280 likes | 436 Views
QuickStart for AiroPeek. January 2002. The History of WildPackets. 1990: Introduced a Macintosh-based EtherPeek protocol analyzer 1996: Windows-based version of EtherPeek released
E N D
QuickStart for AiroPeek January 2002
The History of WildPackets 1990: Introduced a Macintosh-based EtherPeek protocol analyzer 1996: Windows-based version of EtherPeek released 1998: The iNetTools (under a different name at the time) were developed to allow active network testing such as a port scan and ping scan 2000: Changed name from AG Group to WildPackets 2000: Acquired Net3Group, makers of NetSense 2001: Acquired Optimized Engineering which is now the Professional Services arm of WildPackets 2001: Released AiroPeek to extend into the wireless market place
Current Customers Include.. Motorola, NY Times, 3Com, IBM,, Talk City, Condé Nast Publications, Novell, US Air Force, National Institutes of Health, DARPA, NASA Sandia National Labs, Liberty Mutual Insurance, EDS, GTE Information Services Apple Computer, Boeing, Cisco Systems, Microsoft, Nortel Networks Ericsson, Bank of America, Lucent Technologies, Yahoo!, FAA, Lockheed Martin, Xerox Corp., Lawrence Livermore National Labs and many, many K-12 and higher educational institutions in the United States and abroad.
Today’s Agenda • Launching AiroPeek • Examining network statistics • Overview of protocol layers • The Packets and decode windows • Using filters to isolate problems • Alarms and the Log Window • The iNet Tools • NetSense • Protocol Analysis Training Options
What is a Protocol Analyzer and when can it be used • AiroPeek is an example of a protocol analyzer • also referred to as a packet analyzer • An analyzer can ‘see’ the conversations between networked devices • By evaluating the traffic network problems can be identified • An analyzer is also useful in proactively monitoring a network to identify potential issues, before they turn into serious problems • We produce an analyzer for Ethernet and Token-Ring as well as Wireless 802.11
Getting Started with AiroPeek • In the 1.1 release, Supported Interfaces include: • Cisco Systems 340 and 350 WLAN Adapters • Symbol Spectrum24 11Mbps DS WLAN PC Card • Nortel Networks e-mobility WLAN PC Card • 3Com AirConnect 11 Mbps DSSS WLAN PC Card • Intel(R) PRO/Wireless 2011 LAN PC Card • AiroPeek runs under Windows 98, Windows ME, Windows NT 4.0 (service pack 3, or later), or Windows 2000 • To optimize AiroPeek's overall performance, a Pentium 166 MHz or faster processor with 64 MB RAM is recommended
Statistics There are two location for statistics
Report Examples… Utilization Packet Size Distribution Nodes Statistics
Summary Statistics • Overview of network traffic • Includes 802.11 specific analysis • Attacker analysis • Upper layer information
The Interpretation Of Statistics • Are the protocols seen what you expect? • Are the packet sizes consistent with the activity? • Is utilization at an acceptable level? • Are the ‘top talkers’ the right ones? Covered in WP101
Application Presentation Session Transport Network Data Link Physical Covered in WP100 Overview of Protocol Layers • 802.11 and/or Ethernet are responsible for the local movement of the frame • IP is responsible for the routed travel of the packet • TCP and UDP identify the upper layer protocol via a Port number. TCP ‘guarantees’ the delivery of the data • Application layers such as FTP, Telnet, and HTTP provide the functionality to the user’s program Troubleshoot from the bottom up
Configuring AiroPeek for WEP • WEP (Wired Equivalent Privacy) is a data encryption technique supported as an option in the 80211b WLAN Protocol • Because WEP encrypts all data above the 802.11b WLAN layers, it can prevent AiroPeek from decoding other network protocols • Options -> Tools -> 802.11
Covered in WP106a Setting the WEP Key Set
Getting Started Capturing… • Capture -> Start Capture • Click OK • Click on the Start Capture button
Covered in WP106 Packets View • Packets scroll past in real-time
Data Rate: Data rate (1, 2, 5.5, or 11 Mbits per second) at which the body of this packet was transmitted. Signal: The percent of maximum allowable transmission power detected in the receipt of this packet. BSSID: Displays the ID number of the access point or base station to whose traffic this packet belongs. WLAN-Specific Columns Channel: Channel on which the NIC is listening
Details, Details.. Double-click on a packet to see the detailed decode and hexadecimal view P D N T S P A Covered in WP103&4
Getting Started With Filters Post-Capture Filtering A Real-Time Capture Filter
Alarms and Log Window • Right click on a statistic to Make Alarm • View ->Alarms • Tools -> Notification to specify the action to take Alarms Log
iNetTools For example, Ping Scan… Covered in WP101
Obtaining iNetTools • The iNetTools are available as a separate demo download • Installing the iNetTools is a choice when running the AiroPeek Installation program
NetSense Overview • Open a file • File Summary • DLC (Data Link Control) Error Expert • Frame Size Chart • Protocol Chart • Problem Finder • Network Peer Map • Client/Server Expert • Other Possibilities: • ProAnalyst ToolBox • Response Time/Latency Analysis • Throughput Analysis Covered in WP104
Professional Services WP100: Foundations Of Network Protocol Analysis WP101 or WP101W: Network Troubleshooting Methods Using EtherPeek or AiroPeek WP103: TCP/IP Protocol Analysis Methods WP104: Advanced TCP/IP Protocol Analysis WP106: 802.11 Wireless Network Analysis Using AiroPeek and Coming Soon: WP105: AppleTalk and Mac OS/X Network Analysis AATech: Applied Analysis Technician PAS: Protocol Analysis Specialist NAX: Network Analysis Expert
Questions? ? ? ? ? ? ?