WildPackets
go
Solutions
Products
Support
Resources
News & Events
Partners
Buy Now
 
White Papers
Video How-To's
Product Tips and Tricks
 
Networking Glossary
Networking Links
Free Utilities
  

OmniPeek Remote Adapters

Click a link below to learn more about the remote adapters available with OmniPeek.

Aruba Remote Adapter

Contents

Introduction

The Aruba Remote Adapter allows existing Aruba managed APs to be temporarily converted to packet capture devices, forwarding all of their packets back to OmniPeek via TCP/IP over the wired network. Rapid access to packets anywhere in the wireless network is just a few clicks away since OmniPeek can started directly from the Aruba software management system. The Aruba Remote Adapter with OmniPeek allows for packet streams from multiple Aruba APs to be aggregated within a single OmniPeek capture, simplifying data collection and analysis, allowing you to view all wireless data including channels 1, 6 and 11 simultaneously, or allowing you to monitor the roaming of wireless clients from one AP to the next.

OmniPeek Configuration

Before you can begin capturing packets using the Aruba Remote Adapter (from an Aruba access point), make sure the Aruba Remote Adapter is enabled in OmniPeek (enabled by default).

To enable the Aruba Remote Adapter in OmniPeek:

  1. In OmniPeek, choose Tools > Options. The Options dialog appears.
  2. Select the Analysis Modules option.
  3. Select the Enabled check box for the Aruba Remote Adapter entry.
  4. Click OK.

Important: On the OmniPeek computer, use the ipconfig command to obtain the computer’s IP address and Gateway IP. You will need this information when configuring the Aruba access point to send packets, as explained below.

Capturing Packets from Aruba Access Points

Capturing packets from Aruba access points begins like you begin a capture from any other adapter in OmniPeek; however, packets will not populate the capture window until the Aruba access point begins sending packets to the OmniPeek computer as noted below.

To capture packets from Aruba access points:

  1. Create a new capture window in OmniPeek. The Capture Options dialog appears
  2. Select the Adapter options.
  3. Double-click New Remote Adapter below the Module: Aruba Remote Adapter entry. The Aruba Remote Adapter Properties dialog appears.
  4. Enter a Name and Port for the Aruba adapter. The name can be anything, but leave the port number set to 5000 (the default port number used by Aruba access points).
  5. Click OK to close the Aruba Remote Adapter Properties dialog.
  6. Select the new adapter and click OK to close the Capture Options dialog. A new capture window appears that has a Start / Stop Aruba Capture button in the upper right corner.
  7. Click the Start Aruba Capture button. Packets will not populate the capture window until the Aruba controller begins sending packets to the OmniPeek computer as described in Configuring the Aruba Access Point to Send Packets below.
  8. Click the Stop Aruba Capture button to stop capturing packets. No additional packets are allowed into the capture buffer.
  9. The Aruba access point will continue sending packets to the OmniPeek computer until the Aruba controller is configured to stop sending packets. Packets not accepted into the capture window buffer are returned as ICMP packets.

Important: When you want to stop sending packets, you must configure the Aruba controller to stop sending packets; otherwise, the OmniPeek computer will send an ICMP Destination Port Unreachable for every incoming packet received. This will impact the performance of the OmniPeek computer and possibly your network. See Configuring the Aruba Access Point to Send Packets below.

Configuring the Aruba Access Point to Send Packets

In an Aruba wireless deployment, Aruba access points can be configured to provide either Access Point (AP) or Air Monitor (AM) functionality. An Aruba access point operating as an Air Monitor will allow you to send packets from the access point to the OmniPeek computer. This section describes how to enable Air Monitor functionality on an Aruba access point, and then how to begin sending packets.

To send packets from an Aruba access point to the OmniPeek computer:

Note: Depending on your Aruba controller, the following instructions may differ slightly.

  1. Open a web browser and connect to the Aruba controller using the appropriate IP address.
  2. Login to the Aruba controller.
  3. In the Monitoring view, select the WLAN access point(s) you wish to operate as an Air Monitor.
  4. In the Access Point tab, select the access point and click the Packet Capture button.
  5. Click the BSSID Address that has the desired Radio Type.
  6. Click the New Raw Packet Capture button.
  7. In the Raw Packet Capture section, select AiroPeek, enter the target IP address (OmniPeek computer), Port, Channel, and Radio Type.
    Note: Make sure the Channel is appropriate for the Radio Type you selected.
  8. Click the Start button. Packets begin populating the OmniPeek capture window.

