Home
Contents

WLAN Analyzer and Decoder - CommView for WiFi

Prev Page Next Page
 
Introduction
About CommView for WiFi
What's New
Using the Program
Driver Installation
Overview
Main Menu
Nodes
AP and Station Details Window
Channels
Latest IP Connections
Packets
Logging
Viewing Logs
Rules
Advanced Rules
Alarms
WEP/WPA Keys
Reconstructing TCP Sessions
Reconstructing UDP Streams
Searching Packets
Statistics and Reports
Using Aliases
Packet Generator
Visual Packet Builder
NIC Vendor Identifier
Scheduler
Node Reassociation
Using Remote Agent for WiFi
Using RPCAP
Using Aruba Remote Capture
Port Reference
Setting Options
Frequently Asked Questions
VoIP Analysis
Introduction
Working with VoIP Analyzer
SIP and H.323 Sessions
RTP Streams
Registrations, Endpoints, and Errors
Call Logging and Reports
Call Playback
Viewing VoIP Logs
Working with Lists in VoIP Analyzer
NVF Files
Advanced Topics
Monitoring 802.11n and 802.11ac Networks
Understanding CRC and ICV Errors
Understanding WPA Decryption
Understanding Signal Strength
Capturing A-MPDU and A-MSDU Packets
Using CommView for WiFi in a Virtual Machine
Multi-Channel Capturing
Spectrum Analysis
Capturing High Volume Traffic
Running CommView for WiFi in Invisible Mode
Command Line Parameters
Exchanging Data with Your Application
Custom Decoding
CommView Log Files Format
Information
How to Purchase CommView for WiFi

Using Remote Agent for WiFi

CommView Remote Agent for WiFi is a companion product that can be used for monitoring network traffic remotely. All you have to do is to install Remote Agent for WiFi on the target computer, and then use CommView for WiFi to connect to Remote Agent. Once you are connected and authenticated, you can start monitoring as if you were there.

Important: This chapter describes how to use CommView for WiFi to connect to Remote Agent and capture traffic remotely. For detailed information on Remote Agent installation and configuration, please refer to the help file that comes with Remote Agent. It is highly recommended that you carefully read the Remote Agent documentation prior to using it. CommView Remote Agent for WiFi can be downloaded from our Web site.

To switch to remote monitoring mode, click File => Remote Monitoring Mode. An additional toolbar will appear in the CommView for WiFi main window next to the main toolbar. If you are behind a firewall or proxy server, or using a non-standard Remote Agent port, you may need to click on the Advanced Network Settings button to change the port number and/or enter SOCKS5 proxy server settings. The Advanced Network Settings dialog also allows you to define whether Remote Agent will apply the filtering rules locally, or send all the captured traffic to CommView for WiFi; this will be discussed in detail later in this chapter.

ra1

Click on the New Remote Agent Connection button to establish a new connection, or click on the Load Remote Agent Profile toolbar button to load a previously saved Remote Agent connection profile. A previously saved profile may also be loaded from the New Remote Agent Connection window.

A Remote Agent Connection window will appear. Enter the IP address of the computer running CommView Remote Agent for WiFi into the IP address input area, enter the connection password and click on the Connect button. If the password is correct, a connection will be established. You will then see the Link Ready message in the status bar and the channel selection box will list the channels supported by the wireless adapter installed on the remote computer. In addition to the channel list, a special Scanner Mode item will be added as the first item on the list.

