About This GuidePreface This guide is designed to help you use AirDefense Mobile to analyze real-time data traffic flow from devices in your wireless LAN from your laptop. This guide is intended for information security administrators and people who are responsible for reporting on and analyzing wireless LAN data.Scope of Documentation This guide covers: • How to use Mobile to analyze traffic flow as it happens • How to use Mobile to survey a site • How to use Mobile to analyze frames captured to a file • How to use Mobile to identify and locate interference sources on your wireless network • How to locate a device. It does not cover initial hardware installation or the basic device configuration you need to perform to get the appliance up and running.Additional Resources The AirDefense Mobile product has the following additional resources to help you use the system more effectively: • AirDefense Mobile 6.1 Installation Guide. • AirDefense Mobile 6.1 Online Help.
AirDefense Mobile User GuideDocument Conventions The following conventions are used in this document to draw your attention to important information: NOTE: Indicate tips or special requirements. ! CAUTION: Indicates conditions that can cause equipment damage or data loss. WARNING! Indicates a condition or procedure that could result in personal injury or equipment damage.Notational Conventions The following additional notational conventions are used in this document: • Italics are used to highlight the following: Chapters and sections in this and related documents Dialog box, window and screen names Drop-down list and list box names Check box and radio button names Icons on a screen. • GUI text is used to highlight the following: Screen names Menu items Button names on a screen. • Bullets (•) indicate: Action items Lists of alternatives Lists of required steps not necessarily sequential • Sequential lists (those that describe step-by-step procedures) appear as numbered lists.
Introduction1.1 Chapter Contents This chapter includes the following sections: Section Page Overview of an AirDefense Mobile 1-1 Getting Started 1-2 Native Scan Mode 1-21.2 Overview of an AirDefense Mobile AirDefense Mobile allows you to analyze real-time data traffic flow from devices in your wireless LAN from your laptop. It gives you a live view of the APs or Stations operating in your wireless LAN. You can drill down into a live, streaming view of devices, BSSIDs, and channels to review remote frame captures, authentication errors, AP configuration issues & network interference. You access AirDefense Mobile by double-clicking the AirDefense Mobile 6.1 icon on your desktop. There are five features to AirDefense Mobile: • Live Monitoring where you analyze traffic flow as it happens • Survey where you can record 802.11 measurement data and display that data as a heat map over an image • Frame Capture Analysis where you analyze frames that were captured to a file during a Live Monitoring session • Spectrum Analysis where you can identify and locate interference sources on your wireless network. • Locate Device where you can locate a seen device. AirDefense Mobile provides five main categories of information: • Data • Connections • Devices • Frames • Survey (optional with Mobile Survey license).
1-2 AirDefense Mobile User Guide Each category has its own tab within the application. 1.3 Getting Started To access AirDefense Mobile for the first time, double-click the AirDefense Mobile 6.1 icon on your desktop. One of three things will happen: • AirDefense Mobile displays with no data being collected. • The following popup window displays if you have installed more than one network adapter: If this window displays, select an adapter and then click OK. AirDefense Mobile now displays with no data being collected. You must now install your license using the instructions in Manage Licenses. 1.4 Native Scan Mode The Native Scan Mode is used when there is no supported adapter present. It gives you limited access to Mobile 6.1. Once you access Mobile 6.1 in the Native Scan Mode, you cannot switch to a supported adaptor. The Native Scan Mode will be active the entire session. The following features are active in the Native Scan Mode: • Analysis license installed: Access to the Device tab only • Survey license installed: Access to the Survey tab only • Analysis and Survey licenses installed: Access to the Device and Survey tab. • You will be able to open files such as captured files with the above restrictions.
Live Monitoring2.1 Chapter Contents This chapter includes the following sections: Section Page Overview 2-2 Common Area 2-2 Data Tab 2-17 Connections Tab 2-23 Devices Tab 2-26 Frames Tab 2-29 Survey Tab 2-33 Frame Capture 2-54
2-2 AirDefense Mobile User Guide 2.2 Overview Live Monitoring allows you to monitor and analyze real-time data traffic flow from devices in your wireless LAN. It also allows you to conduct site surveys on locations within your company. NOTE: To conduct site surveys, you must first set up the Survey feature using the Survey tab. You start a Live Monitoring session by accessing the Mobile application and then either: • Click the Start button– . • Select Session > Start. A Live Monitoring session can only display 50,000 frames at one time. If more than 50,000 frames have been capture, only the most recent 50,000 frames are displayed. 2.3 Common Area The common area holds the menus and buttons that are common to AirDefense Mobile. It is located at the top of the window.
Live Monitoring 2-32.3.1 MenusMenu Option DescriptionFile New Starts a new project. Open Opens a saved frame capture file, a saved tracking file, a saved spectrum data file, or a Survey project that resides on your laptop. Export to ADSP Exports a survey project to your ADSP system. Before using this feature, you must configure ADSP settings under Configure > Configure ADSP Settings. Import From ADSP Imports a survey project from your ADSP system. Before using this feature, you must configure ADSP settings under Configure > Configure ADSP Settings. Save Depending on the license that you have (Mobile Analysis or Mobile Survey), Save will save frame data to a PCAP file (Mobile Analysis) or all data to a WNZ file (Mobile Survey). Save As Opens the Save Project popup window where you can save an existing survey project to a new file. Close Project Closes the current project. Prompts you to save the project. If prompted, click Yes to save or No to not save the project. Export Measurment Exports measurement data to a MLZ file. Data Import Imports measurement data to a MLZ file. Measurement Data Delete Deletes measurement data files from Mobile. Measurement Data Import AirMagnet Imports measurement data collected from Data AirMagnet Survey saved in a SVD file. Only Passive survey files are supported. Generate Report Generates a multi-table report and displays the results. You have the option to select from six tables or you may select all the tables. The results includes: • Project name • Total number of floors • Total number of BSSs detected • List of measurment files including file name, timestamp of measurement run, duration of measurement run, and number of measurement points.
