The first presenter at Wireless Field Day 3 was [WildPackets](http://www.wildpackets.com). The other delegates and I were shuttled to their headquarters in Walnut Creek, Ca. Upon arrival, we were led into a conference room and greeted by Mandana, the Senior Program Manager at WildPackets. Before getting into the technical details we were given a brief overview and history of the company (including a story and brief video of how their headquarters burned to the ground in 2002 but the company pushed on and continued to thrive).
Company Time Line
1990: WildPackets is founded as a network protocol analysis provider
2001: First 802.11 network analyzer
2003: Distributed real-time troubleshooting
2005: Combined distributed network and VoIP network analysis
2008: Enterprise wireless monitoring and reporting (Netflow and Sflow support)
2009: Dashboard with drill-down for VoIP and video analysis
2010: Timeline introduced, first to achieve 11Gbps sustained capture-to-disk
2011: First to support capture and analysis of 802.11n 3-stream with zero packet loss
And today they announced…
2012: Omnipeek 7 for wireless, first analyzer to support 802.11ac,k,r,u,v,w
As you can see from their history, Wildpackets specializes in network/application performance monitoring and management and has been at it for a while. Their products have many use cases within any network (application monitoring, distributed network analysis, baselining, forensics, security, and more) and have over 2,000 customers in 60 countries and all industrial sectors using their hardware and/or software. However, the reason they brought Wireless Field Day in was to show off the newest version of their wireless network analysis tool, Omnipeek.
At this point we were introduced to Jay Botelho, Director of Product Management, who went through a few small slides quickly so he could get right into the product demo. The slides were a little more history, a little bit of marketing (not too much though), and some information about what WildPackets does.
Omnipeek 7 Demo:
Jay started with a multi-channel capture of the room. This was done by aggregating the adapters connected to his system into a logical capture device, each physical adapter listening to a different channel. As expected, they utilize in-house developed drivers which means you have to be using a supported adapter, but you can aggregate different supported cards into a single logical capture card. There are minor limitations with this method insofar as the abilities of the computer you are using (e.g. if you have too many adapters on a single USB hub and capturing all of the 802.11n traffic in the air, you’re going to run into some issues get all that data onto your disk). In the interface you will see all kinds of information easily displayed.
During our demo, when Jay pulled up the capture we could see a live view of the device type (STA, AP, ESSID, etc.), channel, band, encryption type, trust level (known vs. unknown), signal, noise, and bytes. At one point we were shown a packet capture that was taken from both sides of the AP (or controller depending on architecture). There was a wired and a wireless file for this data flow. He opened up the wired side capture and then was able to bring up the wireless side capture in a side-by-side comparison which lined up the corresponding packets (pictured to the right), a handy little trick for locating and correlating trouble within your infrastructure.
Another trick that was demonstrated was the peer map. An example was given of a conference with wireless that was completely unusable. The capture was taken and it was noticed that there was high utilization by a single client. From there, you could focus on that device and by opening the “Peer Map” tab, see all communications to other clients (pictured to the right). In this instance, the troublesome client appeared to either be malfunctioning or running some sort of malicious software that was using up a majority of the air time and preventing other users from being able to use the network.
This is a forensic analysis tool for searching and finding problems within the wireless network. When you first open a capture file, you are presented with a high level, interactive timeline that allows you to filter based on node, time range, protocols, and more. You can continue drilling down as you apply filters and eventually get to the root of your issues. In the first high level view, you are immediately presented with the top nodes, top protocols, client information, and a live graph that displays any number of selectable views (throughput, packets, client signal, etc). From there you can go deeper in the “Expert Events” which allow you to see specific network events such as interference, physical errors, and retries which is connected directly back to the packet captures for easy correlation.
VoIP/VoWifi and Video Analysis:
This was pretty wild. Omnipeek was able to take a call in progress and capture the data, showing jitter, latency, and a lot of other data that voice nerds would drool over. One thing that really stood out was the ability to very easily play back calls that were made during the capture. That’s a little scary on the security/privacy side but Jay informed us it could be disabled via registry values if needed to comply with company policy or government regulations.
If you want to see more, including a demo of roaming analysis (with an interesting way of calculating roam times), remote analysis, and some forensic demonstrations, check out the video below!