 |
 |
 |
 |
 |
 |
 |
| WLAN Analyzer and Protocol Decoder - CommView for WiFi |
|
| |
|
||||||||||
|
|
 |
In this chapter you can find answers to some of the most frequently asked questions. The latest FAQ is always available at http://www.tamos.com/products/commwifi/faq.php Q. I'm on a wireless network, and I want to monitor my own inbound and outbound packets. Which product do I need: the standard, non-wireless CommView edition, or CommView for WiFi? A. You need the standard, non-wireless CommView edition. It will allow you to monitor your own traffic, but you will not be able to see the traffic of other WLAN stations. Unlike the standard CommView edition, CommView for WiFi allows you to monitor other wireless stations, capture management frames, view signal strength, etc. Q. Do I need special hardware to use CommView for WiFi? A. Yes, you need a compatible wireless adapter. The list of compatible adapters can be found at http://www.tamos.com/products/commwifi/. In order to enable the monitoring features of your wireless adapter, you will need to use the special drivers that come with this product. When CommView for WiFi is not running, your adapter will be able to communicate with other wireless hosts or access points, just like when you are using the original driver supplied by the adapter manufacturer. When CommView for WiFi is running, your adapter will be put in passive, promiscuous monitoring mode. Q. My card is not on your list of supported hardware. What are my options? A. Our hardware compatibility list includes only those cards that we've tested ourselves in our test lab. There are other cards that may be compatible with CommView for WiFi. The best way to find out if your card is compatible is downloading our Adapter Test Utility and running it on your computer. If a compatible adapter is installed, the utility will display its name. Please note that:
Finally, you may want to buy a compatible card, as they are not terribly expensive these days, or order a boxed CommView for WiFi version that includes a compatible ExpressCard or CardBus adapter. Q. What adapter would you recommend for use with your application? A. If you already have an adapter that is on our hardware compatibility list, then there is probably no point in changing it. Some of them are a little better than others in terms of sensitivity and ability to discard malformed frames, but these distinctions are not critical. If you're going to purchase a new adapter, we would not recommend purchasing an 802.11b/g or a/b/g card, as 802.11n is becoming more and more popular. The best choice would be the D-Link DWA-645 CardBus adapter or D-Link DWA-643 ExpressCard adapter. Generally, CardBus and ExpressCard adapters show better performance than PCI or PCIe adapters. Q. Which supported adapters have external antenna connectors? A. CACE Technologies AirPcap (USB) and Ubiquiti Networks SRC (CardBus). We'll support newer Ubiquiti Networks adapters with external antennae in the nearest future. Q. I've installed the special driver for my adapter and now the adapter cannot connect to my wireless network after I close CommView for WiFi. What could be the problem? A. When you replace the driver for your adapter, the configuration settings (including preferred networks and passwords) may be lost, so you may have to re-configure the adapter. If your adapter has been configured and still can't connect, please disable and re-enable it in Device Manager, this will restore the connectivity. Q. Does the program support 802.11a Turbo mode? A. Yes, if your adapter supports it. Some of the adapters that support 802.11a Turbo mode are Linksys WPC55AG and NETGEAR WAG511. Q. Some of the channels in the scanner options window are grayed out. Is this normal? What if want to monitor these channels? A. Depending on your country, your wireless adapter may not support all the channels shown in that window. The channels that are available for use in a particular country differ according to the regulations of that country. In the United States, for example, FCC regulations only allow channels 1 to 11 to be used in the 802.11b/g/n band. The firmware of the wireless adapters being sold in the US is typically configured to disallow channels 12 and 13. This is not always convenient, as you may need to travel to other parts of the world and be able to monitor locally available channels with CommView for WiFi. You may want to purchase an adapter locally, but you can also use a utility that allows you to change the regulatory domain and country code for some adapters. Before downloading and using this utility, please note:
To download the utility, click here. For non-Atheros adapters, enabling channels 12 and 13 may be possible through some configuration changes. Contact us if you need assistance. Q. When monitoring a WLAN, can I be sure that the program will capture every packet being sent or received? A. No, and here is why. When a wireless station is connected and authenticated, the station and access point(s) employ a mechanism that allows them to resend the packets that were not received by the other party or damaged en route for some reason (e.g. radio interference). In case of CommView for WiFi, the wireless adapter is put into passive, monitoring mode. Therefore, the adapter cannot send "requests" to have packets resent, nor can it acknowledge successful receipt of packets. This results in loss of some packets. The percentage of lost packets may vary. Generally, the closer to other stations and access points you are, the fewer packets will be dropped. Q. Can the program decrypt WPA-encrypted packets? A. Yes, in WPA-PSK mode (both TKIP and AES (a.k.a. CCMP) are supported). CommView for WiFi is the first and so far the only wireless network analyzer to support WPA/WPA2 decryption. Other products can decrypt WEP only. Q. I'm on a WLAN with high traffic volume, and it's hard to examine individual packets when the application is receiving hundreds of thousands of packets per second, as the old packets are quickly removed from the circular buffer. Is there anything I can do about it? A. Yes, you can use the Open current buffer in new window button on the small toolbar on the Packets tab. This will allow you to make snapshots of the current buffer as many times as you wish, at any intervals. You will then be able to explore the packets in these new windows at your leisure. Q. I launched the program, selected the channel, started