2-4 AirDefense Mobile User Guide Menu Option Description File (cont’d) Close Prompts you to save captured frames if no project is open or prompts to save an opened Project. If prompted, click Yes to save or No to not save the captured frames or project. Exits from Mobile 6 when done. Session Select Adapter Opens the Select Adapter popup window where you can select a different adapter. Settings Opens the Mobile Settings popup window where you can set options for your Live Monitoring sessions. (See Live View Settings for more information.) Channel Settings Opens the Channel Settings popup window where you can specify which channels Mobile should utilize during a monitoring session. (See Channel Settings for more information.) Survey Settings Opens the Survey Settings popup window where you can specify the default settings for antenna gain, signal propagation assessment, and the color range used for conducting surveys. (See Survey Settings for more information.) Start Starts a Live Monitoring session. Stop Stops a Live Monitoring session. Freeze Freezes a Live Monitoring session. The data in the window freezes but AirDefense Mobile keeps collecting data to display later after you unfreeze the session. Edit Filters Opens the Frame Filter popup window where you can set options to filter data. (See Frame Filter for more information.) Spectrum Analysis Opens Spectrum View window and runs Spectrum Analysis. Note: You cannot access Spectrum Analysis if you are using a USB adapter.
Live Monitoring 2-5Menu Option DescriptionConfigure Configure ADSP Opens the Configure ADSP Settings window so that Settings you can supply an IP address of an ADSP appliance along with login credentials for the appliance. These settings are used to export data to and import data from the specified ADSP appliance. Configure Proxy Allows you to configure proxy settings if you are Setting required to do so to access the internet. Configure Marker Allows you to set the size of the survey markers. Settings Configure Design Opens the Design by Survey Configuration by Survey Settings Wizard. (See Design by Survey.)Help Manage Licenses Opens the Manage Licenses window so that you can manage your Mobile 6 licenses. (See Manage Licenses.) Help Contents Opens the AirDefense Mobile Online Help. About Displays information about AirDefense Mobile 6.1 such as version number, release date, and copyright notice. Support Opens the Support sub-window and provides information for: • Hyperlink to support center to open or view known issues and cases • Call Center Support phone numbers • Email address • Home website for AirDefense.
2-6 AirDefense Mobile User Guide 2.3.2 Buttons Button Description Starts a Live Monitoring session. Stops a Live Monitoring session. Freezes a Live Monitoring session. The data in the window freezes but AirDefense Mobile keeps collecting data to display later after you unfreeze the session. Click the Freeze button again to unfreeze the session. Displays the heat map of a site survey after a scan or after loading a project file. Opens the Frame Filter popup window. where you can set options to filter data. (See Frame Filter for more information.) Opens the Spectrum View window where you can identify and locate interference sources on your wireless network. (See Spectrum Analysis for more information.) Note: You cannot access Spectrum Analysis if you are using a USB adapter. 2.3.3 Dropdown Menus Dropdown Menu Description Frame Selection Acts as a quick filter to display only frames for the selected frame type. To view all types, select All Frames. Click on the + button to expand a frame category to select a frame type. RSSI Selection Acts as a quick filter to view only frames specified in the RSSI (Received Signal Strength Indicator) range. Slide the two sliders (gray bars) to specify a range. Specifying an RSSI range will render the heat map using the selected values while visualizing a project. Changes are reflected in the heat map as well as the other four tabs.
Live Monitoring 2-7Dropdown Menu DescriptionDevice Selection Used to isolate heat maps for individual BSSs. Works when grouped with SSID/Channel/Type/Air Standard. To select BSSs, type in a partial or full MAC address in the Find Devices field. Depending on the Group by and Sort by fields a tree is displayed listing the BSSs that match the find string. Select each BSS that you want to view frames for by placing a checkmark in the checkbox next to the device. The Group by field groups BSSs according to: • SSID • Channel • Type • Authorization State • Name • Air Standard. The Sort by field sorts second level nodes (BSS) using the same selections for the Group by field. The New Device field allows you to add a new BSS. You must type in the full MAC address and then click the Add button (+). If the BSS is found, it is added to the tree. You can select a BSS to be ignored by clicking on the BSS and then dragging it to the Ignore Bucket. BSSs placed in the Ignore Bucket are only removed from the tree. Data from ignored BSSs is not be displayed. You can remove all BSSs in the Ignore Bucket and place them back in the tree by clicking the Restore button.
2-8 AirDefense Mobile User Guide 2.3.4 Live View Settings Motorola AirDefense Mobile has three user adjustable settings contain in the Capture Settings tab. Located in the Capture Settings tab are: Setting Description Capture Management Frames Sets the Live Monitoring sessions to capture management frames. If selected, you can also truncate management frames to a specific number of bytes or have no truncation. Capture Control Frames Sets the Live Monitoring sessions to capture control frames. If selected, you can also truncate control frames to a specific number of bytes or have no truncation. Capture Data Frames Sets the Live Monitoring sessions to capture data frames. If selected, you can also truncate data frames to a specific number of bytes or have no truncation. To change the settings: 1. Select File > Settings to display the Live View Settings window. 2. Make your adjustments/specifications. 3. Click OK.
Live Monitoring 2-92.3.5 Channel Settings The Channel Settings table displays all available channels and allows you to select channels to scan, select the 802.11N extension, and set scan time for each selected channel. Select File > Channel Settings to display the Channel Settings popup window. The Lock On Channel dropdown menu allows you to select which channels to scan. You can select a group of channels such as 1-6-11, UNII-1, UNII-2, or UNII-3, or you can select a single channel from the menu. Selecting 1-6-11 will scan channels 1, 6 and 11 while setting the scan time for each channel to the default (100 ms) or to the time specified in the Time field.. Selecting UNII-1 will scan channels 36, 40, 44 and 48 while setting the scan time for each channel to the default (100 ms) or to the time specified in the Time field. Selecting UNII-2 will scan channels 56, 60 and 64 while setting the scan time for each channel to the default (100 ms) or to the time specified in the Time field. Selecting UNII-3 will scan channels 149, 153, 157and 161 while setting the scan time for each channel to the default (100 ms) or to the time specified in the Time field. The Bandwidth field allows you to set the scan bandwidth to 20 MHz, 40 MHz, or both (20/40 MHz). You can also select which channels to scan by selecting the checkbox next to the channel in the table. Selecting the checkbox at the top of the Scan column will select all channels. If you type in a time value at the top of the Time column, you will set scan time of all the channels. You can set the scan time of each channel individually by typing in a time value for a particular channel. The .11N Extension column is only active for the 40 MHz bandwidth and the 20/40 MHz bandwidth. When the field is active, you can select the 802.11N extension for each channel being scanned. If you want to detect 40 MHz Access Points in 20 MHz scans, click the Advanced Settings button, select the checkbox, and then click OK.2.3.6 Survey Settings The Survey Settings has three tabs that you can use to affect surveys. They are: • Antenna Gain • Signal Propagation Assessment • Color Range.
