Wireless Network Analyzer's Overview - Part 2 (Guest Blog)
By Ernesto Fernandez On 07/26/2022
Wireless Network Analyzer Location
One very important point when performing wireless network analysis is the placement of the wireless network analyzer, there are many different situations that would cause you to place the analyzer in different locations throughout the wireless environment.
Capturing close to the access point
If you are trying to analyze a situation where it would be necessary to see the traffic from all devices and from the AP as well, you will need to place the wireless network analyzer near the AP. Keep in mind, however, that all traffic seen at the AP level will only be traffic that can be heard and demodulated properly by that AP.
Capturing close to the device
If you are trying to analyze a situation with one device, you may want to place the wireless network analyzer near that device. Keep in mind, also, that traffic captured at the device level will include 2-way traffic (transmission and reception from and to the device).
Capturing in different locations
If you are trying to analyze a broader situation, you would want to place the wireless network analyzer throughout the environment, in different locations, to be able to capture from different sources and determine the signals that may be introducing problems or conflicts in those areas.
Wired Analysis for a Wireless issue
There will be times when you will need to perform a wired analysis to determine the cause of the problem. It is important to understand the traffic flow on a wired network to know where to capture traffic on the wired network.
Packet Capture Configuration for Wireless Network Analyzers
When setting up a packet capture, for the most part with different vendor wireless network Analyzers, you will have similar options available. The following terminology is exact to OmniPeek, but the reflected capabilities exist in most other software as well.
Capture title – It is recommended to use as much detail as possible in the title of your capture for reference purposes, i.e., where, when, why, etc.
Continuous capture – This option will recycle the capture buffer, the buffer will become a first in first out buffer, in other words the buffer will continue capturing and will remove the oldest captured frames from the buffer as needed. Without "Save to Disk", most tools will maintain statistics, but you will be unable to analyze the actual frames once removed from the buffer.
Save to disk – This option will give you the ability to save your capture to your hard drive. Keep in mind you will need to make sure you have enough space. In conjunction with continuous capture, this allows analysis of all frames captured from the start of the capture.
Packet Slicing – This option gives you the ability to ignore the capturing of data within frames, also this would save you space on your hard drive, also it ensures confidentiality. it is recommended to limit each packet size to 500 bytes due to the size of beacon frames in most cases. Warning: Avoid cutting off header information, checksums may become invalid.
Capture buffer size – This option gives you the ability to increase or decrease the size of the buffer based on your available memory in the capture system. Most software defaults to some value at or around 100 megabytes, but with modern systems often having 16 GB RAM or more, this can safely be increase in many use cases.
Adaptor/Capture Device Selection
Access point capture – This option gives you the ability to do a packet capture from an access point that supports this feature.
Aggregator/ Roaming – This option gives you the ability to add multiple supported adaptors to be able to capture on multiple channels, then this gets aggregated together based on times to form a big capture view.
Single supported adaptor – This is your most common option; you would be able to do packet capture with a single network adaptor. You want to make sure you have the appropriate drivers for this adaptor.
Channel Configuration
Fixed Channel – This option allows you to select one channel in which you would like to do a packet capture. Some wireless network Analyzers will let you capture on 40 MHz, 80 MHz, and 160 MHz channels. You will pick the channel base on the 20 MHz primary channel.
Channel Scan – This option will give you the ability to select all channels on either 2.4 GHz and/or 5 GHz. You can also select the channels you are looking to scan only. With this option you can also select the time to dwell on a channel. Keep in mind, the longer you scan on a particular channel, the more data you will be able to collect from that specific channel, in the other hand, it is only capable to scan one channel at a time, in other words, the longer you scan in one channel the more you will miss from other channels.
Reference table:
Material by – CWAP (Certified Wireless Analysis Professional) Study and reference guide, CWAP-403 1st edition by Certitrek publications.
Illustrations by – Wireless Analysis and Troubleshooting CWAP bootcamp v1.1, MarQuest networking support by Peter Mackenzie
Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.