Laura Chappell shows you how to improve your wireless networking behavior and performance monitoring reports with Pilot, a graphing tool that will significantly reduce your traffic analysis time and allow you to get right to troubleshooting problems.
The users are complaining about the wireless network -- again! They continually lose their connections through the day, and file download speeds are painfully slow.
In March of this year, CACE Technologies released Pilot. If you aren't familiar with CACE Technologies, these are the folks who released the AirPcap adapters for capturing wireless traffic on Windows systems using Wireshark (formerly Ethereal). The creators of Wireshark and WinPcap, Gerald Combs and Loris Degioanni, both work at CACE Technologies -- an amazing team!
Pilot is a graphing and reporting tool that integrates with Wireshark. Add a few AirPcap adapters, as shown in Figure 1, and you're ready to examine your wireless traffic and create reports on performance issues in a matter of minutes.
I've spent hundreds of hours writing network reports using screenshots and external graphing programs to build the visually clear picture of what went wrong on hundreds of networks. With Pilot, my analysis and reporting times are reduced to a fraction of their previous values.
Figure 1 depicts Pilot's view of Access Points (APs) and Stations seen at the location of my Pilot/AirPcap adapter system.
Figure 1: Pilot discovers and plots the APs and Stations in table, pie-chart, and bar-chart format. This is an ideal place to start when troubleshooting wireless network issues.
Here's a quick list of how I typically apply views in Pilot when someone complains of wireless network performance problems:
- Launch the 802.11 > Discovery -- APs and Stations view (make sure one of the AirPcap adapters is scanning all the channels) -- be patient and let it watch all the channels for a few minutes.
- Expand the Overview table and locate the complaining host based on its MAC address. Right-click on the complaining host system's entry and select Drill Down > 802.11 > Top RF. These values are based on the values at the AirPcap adapter, so be close to the complaining host when evaluating 802.11 performance. A low signal level or high noise level might cause 802.11 retransmissions.
- Now launch the 802.11 > Retransmissions to compare retransmissions to all other traffic and look for the Retransmissions by Channel and Retransmissions by AP.
- If all looks good on the 802.11 side of things, you might want to move further up the analysis stack next -- examine possible TCP/IP problems -- then move up to the application realm. You can apply numerous other views to the adapter or return to the Discovery -- APs and Stations view, right click on the complaining host and select Send to Wireshark.
If your network is using WEP or WPA, you'll need to enter the decryption keys to view the communications and perform further analysis.
I am a big believer in documenting your findings after analyzing a network. A picture is worth a thousand words, and Pilot offers a new method to create stunning images that help pinpoint and explain what's really going on at packet-level.
From the editor: In the example above, Laura used Pilot/AirPcap Ex. Pricing starts at $1,295.
About the author:
Laura Chappell is the founder of Wireshark University and Protocol Analysis Institute. Ms. Chappell is a top-ranked, highly-energetic speaker and author of numerous industry titles on network communications, analysis and security.
She has trained thousands of network administrators, State and Federal law enforcement officers, judicial members, engineers, technicians and developers. Ms. Chappell is a member of the High Technology Crime Investigation Association (HTCIA), active member of the FBI Infragard organization and an Associate Member of the Institute for Electrical and Electronic Engineers (IEEE) since 1989.
Her blend of humor, personal experiences, energy, and clarity has earned her a top spot as an industry speaker at various conferences including Microsoft TechEd, HP TechForum, HTCIA International Conference, Congress Netherlands, Electronic Crime Task Force Quarterly Meetings, and Novell BrainShare Conference.
0 comments:
Post a Comment