2-10 AirDefense Mobile User Guide 22.214.171.124 Antenna Gain Located in the Antenna Gain tab is the Antenna Gain setting. A gain value (specified in dBi) can be specified to remove the antenna gain from the readings taken devices. This action allows the measurements taken from different devices to be brought to the same level (the gain value specified). For example, if two users were running sessions using a different network card with gain values of -2 and -3, the RSSI readings recorded would be offset by the corresponding values. Now, if the measurement files were to be visualized with another card with a gain value -2, all readings will be offset by a -2 gain value; thus, giving you a common gain value for the captured data being visualized.
Live Monitoring 2-126.96.36.199 Signal Propagation Assessment Located in the Signal Propagation Assessment tab is the Signal Propagation Assessment Distance setting. By entering a value (in feet or meters), you can set the distance, from your devices, that Mobile uses in a survey to collect measurement data. You may enter a maximum value of 65 feet or 20 meters.
2-12 AirDefense Mobile User Guide 188.8.131.52 Color Range Located in the Color Range tab are two settings: one for adjusting the power range displayed in the heat maps and another for adjusting the signal to noise ration displayed in the heat maps. A minimum and maximum value is entered for each setting.
Live Monitoring 2-132.3.7 Frame Filter Method Description Connections Filters Mobile frames by connections. To filter by connections, go to the Connections tab, select Filter frames by Connections, and select any of the following conditions: • Any Address • Source • Destination • BSSID • A1 (RX) • A1 (TX) • A3 • A4 For every condition that you select, you must specify a MAC address. You have the option of displaying frames that match all of the selected conditions or displaying frames that match any of the selected conditions. Frame Type Filters Mobile frames by 802.11 frame type. To filter by frame types, go to the Frame Type tab, select Filter frames by frame type, and de-select any frame type that you do not want to display. You may filter out a whole category (Control, Management, or Data) or any of the sub-categories. Channels Filters Mobile frames by channels. To filter by channels, go to the Channels tab, select Filter frames by channel, and de-select the channels that you do not want to display. You may filter out a whole category (b/g,a, or n) of channels or individual channels. Rates Filters Mobile frames by transmission rate. To filter by transmission rate, go to the Rates tab, select Filter frames by rate, and de-select any rate that you do not want to display. Data Filters Mobile frames by data type. To filter by data type, go to the Data tab, select Filter frames by data, de-select any of the encryption types that you do not want to display, and de-select any of the Ether types that you do not want to display.
2-14 AirDefense Mobile User Guide To filter Mobile frames: 1. Select File > Edit Filters or click the Filter button to display the Frame Filter popup window. 2. Set your filter criteria by clicking on the appropriate tab. 3. Click OK.
Live Monitoring 2-152.3.8 Manage Licenses Manage Licenses opens an License window where you can manage licenses associated with Mobile 6. Navigate to Help > Manage Licenses to access the License window. There are three combination of licenses associated with Mobile 6.1: • Analysis license —Access only to the Data, Connections, Devices, and Frames tabs. • Survey license —Access only to the Data and Survey tabs. • Analysis and Survey license —Access to all tabs (Data, Connections, Devices, Frames, and Survey). There are three actions you can take to manage licenses: • Add License • Copy the MAC address of your system • Download your system keys (ENC file) to your local file system. The table near the bottom of the window lists: • License type • Activation start date • Activation warning date • Activation expiration date.
2-16 AirDefense Mobile User Guide 184.108.40.206 Add Licenses There are three ways to install a license: • Using a license file • Using an authorization code • Using a legacy license key. Using a License File A license file contains information about your license. If you have a license file, select the I have a License File option. You will be prompted to select the license file. Use the browse button (...) to locate the file and select it. Once you have selected the licensing file, click Apply. The license information is updated. Using an Authorization Code If you have an authorization code, select the I have an authorization Code option. Enter your authorization code, company name, contact phone number, and email address. Then, click Apply. The license is installed using the authorization code. NOTE: If you need to use a proxy to access the internet, select the Use proxy for Internet Access option. The proxy settings must already be configured using Configure > Configure Proxy Settings. Using a Legacy License Key If you have a license key, just type in the key and click Apply. The license is installed using the license key. NOTE: When you use a legacy license key from a previous version of Mobile, the Survey feature of Mobile 6 is not activated. 220.127.116.11 System MAC You can display the MAC address of the system where you can copy it for later use. Click the Copy button next to the System MAC field to display and copy the MAC address. 18.104.22.168 System Keys You can generate a system key for your system from the License window. The system key is used when manually requesting a license file instead of downloading the file directly. You may need to manually request a license file if you have no internet connectivity or when a firewall policy prevents AirDefense Mobile from automatically downloading the file. Follow these steps to generate a system key: 1. Click Export next to the System Keys field and navigate to the location where you want to save the system key file. 2. Click the Save button.
Live Monitoring 2-172.4 Data Tab The Data tab displays data charts that allows you to analyze different types of data from the selected device. You can review more information for some charts by rolling your cursor over the chart. If additional information is available, it is displayed in a popup. You can right-click on any chart to reveal the following commands: • Maximize—Maximizes the chart, overlaying it directly over the other charts. • Restore—Restores the chart to its previous state. • Remove—Removes the chart from the display area. This is the same as clicking the Remove button ( ). The Data tab focus can be changed by changing the view. Depending on the view that is selected different charts are displayed. There are four available views: View Description Summary Provides a summary of frame data using the following charts: • Traffic By Authorization • Retry • Traffic By Rate • Traffic By Channel • Devices By Authorization. This is the default view. Device Analysis Changes the frame data focus to device information. Charts relating to device information are displayed.
