysis solution that allows for monitoring, analysis, and troubleshooting of distributed, multi-gigabit 802.11ac wireless network traffic. With this new offering, network administrators now have the ability to identify and solve critical network problems in real-time without ever leaving their desks.

As more and more organizations transition on to 802.11ac from older legacy 802.11 networks, traditional USB-based adapters for laptops that network administrators have relied on for years to monitor and troubleshoot WLANs are no longer sufficient.

Omnipliance WiFi is the only solution available on the market today to provide the mutli-Gigabit data capture, 24/7 enterprise-wide coverage, and time saving analytics enterprises need in order to properly manage and take full advantage of their 802.11ac networks.

For more information read our press release or visit the Omnipliance WiFi product page

802.11ac – New Standard, New Methodologies for WLAN Analysis

The 802.11ac Wi-Fi standard has the ability to revolutionize how enterprises support the large quantity of devices connected to corporate networks. Yet, most organizations do not understand that monitoring and analyzing 802.11ac traffic requires significant changes in the way wireless data is captured.

As we get closer to 802.11ac ratification (still scheduled for Q1 2014) we’re seeing the same pattern we saw with 802.11n. Early equipment in the market, developed against an early draft standard, was targeted mainly at the home market. Head into any electronics store (brick and mortar or online) and you’ll already find a wide selection of 802.11ac APs for the home. But it was only a few months ago that we began seeing devices from the major enterprise AP players hitting the market that are truly enterprise-grade. And it’s these new enterprise-grade APs that are going to force a change in WLAN troubleshooting and analysis.

As a provider of WLAN analysis solutions, the most common question we are hearing today is “what 802.11ac USB devices can I use to monitor the network?” The question seems innocent enough, but the answer is far from simple.

In the “good old days of a/b/g” finding a USB device for monitoring and analyzing was pretty simple. The APs and the USB adapters pretty much had the same capabilities regarding encoding, data transmission, and data rates, and these are some of the key elements when looking for compatible WLAN adapters to use for wireless packet capture. And the list of optional features was very short. But with 802.11n, and even more so with 802.11ac, APs often have much greater capabilities than stations, and this is especially true when comparing APs with 802.11ac USB WLAN adapters.

Most of the 802.11ac APs hitting the market are capable of at least 3-stream operation, and 4-stream APs will not be far behind. Most 802.11ac USB WLAN adapters are 1-stream, with a small selection at 2-stream. There are no 3-stream or 4-stream 802.11ac USB WLAN adapters, and it’s quite likely there won’t be any. The market for USB WLAN adapters is shrinking, as most devices have 802.11 built in, including products ranging from TVs and DVRs to washing machines and refrigerators.

So, if you have an 802.11ac network based on 4-stream APs, how can you ensure that you capture ALL of the traffic from these APs if the best USB-based capture device you can find is only 1- or 2-stream?

Well, I know everyone wants a different answer, but the answer is you can’t, at least not with a 1- or 2-stream USB WLAN adapter. If you have a 4-stream AP, and at least one 4-stream client (let’s say a dedicated video conferencing device that needs the maximum bandwidth it can achieve), you need a capture solution that is also 4-stream, and also supports any other optional features the AP/client combination may support.

And guess what, you already have such a device – it’s the AP itself! With 802.11ac, your best packet capture solution is another AP, preferably one of the same model being used in your network. There are 3 main approaches that can be employed.

