Packet capture is a technique that enables an application to intercept and log transmissions occurring in a computer network. All NetBeez installations running on version 8.0 will be able to run packet capture on Wi-Fi. When packet capture occurs, the wlan0 interface of a wireless sensor is set in monitor mode. In this mode, the sensor is able to listen to the wire and capture frames being exchanged on one or more user-defined 802.11 channels.
During this operation, the NetBeez sensor pauses real-time and scheduled tests for the duration of the capture process. This is because network interfaces can’t be set to active and passive mode at the same time. At the end of the capture the user can download the captured frames in a pcap file for further analysis, while the sensor resumes its regular network monitoring operations. This feature works in ad-hoc mode, meaning that the start of the packet capture process is initiated by the user. Let’s take a closer look at its benefits and how this feature works in NetBeez.
Packet Capture Benefits
Packet capture is a valuable troubleshooting technique that enables network engineers to capture data flowing between two or more hosts. Wireless engineers often use packet capture to troubleshoot communication errors that occur on a Wi-Fi client, such as when its network connections are temporarily interrupted or, even worse, when it unexpectedly drops off the network. With packet capture, it’s possible to discover bugs of network drivers or other incorrect implementations of network protocols.
Running in Ad-Hoc
Packet capture is available in the ad-hoc tab of the NetBeez dashboard. When selected, the user has to type the agent name, or its IP address, of the sensor where the capture should take place. The user can set the test duration, expressed in seconds, otherwise, it will run for 60. After that, the user can pick the following options:
- Radio Band to select whether the capture should occur on the 2.4 GHz or 5 GHz band
- The Channel Width can be 20 MHz, 40 MHz, or 80 MHz in the case of 5 GHz band
- In the channel selection, the user can pick one or more channels to capture from, using the drop-down menu
- If the user selected one or more channels above, then channel hopping time, expressed in milliseconds, is required as it indicates for how long the packet capture process should listen on each individual channel before moving to the next one (in round-robin fashion)
- Lastly, the user has also the option to add filters in the Optional cli parameters section; a range of filters are available for review in this link.
Once the user has selected the required options, she clicks run, and the capture process begins. The sensor places the wlan0 in monitor mode and captures the frames on one or more channels. During this operation, all real-time and scheduled tests are paused. The following screenshot shows a packet capture in progress.
At the end of the packet capture process, the NetBeez dashboard allows the user to download the pcap file. The user can then open the pcap file with her preferred packet analyzer such as wireshark. Et voila, frames fresh off the air to your desktop 🙂
Conclusion
It’s exciting to see such a feature implemented in NetBeez as we’ve always talked about the importance of active network monitoring in network management. That’s where our entire focus has been so far (and will continue to be). However, with this initial packet capture implementation, we’re ready to bring passive monitoring into our network performance monitoring and troubleshooting solution.