2-18 AirDefense Mobile User Guide View Description Channel Analysis 2.4 GHz Changes the frame data focus to channel information on the 2.4 GHz band for (a/b/n) 802.11b/g/n network traffic. Charts relating to channel information are displayed. Channel Analysis 5 GHz Changes the frame data focus to channel information on the 5 GHz band for (a/n) 802.11a/n network traffic. Charts relating to channel information are displayed. Each view is customizable. You can add more charts to a view, rearrange the view, or remove charts from a view. To add a chart to a view, click the View Available Charts button– to reveal the Available Charts. Once the Available Charts are revealed, you can drag and drop a chart to the display area. You can display up to nine charts. To view a chart temporarily, click on the chart name. It will display superimposed over the current charts. To hide Available Charts, click the Hide Available Charts button.
Live Monitoring 2-19The following table gives a brief description of each chart: Chart Description The number of data frames observed by sub-type (data, no data, QoS data, QoS no data) The amount of frames seen by the different data rates observed Total amount of frames seen by the different data rates observed Total number of devices observed by the authentication method used (if EAP information is available, EAP type is displayed) Total number of devices observed by authorization (authorized, unauthorized, ignored) Total number of devices observed using B/G protection mode Total number of devices observed by protocol The number of devices seen on the different channels Total number of devices observed in the different channels Total number of devices observed by the encryption method used (CCMP, none, TKIP, TKIP/CCMP, WEP) The number of devices observed by type (BSS, Wireless Client, unknown) Total number of devices observed (BSSs, Wireless Clients, unknown devices) Total number of frames observed by preamble Total number of frames observed by priority (QS information) Total number of frames observed by size (in bytes) Total amount of traffic observed by sub-type (select Control, Mgmt, or Data from dropdown menu to view the different sub-types) The number of frames observed by type (control, data, management) Total amount of traffic observed by type (control, data, management) The number of retry frames observed as related to bandwidth A devices signal strength (in dBm) as observed by the Sensor
2-20 AirDefense Mobile User Guide Chart Description Signal strength (in dBm) observed over the different channels emphasizing the following information: • All changes of every device as measured by the height of the chart • Amount of traffic by color • Co-channel interference by the selected device The amount of traffic per selected metric (frames, bytes, % utilization) The top devices sending the most traffic Busiest devices (devices with the most traffic) The amount of traffic observed by channel showing the total units and retry units Total amount of traffic observed by channel The amount of traffic by destination (broadcast, multicast, unicast) The amount of traffic by the different protocols (802.11a, 802.11b, 802.11g, 802.11n) Total amount of traffic observed by protocol (802.11a, 802.11b, 802.11g, 802.11n) The amount of traffic based on the traffic configured state (authorized, unauthorized, unknown) The percentage of utilization as seen over the individual channels, each bar in the chart displaying up to four categories (Available, Available Overhead, Used, Used Overhead) Dropdown menus are available to customize the view of the charts as indicated in the following table:Chart Dropdown Menus X X X
Live Monitoring 2-21Chart Dropdown Menus X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X X
2-22 AirDefense Mobile User GuideChart Dropdown Menus X X X X X X To rearrange a view, you can drag and drop charts to another location. To remove a chart, click the Remove button– associated with the chart. Once you have customized the display to fit your needs, click the Save Changes button to save your arrangement. The customized view is saved on your laptop. Now, whenever you access AirDefense Mobile, you can access your customized arrangement. You can change the name of a view by clicking the Rename button. Just type in the new name and click OK. This allows you to give a view a more descriptive name if you changed the view significantly. To return a view to the original factory default, click the Reset to Defaults button. To save a screen shot of the Data tab in a PDF file, click the Save Dashboard button. The Save Dashboard window displays. To save the file on your laptop: 1. Enter the name of the PDF author (optional). 2. Click the Select Destination button– . 3. Navigate to the folder (directory) where you want to save the file. 4. Enter a filename and then click Select. The filename along with the path displays in the File field. 5. Click OK. A snapshot of all the visible charts is taken. Once the file is saved, you can view it later using Acrobat Reader.
Live Monitoring 2-232.5 Connections Tab The Connections tab displays the relationships (connections) between devices that have been seen during the Live Monitoring session. You have the option of displaying devices with broadcast frames, devices with multicast frames, or both. Just select the checkbox for the option you want. The Data Frames and Bytes fields display the count of data frames and bytes. If more than 50,000 frames have been captured during the Live Monitoring session, only the most recent 50,000 frames are displayed. Devices are listed in three columns: Wireless (wireless devices), BSSs and Wired (wired devices). Device columns may be disabled or re-enabled by using the hide– /show– button next to the column name. For example, if the BSSs column is hidden, then connections will be shown directly from the source to the destination without the BSS in the middle. A connection is defined as a set of devices referenced by a single data frame. Typically, a connection will involve three devices (source, destination, and BSS); but, in some cases may involve four devices (wireless bridging). A line is defined as a link between two devices. Each connection is made up of multiple lines and each line may be part of multiple connections. The intensity and Z-order (whether a line is on top or bottom) of a line is based on the number of frames between the two devices.
2-24 AirDefense Mobile User Guide Clicking on a device selects a connection involving that device. The devices and lines involved in the connection will be highlighted. If you continue clicking on the device, the graph will cycle through the connections involving the selected device. Buttons are also provided to cycle through the connections. The Data Frames and Bytes fields will only show the data corresponding to the selected connection.
Live Monitoring 2-25Right-clicking on a known device reveals a menu with the following options:• Configured States—Allows you to change the device state to authorized, unauthorized, or ignored.• Properties—Displays a Properties window which supplies property information about the device. The editable fields are Name, Description, and Classification. You can add or change the name/ description of the device. You can also change the device classification to authorized, unauthorized, or ignored. If you make any changes, click OK to save them. An Observed Data table is included to display more information about the device, such as: MAC address Vendor name Device name Channel number Channel extension Service Set Identifier (SSID) Time the device was first seen Time the device was last seen Number of frames Number of bytes Authentication used Encryption method Protocol used Signal strength.• Copy MAC—Copies the MAC address of the selected device.• Locate MAC—Opens a Tracking window that helps you locate the selected device.
