Have you ever opened a packet capture file in WireShark? The .pcap (short for Packet Capture) is the most ubiquitous file format for logging network traffic and can be used by almost any network analysis tool. It also displays huge amounts of data that you have to scroll through to find problems with your network.
Packet capture analysis is an essential piece of successful wireless networking. If you haven’t drilled down to the packet level to find a rogue AP, identify the top talkers, count retransmits or understand the % of network bandwidth traveling between bytes, packets or time – you’ll find that there are a lot of ways to export wireless data into a handy .pcap file. You can export from a Mac running OS X Lion. Or from a Linux system, you can use WireShark, TCPDump, Kismet, Aircrack-NG and many more. And for Windows, use Riverbed’s AirPcap Nx with WireShark or Cascade Pilot. However, all these tools leave something to be desired when it comes to analyzing the data.
Many networking hardware vendors have implemented the ability to download a packet capture file from their devices to provide deep frame analysis. Companies like Cisco, Aruba, Meru, Ruckus, Aerohive, and Xirrus know how important it is for people to understand what is happening with their wireless network. However, it’s still very hard to figure out what all the information is telling you in a .pcap file.
Another layer of complication within packet analysis is that within five minutes you could capture over 400,000 packets – all wirelessly. To find the source of a problem using the most readily available tool, WireShark, you need to have a deep understanding of filters and stellar scrolling skills for all the work you’ll be doing with your mouse … the lines of data are long and extensive.
Well, scroll no more. MetaGeek is bringing its innovative visualization expertise to packet analysis! We want to invite you to watch the live-stream unveiling of our new wireless packet visualization tool at Wireless Tech Field Day on January 26th.