Important: When you want to stop sending packets, you must configure the Aruba access point to stop sending packets; otherwise, the OmniPeek computer will send an ICMP Destination Port Unreachable for every incoming packet received. This will impact the performance of the OmniPeek computer and possibly your network.

To stop sending packets from an Aruba access point to the OmniPeek computer:

  1. Login to the Aruba controller.
  2. In the Raw Packet Capture section, select the check box of the access point you wish to stop sending packets.
  3. Click the Stop button.

Known Issues

  • You will receive a "Socket Error" if you configure two or more Aruba remote adapters. This is due to the default Adapter Port value being set to Port 5000. Currently, OmniPeek cannot multiplex the port; however, you can configure an Aruba remote adapter and the Aruba access point to use a different Port value (e.g., Port 5001) to send and receive data. This allows you to have two captures going from two different adapters simultaneously using two unique Ports.
  • Real-time decryption is not supported on Aruba captures. Post-capture decryption (Tools > Decrypt WLAN Packets); however, are supported.
  • When manually creating captures, the 802.11 capture options are not functional, as these functions are defined in the external hardware.
  • Aruba captures contain packets with a 0 Data Rate value.
  • Network utilization statistics in OmniPeek do not change based on the adapter speed configured on the Aruba Remote Adapter.

Cisco Remote Adapter

Contents

Introduction

The Cisco Remote Adapter allows existing Cisco managed APs to be temporarily converted to packet capture devices, forwarding all of their packets back to OmniPeek via TCP/IP over the wired network. Rapid access to packets anywhere in the wireless network is just a few clicks away. The Cisco Remote Adapter with OmniPeek allows for packet streams from multiple Cisco APs to be aggregated within a single OmniPeek capture, simplifying data collection and analysis, allowing you to view all wireless data including channels 1, 6 and 11 simultaneously, or allowing you to monitor the roaming of wireless clients from one AP to the next.

OmniPeek Configuration

Before you can begin capturing packets using the Cisco Remote Adapter (from a Cisco access point), make sure the Cisco Remote Adapter is enabled in OmniPeek (enabled by default).

To enable the Cisco Remote Adapter in OmniPeek:

  1. In OmniPeek, choose Tools > Options. The Options dialog appears.
  2. Select the Analysis Modules option.
  3. Select the Enabled check box for the Cisco Remote Adapter entry.
  4. Click OK.

Important: On the OmniPeek computer, use the ipconfig command to obtain the computer’s IP address. You will need this information when configuring the Cisco access point to send packets, as explained below.

Capturing Packets from a Cisco Access Point

Capturing packets from Cisco access points begins like you begin a capture from any other adapter in OmniPeek; however, packets will not populate the capture window until the Cisco access point begins sending packets to the OmniPeek computer as noted below.

To capture packets from Cisco access points:

  1. Create a new capture window in OmniPeek. The Capture Options dialog appears
  2. Select the Adapter options.
  3. Double-click New Remote Adapter below the Module: Cisco Remote Adapter entry. The Cisco Capture Adapter Properties dialog appears.
  4. Enter a Name and IP address for the Cisco access point. Leave the IP address blank if you want to capture from any access point.
  5. Click OK to close the Cisco Capture Adapter Properties dialog.
  6. Select the new adapter and click OK to close the Capture Options dialog. A new capture window appears that has a Start / Stop Cisco Capture button in the upper right corner.
  7. Click the Start Cisco Capture button. Packets will not populate the capture window until the Cisco controller begins sending packets to the OmniPeek computer as described in Configuring the Cisco Access Point to Send Packets below.
  8. Click the Stop Cisco Capture button to stop capturing packets. No additional packets are allowed into the capture buffer.
  9. The Cisco access point will continue sending packets to the OmniPeek computer until the Cisco controller is configured to stop sending packets. Packets not accepted into the capture window buffer are returned as ICMP packets.