2-26 AirDefense Mobile User Guide 2.6 Devices Tab The Devices tab displays the devices that have been seen during a Live Monitoring session in tabular form. If more than 50,000 frames have been captured during the live monitoring session, only the most recent 50,000 frames are displayed. You may choose to show all devices, only BSSs or only Wireless Clients. Just select the appropriate radio button. The Devices table displays the following information: Column Description Device Lists the different devices that have been seen during the Live Monitoring session. MAC Address Displays the MAC address of the seen device. SSID Lists the Service Set Identifiers, a 32- character unique identifier attached to the header of packets sent over a WLAN that acts as a password when a mobile device tries to connect to the BSS (Basic Service Set) and are the logical groups that Access Points belong. Channel Lists the WLAN channel that the device is operating on. Channel Extension Displays the WLAN channel extension that the devices is using. Signal (dBm) Lists the devices signal strength connectivity on the WLAN. Frames Displays number the frames, which are the actual packets of 802.11 protocol, that have been observed by the AirDefense sensor for the given device. Bytes Displays the byte count seen by the device. First Seen Displays the time and date the device was first seen.
Live Monitoring 2-27Column Description Last Seen Displays the time and date the device was last seen. WEP IVs Displays the number of unique WEP IVs seen by the device. Authentication Displays the authentication method used to connect to the device. Encryption Displays the encryption method used for communications.Column display and arrangement can be customized as follows:• Hide or un-hide a category by right-clicking in the column heading area, and unchecking or checking the checkbox for a category (see below).• Rearrange columns by clicking on a column heading and dragging it to a new position.
2-28 AirDefense Mobile User Guide Right-clicking on a known device reveals a menu with the following options: • Configured States—Allows you to change the device state to authorized, unauthorized, or ignored. • Properties—Displays a Properties window which supplies property information about the device. The fields are Name, Description, and Classification. You can add or change the name/description of the device. You can also change the device classification to authorized, unauthorized, or ignored. If you make any changes, click OK to save them. An Observed Data table is included to display more information about the device, such as: MAC address Vendor name Device name Channel number Channel extension Service Set Identifier (SSID) Time the device was first seen Time the device was last seen Number of frames Number of bytes Authentication used Encryption method Protocol used Signal strength. • Copy MAC —Copies the MAC address of the selected device. • Locate Device—Opens a Tracking window that helps you locate the selected device.
Live Monitoring 2-29 • Survey for BSS —When you right-click on a BSS, this option is available. It is used to set up the BSS for Design by Survey.2.7 Frames Tab The Frames tab displays the frames that were captured during a Live Monitoring session. The first time you access the Frames tab the table view is displayed.
2-30 AirDefense Mobile User Guide You can switch to the frames view by clicking the Frames View button– . Click the Table View button– to switch back to the table view. If more than 50,000 frames have been captured during the live monitoring session, only the most recent 50,000 frames are displayed. The Frames tab is divided into three areas: • Table or Frames (located on top) • Hex values for a selected frame (located on bottom left) • Decodes for a selected frame (located on bottom right). 2.7.1 Table View A frame is selected by clicking anywhere on the frame row. When selected, the frame row is highlighted. The frames table displays the following information: Column Description Time Displays the time the frame was seen. Source Lists the device where the frame originated. Destination Lists the device where the frame was sent. BSSID Displays the Basic Service Set Identifier. Transmitter Lists the device that transmitted the frame. Receiver Lists the device that actually received the frame.
Live Monitoring 2-31Column DescriptionAddress 1 Lists the first address in the frame.Addrees 2 Lists the second address in the frame.Address 3 Lists the third address in the frame.Address 4 Lists the fourth address in the frame.Channel Lists the WLAN channel that the device is operating on.Channel Extension Displays the WLAN channel extension that the devices is using.Rate Displays the data rate (in Mbps) being used by the device that sent the packet.Signal (dBm) Lists the devices signal strength connectivity on the WLAN.Size Displays the size of the frame.802.11 Type Displays the 802.11 protocol type used in the frame.Protocol Displays the protocol type used in the frame.
2-32 AirDefense Mobile User Guide Column display and arrangement can be customized as follows: • Hide or un-hide a category by right-clicking in the column heading area, and unchecking or checking the checkbox for a category (see below). • Rearrange columns by clicking on a column heading and dragging it to a new position. When a frame is selected (highlighted), the frame data is shown in the hex values and decodes areas. The decodes area shows the 802.11 interpretation of the frame data in a tree structure. The hex values area and decodes area are linked so that selections in one area will follow the selections in the other. If you right-click a frame, you can access Apply Filter. Apply Filter adds filter information to the Frame Filter using a combination of the item clicked in the frame and the column header. For example, clicking on a MAC address in the BSSID column will filter all frames with that MAC address as the BSSID. This works for all columns except Channel Extension, Signal (dBm), and Size. NOTE: You can view the added filter information by accessing the Frame Filter. If a survey is being visualized, a Locate Marker option is also displayed when you right-click a frame. Selecting Locate Marker opens the Survey tab and points to the marker position where the frame was captured.
Live Monitoring 2-332.7.2 Frames View The devices from which the frames were captured are displayed across the top of the tab. A frame is selected by clicking anywhere on the line under the frame name. When selected, the frame is highlighted in blue. When a frame is selected (highlighted), the frame data is shown in the hex values and decodes areas. The decodes area shows the 802.11 interpretation of the frame data in a tree structure. The hex values area and decodes area are linked so that selections in one area will follow the selections in the other. 2.8 Survey Tab The Survey feature of Mobile 6 is used to record 802.11 measurement data and display that data as a heat map over an image representing a floor in a building. The Survey tab is where you set up and conduct site surveys. NOTE: You must possess a Mobile Survey license to have access to the Survey tab.