capturing, but no packets are displayed. Please help! A. First, switch to the Packets tab. The Latest IP Connections tab might be empty if you did not enter correct WEP keys, and your WLAN uses WEP encryption. If the Packets tab is empty too, look at the program's status bar. If the packet counter is being incremented, then you have active rules that prevent the program from displaying packets. Click Rules => Reset All, and then press three toolbar buttons: Capture Data Packets, Capture Management Packets, and Capture Control Packets. If the packet counter on the status bar is not being incremented, then there are probably no active wireless stations or access points available/detected. If you are absolutely certain that there are wireless stations or access points, report this problem to us. Q. Can CommView for WiFi read NCF log files generated by the standard, non-wireless CommView edition? How about vice versa? A. Yes, CommView for WiFi can read NCF log files generated by the standard, non-wireless CommView edition. The standard, non-wireless CommView edition can read NCF log files generated by CommView for WiFi, but (a) you need CommView 4.0 Build 321 or higher, and (b) you will not be able to see wireless-specific columns, such as signal strength or WEP key number. Q. Does CommView for WiFi run on multi-processor computers? A. Yes, it does. Q. It seems to be impossible to save more than 5,000 packets from the packet buffer. Is there a workaround? A. Actually, there is no such limitation. The application uses a circular buffer for storing captured packets. By default, the buffer can contain up to 5,000 latest packets, but this value can be adjusted in the Settings window. The maximum buffer size is 20,000 packets (the buffer cannot be unlimited for an obvious reason: your computer's RAM is not unlimited). You can save the contents of the buffer to a file using the Logging tab. However, by no means does this limit on the buffer size restrict your ability to save any number of packets. You simply need to enable automatic logging on the Logging tab. Such automatic logging will make the application dump all the captured packets to file(s) continuously, and you can set any limit on the total size of the captured data. Q. My firewall software warns me that CommView for WiFi is "attempting to access the Internet." I am aware that some sites are able to track users by collecting the information sent by their programs via Internet. Why does CommView "attempt to access the Internet"? A. Three activities may alert your firewall. First, it may be an attempt to resolve IP addresses to hostnames. Since CommView has to contact your DNS servers to make a DNS query, it inevitably triggers the alarm. You can disable this feature (Settings => Options => Disable DNS resolving), but in this case, the Latest IP Connections tab will not be able to show you the hostnames. Second, you may have configured the program to check if updates or new versions are available. To do this, CommView has to connect to www.tamos.com. You can disable this feature (Settings => Options => Misc. => Enable automatic application updates). Third, when you purchase the product, you need to activate it. If you select online activation, CommView has to connect to www.tamos.com. You can avoid this by selecting manual activation. These are the only types of connections CommView can potentially make. There are no other hidden activities. We don't sell spyware. Q. I'm often logged on as a user without administrative privileges. Do I have to log off and then re-logon as the administrator to be able to run CommView for WiFi? A. No, you can open CommView for WiFi folder, right-click on the CA.exe file while holding down the Shift key, and select "Run As" from the pop-up menu. Enter the administrative login and password in the window that pops up and click OK to run the program. Under Windows Vista, CommView for WiFi is automatically launched with elevated rights. Q. When reconstructing TCP sessions that contain HTML pages in Japanese or Chinese, I can't see the original text. A. To see text in East Asian languages, you should install East Asian fonts. Open Control Panel => Regional and Language Options, select the "Languages" tab, and check the "Install files for East Asian languages" box. Q. I'm confused about the license types available for CommView. Could you explain the difference between the license types? A. Two license types are currently available for CommView for WiFi: Standard license and VoIP license. The more expensive VoIP license enables all the application features, including VoIP analyzer, whereas the standard license doesn't enable VoIP analyzer. Additionally, the Standard License is also available as a One Year Subscription, which is a time-limited license valid for one year from the date of purchase only. CommView for WiFi can also be purchased as a boxed product. Boxed versions include a compatible wireless adapter, CD-ROM, and printed manual. The price includes UPS ground shipping. Please refer to the End User License Agreement that comes with the product for other licensing terms and conditions. Q. Can I save the audio from the VoIP analyzer to a standard .wav or .mp3 file? A. Not directly, but there are many utilities on the market that offer a "virtual audio cable" that allows saving anything that is played back through your sound card to a file. Try, for example, Xilisoft Sound Recorder (use the "What you hear" mode). Q. Could you point me to good online resources on wireless networks, their security and configuration? A. Below you will find a few good links. Some of them will be interesting for novice users, while others provide in-depth information for professionals: Wireless Ethernet LAN - General 802.11/802.11b FAQ http://www.intel.com/support/wireless/wlan/sb/CS-008409.htm Wi-Fi Planet Tutorials http://www.wi-fiplanet.com/tutorials/ IEEE Wireless Standards Zone http://standards.ieee.org/wireless/ WPA Wireless Security for Home Networks http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx Configuring Windows XP IEEE 802.11b Wireless Networks for the Home and Small Business http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifisoho.mspx The evolution of wireless security in 802.11 networks: WEP, WPA and 802.11 standards http://www.sans.org/rr/papers/68/1109.pdf SAFE: Wireless LAN Security in Depth http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safwl_wp.pdf |