Important: When you want to stop sending packets, you must configure the Cisco controller to stop sending packets; otherwise, the OmniPeek computer will send an ICMP Destination Port Unreachable for every incoming packet received. This will impact the performance of the OmniPeek computer and possibly your network. See Configuring the Cisco Access Point to Send Packets below

Configuring the Cisco Access Point to Send Packets

In a Cisco wireless deployment, Cisco access points can be configured to provide either Access Point (AP) or Sniff mode functionality. A Cisco access point operating in Sniff mode will allow you to send packets from the access point to the OmniPeek computer. This section describes how to enable Sniff mode functionality on a Cisco access point, and then how to begin sending packets.

To send packets from a Cisco access point to the OmniPeek computer:

Note: Depending on your Cisco controller, the following instructions may differ slightly.

  1. Open a web browser and connect to the Cisco controller using the appropriate IP address.

  2. Login to the Cisco controller.
  3. In the Access Point Summary section of the Monitor view, click Detail for the Radio you wish to operate in Sniff mode.
  4. Click Configure for the radio.
  5. In the Sniffer Channel Assignment section, select the Sniff check box.
  6. Select the channel you wish to "Sniff" and enter the IP address of the OmniPeek computer.
  7. Click the Apply button. Packets begin populating the OmniPeek capture window.

Important: When you want to stop sending packets, you must configure the Cisco access point to stop sending packets; otherwise, the OmniPeek computer will send an ICMP Destination Port Unreachable for every incoming packet received. This will impact the performance of the OmniPeek computer and possibly your network.

To stop sending packets from a Cisco access point to the OmniPeek computer:

  1. Login to the Cisco controller.
  2. In the Sniffer Channel Assignment section, clear the Sniff check box.

Known Issues

  • When manually creating captures, the 802.11 capture options are not functional, as these functions are defined in the external hardware.
  • Real-time decryption is not supported on Cisco captures. Post-capture decryption (Tools > Decrypt WLAN Packets); however, is supported.

AirTight Remote Adapter

Contents

Introduction

The AirTight Remote Adapter extends the capability of the AirTight Wireless Intrusion Detection and Prevention System (IDS/IPS) by integrating with WildPackets OmniPeek for detailed network analysis and troubleshooting. Any AirTight sensor can be placed into packet capture mode, forwarding all of their packets back to OmniPeek via TCP/IP over the wired network. Rapid access to packets anywhere in the wireless network is just a few clicks away since OmniPeek can be started directly from the AirTight software management system.

OmniPeek Configuration

Before you can begin capturing packets using the AirTight Remote Adapter (from an AirTight sensor), make sure the AirTight Remote Adapter is enabled in OmniPeek (disabled by default).

To enable the AirTight Remote Adapter in OmniPeek:

  1. In OmniPeek, choose Tools > Options. The Options dialog appears.
  2. Select the Analysis Modules option.
  3. Select the Enabled check box for the AirTight Remote Adapter entry.
  4. Click OK.

Capturing Packets from an AirTight Sensor

In an AirTight wireless deployment, an AirTight sensor must operate in troubleshooting mode in order to send packets that can be captured from the OmniPeek computer. This section describes how to enable the troubleshooting mode using the "Auto" or "Other" on an AirTight sensor, and then how to begin capturing packets.

To capture packets from an AirTight sensor using the "Auto" feature:

  1. Log on to the SpectraGuard console via the web page.
  2. On the navigation bar, select Devices.
  3. Under Selected Location:, select Sensors.
  4. From the list of sensors displayed in green, right-click the sensor you would like to troubleshoot and select Start Troubleshooting. The Troubleshooting Options for Sensor dialog appears.
  5. From the Troubleshooting Options for Sensor dialog, configure the options and click Start Troubleshooting. The Confirm dialog appears.
  6. Click the OmniPeek button on the dialog. OmniPeek will automatically launch, create a new capture window (with a Start / Stop AirTight Capture button in the upper right), and begin capturing packets with the selected AirTight sensor configured as the capture adapter. The wireless packet capture proceeds until either the AirTight sensor times out, or until you click the Stop AirTight Capture button.

    Important: If the AirTight sensor is located behind NAT (Network Address Translation), the Sensor IP address noted on the AirTight Confirm dialog will be incorrect. You will need to click the “Other” button on the Confirm dialog and manually configure the correct Sensor IP address (outside of NAT) and Interface in the OmniPeek AirTight Remote Adapter Properties dialog, as described below.