2-34 AirDefense Mobile User Guide Once data has been collected, you can visualize the data as a heat map in one of the following modes selected from the Visualization Modes dropdown menu: Visualization Mode Description Coverage by signal This visualization mode allows you to view areas emphasizing your signal strengths, strength allowing you to identify your strong and weak areas of coverage Coverage by channel This visualization mode allows you to view areas of coverage colored by the best serving channel (20 or 40 MHz width) to that region. SNR (signal-to-noise ratio) This visualization mode allows you to view the best SNR from devices in the location. Noise This visualization mode allows you to view regions where a certain level of noise occurs. Data Rate This visualization mode shows the data rates that a client actually uses while transmitting and receiving data packets when associated with an AP. Hybrid Network Overlap This visualization mode allows you to view the deployment type of the entire network. This visual-ization shows areas of coverage where the clients will be served only by 802.11a/b/g (Legacy) APs, only 802.11n APs (High Throughput) APs or all 802.11a/b/ g/n (Hybrid) APs. Sevice Count This visualization mode allows you to view the number of BSSs servicing a particular location on the heat map. If the number exceeds 10 at any location, that location will be a single color on the heat map. The Survey feature of Mobile 6 also gives you a Pass/Fail status for the following applications: • Basic WiFi Connectivity • Location Tracking • Mobile Handhelds • Video Surveillance • Wireless VoIP Handsets. The applications are also selected from the Visualization Modes dropdown menu. You can view the Pass/ Fail status by accessing the Legends. 2.8.1 Creating Floor Plans The floor plan represents the floors in a building. It contains the building, the floors, images of the floors, and devices on the floors. You must have a floor plan to conduct a site survey. It is used to mark your path during the survey. Here are the steps to create a floor plan: 1. Upload an image that represents the layout of the first floor. 2. Add additional floors until all floors in the building are in the floor plan. 3. Add devices to each floor that represent actual devices on the floors.
Live Monitoring 2-322.214.171.124 Upload Image When Mobile 6 is first accessed, the floor plan is empty. You must add a floor plan, to use the Survey feature. To add a floor plan: 1. Click the Building Wizard button, click anywhere on the empty floor plan, or select File > New. NOTE: Selecting File > New will not open the Building Wizard. In this case, skip to Step 2.
2-36 AirDefense Mobile User Guide 2. Enter a floor name and then click the browse (…) button to locate/specify an image. You can add images in any of the following formats: • Bitmap/BMP • JPEG/JPG • GIF • PNG 3. Navigate to the image file, select it, and then click Open. The Image field displays the image file name. NOTE: If you know the ceiling height of your location, you may enter it now in meters or feet. If not, you can specify this parameter later. 4. Click Next. A window displays stating that floor was added successfully.
Live Monitoring 2-37 5. Click Finish. The floor plan is created with an image. 6. Once the image is added to the floor plan, the cursor should now be a crosshair cursor. You can scale the image later. Click the <Esc> key to exit from the scaling mode or scale the image now as follows: a. Left-click a point on the image while continuing to hold down the mouse button. b. Drag the mouse to another point on the image and then release the mouse button. The following window displays: c. Enter the distance between the two points in meters, centimeters, feet or inches. d. Click OK. The image is scaled using to the value that you supplied.126.96.36.199 Add Additional Flors If your building has more than one floor, you will want to add the additional floors. The Building Wizard is used to add additional floors. The instructions for adding additional floors are very similar to adding the first floor. 1. Click the Building Wizard button.
2-38 AirDefense Mobile User Guide 2. Select the Add option and then click Next. NOTE: Floors are added in sequence; therefore, the floor number will be the next floor in line. 3. Enter a floor name in the Floor Name field. 4. Use the browse (...) button to specify an image for the floor. 5. After the image name is added to the Floor Name field, click Next. A message should display indicating that the floor was added successfully. 6. Click Finish. 7. Scale the floor the same way you did when you added the first floor. 8. Click OK. 9. To add additional floors, repeat Steps 1 to 8 until done. 188.8.131.52 Add Devices Mobile 6 allows you to place devices on your floor plan so that you can have a visual representation of where the devices are in your location. The Add Device button is used to add a device one at a time. To add a device, follow these steps: 1. Click the Add Device button to access the Add Device Wizard. NOTE: The Real Device option is not available unless the data is available from ADSP.
Live Monitoring 2-392. Select a planned device or a real device, and then click Next. The following screen is displayed:3. Select a device and then click Next. The following screen is displayed:4. You must enter values for the 802.11a/n protocol and the 802.11b/g/n protocol. Each protocol has its own set of values. Follow these steps to enter the values for each protocol: a. Enter a channel in the Channel field. b. Select an extension from the Ext dropdown menu. c. Click the Add– button for the BSS field and enter a MAC address for the radio.
2-40 AirDefense Mobile User Guide d. Once you have enter the values for both protocols, click Next. The following window is displayed: 5. Click Finish. Once a device has been placed on a floor plan, you can: • Move it by clicking on it and dragging it to a new position. • Copy, cut and paste a device by right-clicking on the device and selecting the appropriate menu item. • Remove a device from the floor plan. • You can rename it to give it a more descriptive name by right-clicking on the device and then selecting Rename AP from the popup menu. Just enter a new name when the Input window displays and click OK. • View and change the properties of a device by right-clicking on the device and selecting Edit AP BSS List from the popup menu.
Live Monitoring 2-41 To edit a parameter, double-click the parameter. If it is editable, the edit cursor displays so that you can make changes. After making a change, the <Tab> key must be pressed to retain the changes. If a parameter is uneditable, the parameter will just be highlighted.2.8.2 Menus The Survey tab has two types of menus: dropdown menus and right-click menus. The dropdown menus are located at the top of the tab. The right-click menus can be accessed by right-clicking anywhere within the Survey tab.184.108.40.206 Dropdown Menus The following four dropdown menus are available in the Survey tab: Menu Description Visualization Modes Allows you to select a Visualization Mode (click link for list of modes) or view the Pass/Fail status for the following applications: • Basic WiFi Connectivity • Location Tracking • Mobile Handhelds • Video Surveillance • Wireless VoIP Handsets. Data Files Selection During visualization, the Data File filter contains a list of all known data files. All selected files are included in the heat map results. Unselected files are not included in the heat map results. 802.11 Protocol Selection Allows you to select one of two 802.11 protocols to view in a heat map: 802.11b/ g/n or 802.11a/n. Floor Selection Allows you to change the floor in a multi-floor building.
