 |
 |
 |
 |
 |
 |
 |
| WLAN Analyzer and Protocol Decoder - CommView for WiFi |
|
| |
|
||||||||||
|
|
 |
In this chapter you can find answers to some of the most frequently asked questions. The latest FAQ is always available at http://www.tamos.com/products/commwifi/faq.php Q. I'm on a wireless network, and I want to monitor my own inbound and outbound packets. Which product do I need: the standard, non-wireless CommView edition, or CommView for WiFi? A. You need the standard, non-wireless CommView edition. It will allow you to monitor your own traffic, but you will not be able to see the traffic of other WLAN stations. Unlike the standard CommView edition, CommView for WiFi allow you to monitor other wireless stations. Q. Do I need special hardware to use CommView for WiFi? A. You need a compatible wireless adapter. The list of compatible adapters can be found at http://www.tamos.com/products/commwifi/. You must install a special driver for your adapter. This driver comes with CommView for WiFi. Once this driver has been installed, your adapter will be put in passive, monitoring mode and will no longer be able to communicate with other wireless hosts or access points. To restore the standard functions of your adapter, you would need to roll back/return to the original adapter's driver supplied by the vendor. However, this is not always the case, and depending on the adapter model and operating system, you may be able to use the driver in dual mode (passive mode when CommView for WiFi is running and active mode when CommView is not running). Please refer to the technical notes to find out if dual mode is possible in your case. If it is not possible, and you would like to preserve your wireless connectivity while using this product, consider installing two wireless adapters, one of which would be used for monitoring, while the other would perform standard network functions. Note that if you decide to use two adapters as suggested above, and one of your adapters is based on the Atheros chipset, it's highly recommended that the second adapter be based on a different chipset, because if you use two Atheros-based adapters, one of them will not be operational. Another consideration is related to the dimensions of your adapters: If you are using a notebook and would like to use two adapters, and your notebook doesn't have a built-in wireless adapter, you would need to use both of your notebook's CardBus slots. This might be difficult, because a typical wireless card is too thick, and two cards may not fit. If you'd like to avoid this problem, consider using a Proxim ORiNOCO 802.11ag ComboCard. These cards have a slim case, and if you insert this card into the lower slot, it will allow you to insert any card into the upper slot. Q. I've installed the special driver for my adapter and now the adapter appears disabled and I cannot connect to my wireless network even when CommView for WiFi is not launched. What could be the problem? A. Once again, please refer to the technical notes. Dual mode (passive mode when CommView for WiFi is running and active mode when CommView for WiFi is not running) is not always possible. Dual mode (passive mode when CommView for WiFi is running and active mode when CommView for WiFi is not running) is not always possible. Dual mode requires Windows XP or Windows Vista and a non-Intel 802.11b/g, 802.11a/b/g, or 802.11b/g/n adapter. If you're not running Windows XP or Windows Vista or if you're using an Intel adapter or an old 802.11b adapter, your adapter can be used for monitoring only. It will appear as disabled to the operating system, and you will not be able to connect to wireless networks. However, you can always roll back the original driver or, better yet, use the adapter that supports dual mode. Q. My card is not on your list of supported hardware. What are my options? A. Firstly, the information on the types of adapters that we will not support:
Secondly, our hardware compatibility list includes only those cards that we've tested ourselves in our test lab. There are several hardware vendors that use Atheros chipsets (we currently primarily support this chipset). Naturally, we cannot test all of these cards. If your 802.11b/g, 802.11a/b/g, or 802.11b/g/n CardBus, ExpressCard, or PCI card is based on the Atheros chipset, there is a good chance that your card will work with the existing driver. Download our Adapter Test Utility and run it on your computer. If a compatible adapter is installed, the utility will display its name. Note that a compatible adapter may show up under the generic name, "Atheros Wireless Network Adapter". This is normal. If a compatible adapter has been detected, you can install CommView for WiFi. Please let us know if you have successfully tested CommView for WiFi with an adapter that is not officially supported by us. If your card is NOT based on the Atheros chipset, you may want to wait until we support other chipsets, however we cannot give any guarantees or time estimates. Finally, you may want to buy a compatible card, as they are not terribly expensive these days. Q. What adapter would you recommend for use with your application? A. If you already have an adapter that is on our hardware compatibility list, then there is probably no point in changing it. Some of them are a little better than others in terms of sensitivity and ability to