Application of protocol analyzer in WLAN

With the development of wireless LAN technology, protocol analyzer technology is not far behind, So how should we install, operate and protect it? Here we will introduce it to you.

The transmission media of WLAN is electromagnetic waves, which are almost ubiquitous and have no obvious boundaries. However, almost all Wi-Fi hardware has certain security vulnerabilities. Some simplified client configurations may not have any security assurance. Therefore, Signal Analysis in wireless transmission is very important.

Simplified installation, operation, and protection

Some free software allows the PC to easily log on to any open wireless network. NetStumbler is the most famous among them. It can scan all unencrypted Wi-Fi network frequencies and determine the signal-to-noise ratio and throughput of each type of network. It can even connect to the GPS receiver, map the software, and then search for sites related to Wi-Fi access points to achieve free Internet access. Enterprise IT departments are hard to find such network security vulnerabilities.

Some wireless network card manufacturers have also added the wireless scanning function in related driver software. For example, the Proxim dual-mode card can simultaneously scan all suitable channels in the 802.11a and 802.11b frequencies, and intuitively display the signal strength and bandwidth.

The perfect Wi-Fi protocol analyzer is much more powerful than the NetStumbler or NIC driver, and its implementation methods are quite different. Some protocol analyzers can decode advanced protocols, including the complete TCP/IP stack and other protocols; some focus on the underlying layer, such as detecting interference sources in the wireless spectrum; some protocol analyzers can generate security alerts and have Ing tools. Others can generate underlying technical reports or output hexadecimal code in a spreadsheet.

Software Wi-Fi protocol analyzer

Most protocol analyzers are software-based. These solutions include AirMagnet Duo provided by AirMagnet, AiroPeek NX provided by WildPackets, Free Software Ethereal, LANFielder of Wireless Valley communication company, LinkFerret of Baseband technology, Observer of Network Instruments, Sniffer of Network Associates. packetyzer of Wireless and Network Chemistry, and the ISS' Wireless Scannner.

This type of protocol analyzer is designed based on a notebook or PDA. The protocol analysis software for AirMagnet, Network Associates, and Wireless Valley is designed for Windows CE 3 Pocket PCs) handheld devices, which are less functional than laptops but can share data with the latter. At the same time, the Pocket PC is only suitable for the 802.11b protocol, because the processor function is weak and cannot be competent for high-speed 802.11a processing.

There is still a problem when you build the 802.11 protocol analyzer into a common PC. Because Windows does not support the 802.11 protocol, you need to use the driver software to convert 802.11 frames into a standard Ethernet frame signal, which can be recognized by the PC. A protocol analyzer does not support NICs or chipsets of all vendors). A more powerful protocol analysis software supports NICs based on the same chipset, for example, many software support the Intersil Prism II chip.

In addition, most protocol analyzers require the support of smart cards, which are not compatible with Wi-Fi protocols in many high-end laptops. The AiroPeek solution provided by WildPackets is better in this regard. The smart card supports the Intel MiniPCI interface and the 802.11a protocol. Because the driver needs to be re-built for the smart card, the software analyzer often lags behind the Wi-Fi device in terms of development.

Hardware tools

Currently, hardware analyzer includes Handheld Pak provided by AirMagnet, Locust and YellowJacket provided by BVS, OptiView Wireless and WaveRunner of Fluke. Among them, Fluke's OptiView is a comprehensive hardware analysis tool, and the running platform is Microsoft's Tablet PC.

The Wi-Fi protocol analyzer can decode the 802.11 protocol on the MAC layer, identify IP addresses, and filter information packets through addresses.

The wi-fi analyzer that supports advanced protocols evolved from the wired Ethernet protocol analyzer. For example, the Observer, LinkFerret, Ethereal, and OptiView solutions all support Ethernet standards, airoPeek and Sniffer Wireless provide separation support software. Some developers have added complete TCP/IP stack, IPX and other dedicated protocol support for analyzer.

Many protocol analyzer can differentiate access point locations and share data through software ing. Among them, the SitePlanner tool provided by LANFielder can display the three-dimensional graph of the network; the ing software BirdsEye provided by BVS can output geographic data in the form of workbooks; the AiroPeek and OptiView schemes can automatically draw network charts and display logical or physical connections through IP addresses or MAC addresses. The AirMagnet and NetStumbler schemes support Microsoft's MapPoint.

BVS's hardware tool does not support advanced protocols, but focuses on wireless spectrum analysis. It provides YellowJacket and Locust spectrum analyzer to detect interference sources generated by non-Wi-Fi networks, if the system detects interference from a microwave oven, Bluetooth device, or other similar network frequencies on the 802.11b network. These tools can also detect cordless teleconference or close-range wireless systems that interfere with 802.11a networks.

The AiroPeek and AirMagnet solutions provide alarm functions to promptly notify network administrators of potential intrusions. Some analyzer is developing towards pure security tools. For example, the WaveRunner tool provided by Fluke focuses on signal strength, encryption, and other information analysis related to detection of security vulnerabilities or optimization of network coverage. The ISS Wireless guest software solution can generate detailed reports in simplified English. It is recommended to take appropriate measures, such as disabling DHCP or blocking the MAC address of suspicious clients.