2-42 AirDefense Mobile User Guide 220.127.116.11 Right-Click Menus The following four right-click menus are available in the Survey tab: Menu Description Scale/Align Allows you to scale a floor, scale a floor with data and devices, align floors in a building, or scale all floors with data and devices. When conducting a scan, this menu is not available. When scaling a floor or a scaling a floor with data and devices, the cursor turns into a crosshair. Click your right mouse button to mark the first point; while continuing to hold the mouse button move the crosshair to a second point; release the mouse button to mark the second point. A Set Scale window displays where you can specify a distance in meters. Click the <Esc> key to exit the scaling mode. When scaling all floors with data and devices, select two points on the floor where you know the actual physical distance. Only use this option if the images for all the floors are the same size. When aligning floors, clicking a point on the map makes that point the alignment reference point for that floor. Marker Placement Allows you to end a track, center on a marker, or remove the last placed marker as follows: • End Track—Ends the current track of bullets. When the next marker is placed, a new track is started. • Center on Marker—Centers the floor plan to the spot of the specified marker. When the next marker is placed, the image is adjusted to the centered marker. • Undo—Removes the last placed marker from the scan. The shortcut is <Ctrl-U>. • Stop Scan & Add New Location —Stops the current mini survey and add a new location. This item is only available while conducting a mini survey. This menu is only available during a scan.
Live Monitoring 2-43Menu DescriptionAdjust Markers Allows you to move markers. This menu is available only while visualizing data and clicking a marker when a measurement run is selected. When moving markers, you must first select a marker by clicking once on the marker. Click Move Marker to display a window that explains you must drag the markers to a new location. After clicking OK, drag the markers to a new location.Device Allows you to manipulate devices as follows: • Cut—Cuts a device from the floor plan to be pasted later. • Copy—Copies a device from the floor plan to be pasted later. • Remove—Deletes a device from the floor plan. • Rename AP—Renames it to give it a more descriptive name. • Edit AP BSS List—Views and edits the properties of a device.Location Allows you to manipulate locations while designing by survey as follows: • Cut—Cuts a location from the floor plan which can be pasted later. (Not available while conducting a mini survey.) • Copy—Copies a location from the floor plan which can be pasted later. (Not available while conducting a mini survey.) • Remove—Deletes a location from the floor plan. (Not available while conducting a mini survey.) • Rename—Renames the location to give it a more descriptive name. (Not available while conducting a mini survey.) • Edit BSS List—Views and edits the properties of a location. (Not available while conducting a mini survey.) • Hide data for location—Hides the scanned data for the selected location. The data is only hidden; not removed from Mobile. (Not available while conducting a mini survey.) • Survey for Location—Starts a mini survey for the location. (Not available while conducting a mini survey.) • Add New Location—Adds a new location. (Not available while conducting a mini survey.) • Stop Scan & Add New Location—Stops the current mini survey and adds a new location. This item is only available while conducting a mini survey.
2-44 AirDefense Mobile User Guide 2.8.3 Tools The following tools are available in the Survey tab: Visualize Data button—Displays the heat map of a site survey after a scan or after loading a project file. Also, loads all the frames that have been captured while conducting a survey. Building Wizard button—Accesses the Building Wizard where you can add an image to a floor plan. Zoom Slider—Increases/decreases the image size (down decreases size/up increases size). Short cuts are: • Ctrl-+ to zoom in • Ctrl-- to zoom out • Using the mouse wheel to zoom in or out. Zoom to Fit button —Expands or decreases the floor plan image to fit the size of the floor plan. Pan Floor button—Allows you to move/reposition the image. Print button—Prints the image along with the heat map and map legend. Save As PDF button—Saves the image along with the heat map and map legend in a PDF file. Scale Floor button—Allows you to scale a floor in your floor plan. Add Device button—Adds a device to a floor plan. Once the device has been added, you can move, copy, or delete it. Add new location button—Adds a device to be used with the design by survey feature. Hide Device Scan List button—Removes the Device Scan List from view. PgDn key will also collapse scan list. Show Device Scan List button—Displays the Device Scan List after it has been hidden. PgUp key will also show scan list. Show Legends button—Displays the available legends on the right side of the Mobile window. The legends are used to interpret the colors in a heat map. Hide Legends button—Removes the available legends from view. 2.8.4 Design by Survey The Design by Survey feature is a planning tool for you to use to plan the deployment of your network. It involves taking mini surveys of a single device on a floor by moving the device to different locations on the floor. After completing the mini surveys, you can visualize the collected data in a single heat map similar to a heat map generated using a single survey of multiple deployed devices.
Live Monitoring 2-45Before conducting a site survey, you should develop a strategy.• Decide if you want to design by AP or design by BSS. Designing by AP entails selecting an actual AP and then knowing which channels you want to survey and the MAC addresses of the radios. Designing by BSS entails knowing the MAC address of the BSS.• Decide where you want to place the device. You must conduct a mini survey for every location you want to place a device.• Decide the path that you want to walk for each mini survey. Your walk through should follow a path that gives you the most data.Follow these steps to conduct the mini surveys:1. Select the Design By Survey option. The Design by Survey Configuration Wizard is displayed:2. Select Design by AP or Design by BSS and then click Next. The following window is displayed:
2-46 AirDefense Mobile User Guide 3. If you selected Design by AP, a list of devices is displayed. Select a device and then click Next. The following window is displayed: You must enter values for the 802.11a/n protocol and the 802.11b/g/n protocol. Each protocol has its own set of values. Follow these steps to enter the values for each protocol: a. Enter a channel in the Channel field. b. Select an extension from the Ext dropdown menu. c. Click the Add– button for the BSS field and enter a MAC address for the radio. d. Once you have enter the values for both protocols, click Next. 4. If you selected Design by BSS, click Next. The following window is displayed: You will have to specify the channel(s) that you want to survey and supply the MAC address of the BSS. The MAC address is added in the same way as Design by AP. Click Next.