discard malformed frames, but these distinctions are not critical. If you're going to purchase a new adapter, we would not recommend purchasing a 802.11b card, as the 802.11g and 802.11a standards are becoming more and more popular. The best choice would be a dual-band, tri-mode CardBus adapter, such as D-Link AirPremier DWL-AG660, NETGEAR WG511U, or Proxim ORiNOCO ComboCard 8480. If you're looking for 802.11n support, consider D-Link DWA-645 CardBus adapter or D-Link DWA-643 ExpressCard adapter. Generally, CardBus and ExpressCard adapters show better performance than PCI adapters. Q. Which supported adapters have external antenna connectors? A. To the best of our knowledge, the only supported adapter that has a connector is Proxim ORiNOCO 802.11b/g ComboCard Gold 8470. We are not aware of any a/b/g cards with connectors. Q. I'm trying to install the CommView for WiFi driver for my adapter, but the installation window displays the following error message: "The name is already in use as either a service name or a service display name." Can you help me? A. Yes. This message may appear when you're trying to install the CommView for WiFi driver for more than one adapter, or when you replaced the old adapter with a new one (e.g. you had a 802.11b card, and now you want to use CommView for WiFi with your new 802.11g card). You need to make sure that the driver is used for one card only. The next answer will tell you how. Q. I've been using my adapter with CommView for WiFi for some time, but now I've purchased a new adapter and want to replace the old one. How do I do that? A. You need to make sure that the driver is used for one card only. Please follow these steps:
You can now go ahead with the CommView for WiFi driver installation, as per the Driver Installation Guide. Q. Does the program support 802.11a Turbo mode? A. Yes, if your adapter supports it. Some of the adapters that support 802.11a Turbo mode are Linksys WPC55AG and NETGEAR WAG511. Q. Some of the channels in the scanner options window are grayed out. Is this normal? What if want to monitor these channels? A. Depending on your country, your wireless adapter may not support all the channels shown in that window. The channels that are available for use in a particular country differ according to the regulations of that country. In the United States, for example, FCC regulations only allow channels 1 to 11 to be used in the 802.11b/g/n band. The firmware of the wireless adapters being sold in the US is typically configured to disallow channels 12 and 13. This is not always convenient, as you may need to travel to other parts of the world and be able to monitor locally available channels with CommView for WiFi. You may want to purchase an adapter locally, but you can also use a utility that allows you to change the regulatory domain and country code for some adapters. Before downloading and using this utility, please note:
To download the utility, click here. Q. When monitoring a WLAN, can I be sure that the program will capture every packet being sent or received? A. No, and here is why. When a wireless station is connected and authenticated, the station and access point(s) employ a mechanism that allows them to resend the packets that were not received by the other party or damaged en route for some reason (e.g. radio interference). In case of CommView for WiFi, the wireless adapter is put into passive, monitoring mode. Therefore, the adapter cannot send "requests" to have packets resent, nor can it acknowledge successful receipt of packets. This results in loss of some packets. The percentage of lost packets may vary. Generally, the closer to other stations and access points you are, the fewer packets will be dropped. Q. Can the program decrypt WPA-encrypted packets? A. Yes, in WPA-PSK mode (both TKIP and AES (a.k.a. CCMP) are supported). CommView for WiFi is the first and so far the only wireless network analyzer to support WPA/WPA2 decryption. Other products can decrypt WEP only. Q. I'm on a WLAN with high traffic volume, and it's hard to examine individual packets when the application is receiving hundreds of thousands of packets per second, as the old packets are quickly removed from the circular buffer. Is there anything I can do about it? A. Yes, you can use the Open current buffer in new window button on the small toolbar on the Packets tab. This will allow you to make snapshots of the current buffer as many times as you wish, at any intervals. You will then be able to explore the packets in these new windows at your leisure. Q. I launched the program, selected the channel, started capturing, but no packets are displayed. Help!!! A. First, switch to the Packets tab. The IP Statistics tab might be empty if you did not enter correct WEP keys, and your WLAN uses WEP encryption. If the Packets tab is empty too, look at the program's status bar. If the packet counter is being incremented, then you have active rules that prevent the program from displaying packets. Click Rules => Reset All, and then press three toolbar buttons: Capture Data Packets, Capture Management Packets, and Capture Control Packets. If the packet counter on the status bar is not being incremented, then there are probably no active wireless stations or access points available/detected. If you are absolutely certain that there are wireless stations or access