Home
Contents

WLAN Analyzer and Decoder - CommView for WiFi
Prev Page Next Page
 
Introduction
About CommView for WiFi
What's New
Using the Program
Driver Installation
Overview
Main Menu
Nodes
AP and Station Details Window
Channels
Latest IP Connections
Packets
Logging
Viewing Logs
Rules
Advanced Rules
Alarms
WEP/WPA Keys
Reconstructing TCP Sessions
Reconstructing UDP Streams
Searching Packets
Statistics and Reports
Using Aliases
Packet Generator
Visual Packet Builder
NIC Vendor Identifier
Scheduler
Node Reassociation
Using Remote Agent for WiFi
Using RPCAP
Using Aruba Remote Capture
Port Reference
Setting Options
Frequently Asked Questions
VoIP Analysis
Introduction
Working with VoIP Analyzer
SIP and H.323 Sessions
RTP Streams
Registrations, Endpoints, and Errors
Call Logging and Reports
Call Playback
Viewing VoIP Logs
Working with Lists in VoIP Analyzer
NVF Files
Advanced Topics
Monitoring 802.11n, 802.11ac, and 802.11ax Networks
Understanding CRC and ICV Errors
Understanding WPA Decryption
Understanding Signal Strength
Capturing A-MPDU and A-MSDU Packets
Using CommView for WiFi in a Virtual Machine
Multi-Channel Capturing
Spectrum Analysis
Capturing High Volume Traffic
Running CommView for WiFi in Invisible Mode
Command Line Parameters
Exchanging Data with Your Application
Custom Decoding
CommView Log Files Format
Information
How to Purchase CommView for WiFi

Nodes

This is the main application tab that is used for controlling packet capture, displaying detailed information on access points and associated stations, channel utilization statistics, and graphical representation of the wireless spectrum.

nodes

This window consists of several resizable panes that are overviewed below.

Capture and Channel Indicator Panes

This Capture pane allows you to choose between the two capturing modes: Single channel mode or Scanner mode. If you select the Single channel mode, the application captures packets on a single channel (or several channels, if you use several supported USB cards; more information is given below) that you can select from the drop-down list. If you select the Scanner mode, the application will sweep through the channels in a loop, i.e. it will capture on the first channel, switch to the next channel thereafter, and so forth, until it reaches the last channel, after which a new scanning cycle will begin. To configure the set of channels to be scanned, click Configure and use the check boxes to select or unselect specific channels. Depending on the country and regulatory domain set in your adapter, the list of supported channels may vary. This is discussed in the FAQ chapter in detail. To configure the time the application spends on each channel, use the Seconds per channel edit box.

You can also see two other options at the bottom of this pane that control packet capture. The Sec. channel below in 40 MHz mode check box determines the position of the secondary channel when channel bonding is used in the 2.4 GHz band. By default, the secondary channel in 40 MHz 802.11 networks has a higher frequency than the primary channel. If you are capturing packets in a network environment that has a lower frequency secondary channel, check this box. Checking this box has no effect if the secondary channel cannot be positioned below the primary one, which is the case when, for example, you are capturing on 2.4 GHz channel 1, 2, 3, or 4. This option is available only if your adapter supports capturing on 40 MHz channels. The Active node discovery box makes the application send PROBE REQUEST packets periodically. Such packets facilitate the discovery of those APs that do not broadcast their SSID. This option is available only if your adapter supports packet generation.

Once you have configured the capture options, click the Start Capture button on the tool bar. If you want to switch to a new channel while you are in the Single channel mode or switch to the Scanner mode, you can do so without stopping capturing. The Channel Indicator pane displays the current channel and frequency while the application is capturing packets.

Using Multiple Adapters for Multi-Channel Capturing

If you need to capture packets on multiple channels simultaneously, you can do so by using multiple USB adapters. In this mode, the channel selection drop-down list becomes a multi-select control that allows you to select several channels by holding down the Ctrl key. The Channel Indicator pane will then display several channel/frequency indicators. Note that using multiple adapters is supported only for a limited set of adapter models. Please refer to the Multi-channel Capturing  chapter for the detailed information.

