Wireless Field Day 3 - WildPacketsBy CWNP On 09/12/2012 - 21 Comments
The WildPackets staff began the presentation with a very brief overview of their history. This introduction provided an overview of the company and insights into their organizational culture. Then we quickly moved onto the good stuff - announcements and technical information.
The company has been providing wireless analysis software since 2001. Their products are used in the Wi-Fi Alliance and Certified test Labs (CTLs). We have used their products as well as AirMagnet, TamoSoft and WireShark among others in our training programs and learning materials.
They provided the delegates with a USB flash drive containing evaluation software, presentation slides and company information. And it was an 8 GB flash drive, not one of these wimpy 1 giggers you often get. Thank you WildPackets ;-)
They demonstrated the pre-release of OmniPeek version 7, which is scheduled for release in the next 30 days so that we could see what's coming. The setup consisted of three 802.11n devices connected through a hub for full-time multiple channel capture. One of the key features promised in the next version is interpretation of 802.11ac standard devices (or at least draft at this point).
The question was asked, by @wirelessguru, "I use four adapters, what is the maximum you support." The answer focused on data rather than number of units indicating that 700-800 Mbps could be handled easily on a typical laptop. All 11 channels in 2.4 GHz, for example, could be scanned concurrently with a dedicated USB device with packet processing for 802.11b/g; however, with 2 and 3 stream 802.11n, fully utilized, problems may be encountered when scanning all channels due to the total data rate.
Vo-WiFi was stressed as one of their strong points. Views exist dedicated to voice and video. The call view shows a ladder diagram of the call to reveal the SIP initiation through to the actual call and possible problem points in the call. As a side note, a version of OmniPeek Enterprise is available that does not offer voice playback, if you require this for compliance with privacy policies.
It was revealed that OmniPeek detects roaming, through an extension that can be modified, by looking for data. Data on one AP and then on another shows roaming. For this reason, roaming may appear longer in the OmniPeek roaming log than the numbers "required" by VoIP vendors for example.
Distributed AP adapters are available for Aruba, Meru, Xirrus and Cisco. This allows the APs to send back packet captures to the central analysis device. When capturing with a distributed system, it is important to remember that the Ethernet side will be impacted by the analysis.
I will be receiving an copy of OmniPeek 7 as soon as it is released. At that point, I will capture some 802.11ac activity (assuming I can get my hands on a compatible USB client in a reasonable timeframe) so that we can analyze the frames and see what the new draft is looking like so far.
WildPackets recommends Atheros-based adapters because they have the ability to quickly resolve driver bugs for those. However, they do also support most Ralink chipsets. At this time, Intel and Broadcom chips are not supported because the APIs are not available to put them in promiscuous mode.
Tagged with: tom carpenter, WFD3, wildpackets, protocol analysis
Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.