points, report this problem to us. Q. Can CommView for WiFi read NCF log files generated by the standard, non-wireless CommView edition? How about vice versa? A. Yes, CommView for WiFi can read NCF log files generated by the standard, non-wireless CommView edition. The standard, non-wireless CommView edition can read NCF log files generated by CommView for WiFi, but (a) you need CommView 4.0 Build 321 or higher, and (b) you will not be able to see wireless-specific columns, such as signal strength or WEP key number. Q. Does CommView for WiFi run on multi-processor computers? A. Yes, it does. Q. It seems to be impossible to save more than 5,000 packets from the packet buffer. Is there a workaround? A. Actually, there is no such limitation. The application uses a circular buffer for storing captured packets. By default, the buffer can contain up to 5,000 latest packets, but this value can be adjusted in the Settings window. The maximum buffer size is 20,000 packets (the buffer cannot be unlimited for an obvious reason: your computer's RAM is not unlimited). You can save the contents of the buffer to a file using the Logging tab. However, by no means does this limit on the buffer size restrict your ability to save any number of packets. You simply need to enable automatic logging on the Logging tab. Such automatic logging will make the application dump all the captured packets to file(s) continuously, and you can set any limit on the total size of the captured data. Q. My firewall software warns me that CommView for WiFi is "attempting to access the Internet." I am aware that some sites are able to track users by collecting the information sent by their programs via Internet. Why does CommView "attempt to access the Internet"? A. Three activities may alert your firewall. First, it may be an attempt to resolve IP addresses to hostnames. Since CommView has to contact your DNS servers to make a DNS query, it inevitably triggers the alarm. You can disable this feature (Settings => Options => Disable DNS resolving), but in this case, the Latest IP Connections tab will not be able to show you the hostnames. Second, you may have configured the program to check if updates or new versions are available. To do this, CommView has to connect to www.tamos.com. You can disable this feature (Settings => Options => Misc. => Enable automatic application updates). Third, when you purchase the product, you need to activate it. If you select online activation, CommView has to connect to www.tamos.com. You can avoid this by selecting manual activation. These are the only types of connections CommView can potentially make. There are no other hidden activities. We don't sell spyware. Q. I'm often logged on as a user without administrative privileges. Do I have to log off and then re-logon as the administrator to be able to run CommView for WiFi? A. No, you can open CommView for WiFi folder, right-click on the CA.exe file while holding down the Shift key, and select "Run As" from the pop-up menu. Enter the administrative login and password in the window that pops up and click OK to run the program. Under Windows Vista, CommView for WiFi is automatically launched with elevated rights. Q. When reconstructing TCP sessions that contain HTML pages in Japanese or Chinese, I can't see the original text. A. To see text in East Asian languages, you should install East Asian fonts. Open Control Panel => Regional and Language Options, select the "Languages" tab, and check the "Install files for East Asian languages" box. Q. I'm confused about the license types available for CommView. Could you explain the difference between the license types? A. Two license types are currently available for CommView for WiFi: Standard license and VoIP license. The more expensive VoIP license enables all the application features, including VoIP analyzer, whereas the standard license doesn't enable VoIP analyzer. Additionally, the Standard License is also available as a One Year Subscription, which is a time-limited license valid for one year from the date of purchase only. CommView for WiFi can also be purchased as a boxed product. Boxed versions include a compatible wireless adapter, CD-ROM, and printed manual. The price includes UPS ground shipping. Please refer to the End User License Agreement that comes with the product for other licensing terms and conditions. Q. Could you point me to good online resources on wireless networks, their security and configuration? A. Below you will find a few good links. Some of them will be interesting for novice users, while others provide in-depth information for professionals: Wireless Ethernet LAN - General 802.11/802.11b FAQ http://www.intel.com/support/wireless/wlan/sb/CS-008409.htm Wi-Fi Planet Tutorials http://www.wi-fiplanet.com/tutorials/ IEEE Wireless Standards Zone http://standards.ieee.org/wireless/ WPA Wireless Security for Home Networks http://www.microsoft.com/windowsxp/using/networking/expert/bowman_03july28.mspx Configuring Windows XP IEEE 802.11b Wireless Networks for the Home and Small Business http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/wifisoho.mspx The evolution of wireless security in 802.11 networks: WEP, WPA and 802.11 standards http://www.sans.org/rr/papers/68/1109.pdf SAFE: Wireless LAN Security in Depth http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safwl_wp.pdf |