If you select Scanner Mode, the remote wireless adapter will cycle through the available channels, capturing data from each of them for several seconds. The small button located on the right side of the window, just above the channel selection box, allows you to adjust the scanner settings. Click on this button to select the channels to be monitored in Scanner Mode and set the interval, i.e. the number of seconds per channel.

ra2

Now is the best time to configure the capturing rules using the Rules tab in the CommView for WiFi main window. You can also apply a custom set of capturing rules to this connection and override the current rules defined in CommView by checking the Override current rule set box, clicking on the Edit Formula button and entering the rules formula in the field below. The formula syntax is the same as the one used in Advanced Rules. Once you are ready to start monitoring, select the channel from the list and click the Start Capture toolbar button. CommView for WiFi allows you to save the Remote Agent Connection settings as a connection profile for quick and easy access in the future. Click on the Save Remote Agent profile toolbar button in the New Remote Agent Connection window and enter a name for the file.

ra3

CommView for WiFi will start to capture the remote adapter's traffic as if it is your local network traffic; there is virtually no difference between using CommView for WiFi locally or remotely. When you are done with remote monitoring, just click on the Stop Capture toolbar button. You can then change the channel or disconnect from Remote Agent by clicking the Disconnect toolbar button. To return to the standard mode, click File => Remote Monitoring Mode, and the additional toolbar will disappear.

Please note that CommView for WiFi can work with multiple Remote Agents simultaneously. You can open several remote connections, each having its own settings and an independent set of rules and collect the traffic from remote WLANs in one CommView for WiFi instance.

How to Use CommView Remote Agent for WiFi Efficiently

The key to efficient Remote Agent usage is ensuring that enough bandwidth is available to transfer the data collected by Remote Agent to CommView for WiFi. As mentioned before, Remote Agent should be installed on a computer that has a compatible wireless adapter (to be used for monitoring) and Ethernet adapter (to be used for the connection between Remote Agent and CommView for WiFi).

By default, Remote Agent sends all the collected packets back to CommView for WiFi, regardless of the capturing rules that may be configured in CommView for WiFi. This is done for providing correct statistical data and decryption, as well as the means for correct identification of wireless nodes. Since a fully loaded WiFi network has a bandwidth of 54 Mbit/s (or even 108 Mbit/s with some proprietary hardware), it's important that the wired link between Remote Agent and CommView for WiFi be capable of handling this bandwidth. In a modern office environment, where Gigabit networks are common, a single Gigabit adapter can easily receive data from a dozen Remote Agents.

There are situations where a fast connection is problematic. For example, a high bandwidth connection may not be available if you are monitoring a remote WLAN over the Internet. Even a T3 connection (4.5 Mbit/s) is insufficient to transfer all packets from a moderately loaded WLAN. In such situations, you can change the default setting and make Remote Agent filter the packets before they are transferred to CommView for WiFi. The Advanced Network Settings button on the additional remote monitoring toolbar in the main CommView for WiFi window allows you to enable the Minimize bandwidth option. When this option is enabled, the current CommView for WiFi rule set is periodically sent to Remote Agent. This rule set is then applied locally, so that only those packets that pass the rules are sent back to CommView for WiFi. In this mode, the Nodes may not display any nodes, and the Channels tab will not show full per-channel statistics, so use this mode only when you have limited bandwidth, but still need access to the packets from a remote WLAN.

For the same bandwidth reasons, it is highly recommended to NOT use a wireless connection for exchanging data between Remote Agent and CommView for WiFi. It is also a bad idea because the monitoring wireless adapter would pick up the packets sent by the wireless adapter being used for communicating with CommView for WiFi if they operate on the same or close channels. This will simply cause the snowball effect.

If CommView Remote Agent for WiFi captures more data than it can send to CommView for WiFi, it uses an internal buffer to store the packets that cannot be sent immediately. The buffer size is 5 Mbytes. The Buffer utilization indicator in the Remote Agent window shows the current status of the buffer. For example, if the program has buffered 2.5 Mbytes of data, the buffer utilization is 50%. If/when the buffer utilization reaches 100%, the program stops buffering data and discards captured packets until some buffer space is free.

Security

CommView Remote Agent for WiFi was made with security in mind. It can be accessed only by using a password that is never transmitted in plain text and that is ensured by using a challenge-response protocol with a secure hash function. If the authentication is successful, all transmitted traffic is compressed and then encrypted with the same password. Please take precautions to keep your password secret. Once it is revealed to an unauthorized person, that person will have broad capabilities to study your network and intercept network traffic on the remote computer.