  1. You can take an AP that’s adjacent to the AP whose communications you want to monitor, and turn it into “promiscuous” mode, a mode where the AP is in a “listen only” mode and can pick up all 802.11 communications in its vicinity. In most cases (meaning for most vendors APs) this requires taking the listening AP offline, but if you have sufficient overlap designed into your WLAN this is typically not a problem.
  2. If you don’t want to take an AP offline, simply add some strategically placed AP’s into your network that can be dedicated to packet capture and analysis.
    This creates a flexible, distributed monitoring network that allows you to monitor the WLAN remotely whenever it’s needed, or even 24×7. (We’ll cover the topic of 24×7 WLAN analysis in an upcoming blog.) And another benefit of this approach is that if you change your mind and decide you don’t need one or more of the monitoring points you designed in, you can simply work the AP into your overall WLAN, as opposed to a dedicated sensor which has no other purpose.
  3. If you still want to be portable, you can always bring your laptop and an AP to the area you wish to monitor, directly connect the AP to your laptop, and use it in promiscuous mode to capture all of the traffic. Though not as portable as USB devices attached to your laptop, this configuration will ensure that you can capture all of the 802.11ac traffic being generated by your WLAN.

This is not to say that 802.11ac USB WLAN adapters are useless for packet capture, or that portable analysis is dead. A significant percentage of the WLAN traffic on your 802.11ac WLAN will likely be 2-stream or less. Just about all laptops and handheld devices will be 2-stream or less to conserve battery power, and that’s likely to be what generates the bulk of your traffic. So you can still use a laptop with one or more 2-stream 802.11ac USB WLAN adapters (as soon as one that can be used for packet capture is commercially available) and you will be able to analyze your 1-and 2-stream 802.11ac traffic. But keep in mind that you won’t be seeing ALL of the traffic. Any traffic at 3-stream and above will simply not show up in the analyzer – you won’t know what you’re missing.

802.11ac will deliver on the promise of gigabit wireless, but it will also complicate your ability to monitor and analyze your network. The best approach is to plan ahead and design overlap into your 802.11ac network design. Whether you intend to simply troubleshoot from time to time, or you’re planning on a 24×7 monitoring and analysis capability, using APs as packet capture devices will provide complete visibility into your 802.11ac network, and it will provide a highly distributed analysis solution that you can access from anywhere, saving time and money when problems occur.

Should I capture network traffic in the air or on the wire?

The answer to the question: “Should I capture network traffic in the air or on the wire?” typically depends on the issue that has been reported or is being investigated. In this post, we specifically address the issue of wireless connectivity problems. Bottom line, dealing with specifics in WLAN analysis doesn’t have to be complicated, you just need to know where to look.

Let’s start where a user typically starts, connecting to the WLAN. Not only is this a great starting place, it’s also one of the most commonly reported problems. Connectivity issues should first be investigated by looking at the wireless traffic. Can you even see any packets coming from the wireless client? At a minimum, the client should be generating probe requests, packets sent by the client as it searches for an AP. If no probe requests are seen from the wireless client, it is clear the issue is with the client itself, most likely a configuration issueadult water slides for sale. An investigation of the user’s computer is now required.

Assuming the user is “on the air,” i.e. sending probe requests, more analysis of wireless traffic is required. The next things to look for are 802.11 management packets related to establishing a connection between the client and an AP. These include Association Request frames and Authentication frames. The user should be generating Association Request frames if it is trying to connect to an AP. If this association is failing, you will see either repeated association requests from the client without corresponding Association Response frames from the AP, or you will see sets of Association Request frames, Association Response frames and Disassociation frames. In either case, a detailed review of the configuration parameters on both the client and the AP is required as a configuration mismatch is the most likely the cause of the problem.

Once the association is successful, authentication must then be verified. The number of packets involved in authentication depends on the type of authentication being used, from “open” to “WPA2″. In any case, analysis on the wireless side of the network is the place to start. If authentication is failing, analysis of an Authentication frame should reveal if the authentication request is being denied, and why. It is at this point in the analysis that wired-side analysis becomes critical, as most authentication schemes involve wired communication between the AP and an authentication server. If the wireless analysis performed so far indicates the proper exchange of packets, the cause is most likely on the wired side of the network. Typical issues include a hardware or routing issue between the AP and the authentication server, a configuration mismatch, incomplete authentication data, or no response from the authentication server.

Though quite common, connectivity issues are only one of the common problems that exist in WLANs. In future posts we will discuss some of the other common problems, with the focus of how to best capture data to solve the problem, over the air or on the wire.