Live Monitoring 2-475. After completing Step 3 or 4, the following screen is displayed: Click Finish. The first planned AP is placed on the floor plan and is named Loc1. (Each additional location is named Loc2, Loc3, Loc4, etc.) Drag Loc1 to where the actual AP has been placed. NOTE: The current location and the previous locations are distinguished by different colored icons.6. Proceed to the starting point of your mini survey.7. Click the Start– button.8. Click the left mouse button to place your first marker. NOTE: You can remove a marker by right-clicking your mouse and selecting Undo. Undo removes the previous segment placed between markers.9. Walk through your site following your predetermined path.10.As you are walking through your site, place more markers to collect data from the device. NOTE: You only need to add markers when turning corners. Intermediate markers are placed between the current marker and the last placed. Intermediate markers are generated by the Mobile, assuming that you have been moving in a straight line at a constant speed. Also, as you are walking through your site, the device table displays data for the radios. The radio with the strongest signal is displayed first.11.When you get to the end point of your walk, click the Stop– button.12.Move the physical AP to another location.13.Click the Add new location– button and then repeat Steps 6 to 11. Repeat this process until you have completed all of your mini surveys. Remember to move the physical AP for each mini survey.
2-48 AirDefense Mobile User Guide 14.Once you have completed all the mini surveys, you are ready to visualize the data.
Live Monitoring 2-49Visualizing Survey Data explains how to view a heat map of design project. You should get a heat map similarto this one:By default, AP data for all the mini survey locations is visible. All survey heat maps are combined using allAP locations.You will be able to filter the AP locations visible on the floor plan. This allows you to visualize differentcombination of heat maps by removing/adding AP locations from the visualization.When rolling your mouse cursor over the heat map, information about detected devices is displayed. Thisinformation includes:• The location name• The BSS name• The SSID the location device was seen on• The channel the location device was using• The extension channel a location device was using• The RSSI value of the location device• The noise generated by the location device
2-50 AirDefense Mobile User Guide • The data rate the location device was observed using. 2.8.5 Conducting a Site Survey Before conducting a site survey, you should develop a walk through strategy. Your walk through should follow a path that gives you the most data. Keep in mind where your devices are located. Determine the frequency of placing markers. Markers are used as data collection points. Follow these steps to conduct a site survey: 1. Open or create a new project. 2. Proceed to the starting point of your walk through. 3. Click the Start– button. 4. Click the left mouse button to place your first marker. NOTE: You can remove a marker by right-clicking your mouse and selecting Undo. Undo removes the previous segment placed between markers. 5. Walk through your site following your predetermined path. 6. As you are walking through your site, place more markers to collect data from the devices in your site. NOTE: You only need to add markers when turning corners. Intermediate markers are placed between the current marker and the last placed. Intermediate markers are generated by the Mobile, assuming that you have been moving in a straight line at a constant speed. Also, as you are walking through your site, the device table displays data for the devices that are currently visible. The lifetime of a device in this table is twice the scan cycle time from the last observation time. The device with the strongest signal is displayed first.
Live Monitoring 2-51 7. When you get to the end point of your walk through, click the Stop– button. Your project is then ready for visualization.18.104.22.168 Taking Measurements in the Native Scan Mode • There are some things to remember when taking measurements in the Native Scan Mode: • Mobile 6.1 starts up in Native Scan Mode if no supported adapter is detected and there is a wireless card available that is capable of scanning and connecting to a wireless network. • You cannot switch between Native Scan Mode and Promiscuous Scan Mode without restarting Mobile 6.1. • The mode of operation (Analysis/Site Survey/Design by Survey) and the type of scan (Native/ Promiscuous) are shown in the status bar at the bottom of the Mobile window. • Design by Survey projects load in Design by Survey mode by default when opened; however, you can change to/from Design by Survey to/from a regular Site Survey project when required. • Markers should be placed on the floor plan that is equivalent to your current position. • After placing the first marker, Mobile 6.1 will not place another marker until at least one scan result is available for the location. • You should place markers at a distance that are less than the Signal Propagation Assessment distance. • Scan data is limited to the following items: BSS MAC address SSID
2-52 AirDefense Mobile User Guide Channel Channel extension RSSI First/Last seen time Supported protocol Encryption/Authentication (This information is only available while scanning but not while visualizing the data.). 2.8.6 Visualizing Survey Data After conducting a site survey, you will want to analyze the results. Click the Visualize Data button. A heat map is displayed representing the signal strengths of the devices and all frames are loaded in the workspace. Legends are provided to interpret the colors in the heat map. Use the collapsible panel to the right heat map to view the legend. NOTE: You can change the Visualization Mode using the dropdown menu.
Live Monitoring 2-53When rolling your mouse cursor over the heat map, information about detected devices is displayed. Thisinformation includes:• The device name• The SSID the device was seen on• The channel the device was using• The extension channel a device was using• The RSSI value of the device• The noise generated by the device• The data rate the device was observed using.
2-54 AirDefense Mobile User Guide You can click on a data point (previously a marker) to display information in the Device table. The Device table lists devices that are detected when the marker was placed. The device with the strongest signal is listed first while the device with the weakest signal is listed last. A quick and easy way to locate a frame is to access the Frame tab and right-click on a frame. A menu containing Locate Marker is displayed. Selecting Locate Marker will take you back to the Survey tab and highlight the marker where the frame was captured. 2.9 Frame Capture AirDefense Mobile with the Mobile Analysis license automatically saves session frame data in a temporary file. Also, if a survey project is open, frame data is automatically saved when the project is saved. You can save the temporary file to a permanent file on your laptop. To save a file, first stop the session (click Stop button or select Session > Stop) and then select File > Save to display the Save Frame Capture popup window. To save the file on your laptop: 1. Click the Select Destination button– . 2. Navigate to the folder (directory) where you want to save the file. 3. Type a filename and then click Select. The file name along with the path displays in the File field. 4. Click OK. Once the file is saved, you can view it using Frame Capture Analysis. You can access this feature from the File menu. Just select File > Open > Open Capture File to open the saved file.