Node List

Once you have started capturing, the program begins to populate the node list with detected wireless nodes. The packet analysis mechanism used in the program lists all the access points found on the given channel(s) and stations in ad hoc mode, as well as associated stations in infrastructure mode. It is important to understand that the radio used in a wireless adapter can receive data on only one channel at a time. Therefore, when you have selected a certain channel for monitoring, this table will contain data on the APs and stations transmitting data on the selected channel only. You can, however, select a different channel without resetting data in the table or select the Scanner mode to make the application sweep through the channels so that you can see active nodes on different channels.

The meaning of the table columns is explained below:

SSID/Band/Channel – Depending on the grouping method that you selected (accessible via the Group by context menu), the first column lists wireless nodes grouped by SSID, 802.11 standard, or channel. Each wireless node is represented by its MAC addresses or alias. The stations associated to APs are shown as "child" items linked to the "parent" item representing the AP.

Channel – the channel the given AP works on. If the AP uses channel bonding (40, 80, or 160 MHz channels), the primary channel is listed first, followed by information on the additional channels in parentheses.

Type – node type. Possible values are AP (for access points), STA (for stations in infrastructure mode) and AD HOC (for stations in ad hoc mode).

SSID – Service Set Identifier; a unique string that differentiates one WLAN from another.

Standard – 802.11 standard of the AP. Possible values are 802.11a, 802.11b, 802.11g, 802.11n, 802.11an, and 802.11ac.

Encryption – shows whether the node is using WEP or WPA encryption. For access points, this column shows available encryption methods being "advertised" by the access point.

Signal – signal level in the min/average/max format. The average value is calculated since the data in this table was last reset. Please refer to the Understanding Signal Strength chapter for more information.

Max Rate – the maximum PHY data rate the AP can provide.

Streams – the number of spatial streams supported by the AP.

Rate (Tx and Rx) – data transfer rate in the min/average/max format. The average value is calculated since the data in this table was last reset.

Bytes (Tx and Rx) – the number of bytes sent and received by the node.

Packets (Tx and Rx) – the number of packets sent and received by the node.

Retry (Tx and Rx) – the number of packets where the Retry flag was set.

You can show or hide individual columns by right-clicking on list header or using the View => Nodes Columns menu. The column order can be changed by dragging the column header to a new location. Right-clicking on the node list brings up a menu with the following commands:

Details – displays an AP and Station Details window.

Quick Filter – finds the packets sent to/from the selected node, as well as the packets where the MAC address of the selected node equals the BSSID address, and displays them in a new window.

Copy MAC Address – copies the selected node MAC address to the clipboard.

Details – displays an window.

Copy MAC Address – copies the local IP address, the remote IP address, or the hostname to the clipboard.

Create Alias – displays a window where you can assign an easy-to-remember alias to the selected MAC address.

Save Nodes As – allows you to save the contents of the Nodes tab as an HTML report.

Clear Nodes – clears the table.

More Statistics – shows a window with data transfer and protocol distribution statistics.

Group by – groups the list by SSID, channel, or band.

Utilization and Signal Level Panes

Located on the left side of the Nodes tab, these panes display per-channel utilization charts (two separate charts for 2.4 GHz and 5 GHz channels) and per-channel signal level charts (again, two separate charts for 2.4 GHz and 5 GHz channels). In addition to the current levels, these charts also display historic high levels, which are illustrated in a pale color.

Channels and Spectrum Pane

Located at the bottom of the Nodes tab, this pane has dual functionality:

·It provides a graphical representation of the active APs, where each AP is shown using a line that approximates its spectrum mask. The mask width depends on the channel width supported by the AP and the mask height depends on the current signal strength.

·It can display spectrum data if you plug in a USB-based spectrum analyzer, Wi-Spy by MetaGeek. A spectrum analyzer listens to and analyzes the frequency bands utilized by Wi-Fi devices. Because these bands are unlicensed, they are often shared with non-Wi-Fi sources of RF signals, such as wireless video cameras, microwave ovens, or cordless phones, which cause interference. The purpose of spectrum analysis is to detect and identify such sources of interference, eliminate them, and/or identify the WLAN channels with minimal interference. For more information, please refer to the Spectrum Analysis chapter.