To capture packets from an AirTight sensor using the "Other" feature:

  1. Log on to the SpectraGuard console via the web page.
  2. On the navigation bar, select Devices.
  3. Under Selected Location:, select Sensors.
  4. From the list of sensors displayed in green, right-click the sensor you would like to troubleshoot and select Start Troubleshooting. The Troubleshooting Options for Sensor dialog appears.
  5. From the Troubleshooting Options for Sensor dialog, configure the options and click Start Troubleshooting. The Confirm dialog appears.
  6. Click the Other button on the dialog.
  7. Go to OmniPeek and create a new capture window. The Capture Options dialog appears
  8. Select the Adapter options.
  9. Double-click New Remote Adapter below the Module: AirTight Remote Adapter entry. The AirTight Remote Adapter Properties dialog appears.
  10. Enter a Name, Sensor IP, and Interface for the AirTight sensor.
  11. Click OK to close the AirTight Remote Adapter Properties dialog.
  12. Select the new adapter and click OK to close the Capture Options dialog. A new capture window appears that has a Start / Stop AirTight Capture button in the upper right corner.
  13. Click the Start AirTight Capture button. Wireless packets begin populating the AirTight capture window. The wireless packet capture proceeds until either the AirTight sensor times out, or until you click the Stop AirTight Capture button.

Known Issues

  • Wireless noise values are not supported in AirTight captures.
  • Every time you stop and start an AirTight capture you must stop and restart sensor troubleshooting from the AirTight console. One way to get around this is to start a second capture (i.e., In OmniPeek, create a new capture and select the AirTight sensor in the Adapter capture options) for a given sensor while the initial capture is still running. You can start and stop as many extra simultaneous captures for a sensor as you wish so long as the initial capture is kept running.
  • For AirTight captures, the "Packets Dropped" field in the OmniPeek Summary view will always be zero.
  • When manually creating captures, the 802.11 capture options are not functional, as these functions are defined in the external hardware.
  • Real-time decryption and post-capture decryption (Tools > Decrypt WLAN Packets) are not supported on AirTight captures.

SNMP Trap Adapter

Contents

Introduction

The SNMP Trap Adapter allows OmniPeek to correlate network events from other devices with network events generated by OmniPeek. The remote adapter extends the reach of OmniPeek by allowing it to receive real-time information from third-party applications or devices. The SNMP Trap Adapter is available for download and installation from MyPeek.

OmniPeek Configuration

Before you can begin capturing SNMP traps from a third-party application or device, make sure the SNMP Trap Adapter is installed and enabled in OmniPeek.

To enable the SNMP Trap Adapter in OmniPeek:

  1. Download and install the SNMP Trap Adapter from MyPeek.
  2. In OmniPeek, choose Tools > Options. The Options dialog appears.
  3. Select the Analysis Modules option.
  4. Select the Enabled check box for the SNMP Trap Adapter entry.
  5. Click OK.

Note: Additional configuration may be required by the third-party application or device.

Important: On the OmniPeek computer, use the ipconfig command to obtain the computer’s IP address. You will likely need this information when configuring the third-party application or device.

Windows SNMP Software

On the machine running OmniPeek you will need to install the SNMP Management and Monitoring Tools Windows Component.

To install the Windows SNMP software:

  1. In Windows Control Panel, double-click Add or Remove Programs.
  2. In the left-hand column of options, choose Add/Remove Windows Components.
  3. A Windows Components Wizard window appears.
  4. Select Management and Monitoring Tools.
  5. Click the Details button. The Simple Network Management Protocol and WMI SNMP Provider options must be enabled.
  6. Click OK.
  7. Click Next. You may be asked to insert the Windows install CD.

Receiving SNMP Trap Messages from Third-party Applications or Devices

Certain management applications can send SNMP traps to the address of the machine running OmniPeek, and then post an entry in Summary Statistics. To receive SNMP trap messages, begin a capture using the SNMP Trap Adapter in OmniPeek.

Note: Please refer to the documentation for the management application sending the SNMP traps for configuration details.

Tip: You can set a trigger in OmniPeek to start a capture whenever it receives a trap. This works by creating an advanced filter using Analysis Module/SNMP Trap Adapter. Refer to OmniPeek online help for instructions on creating advanced filters and triggers.

  
 
Join MyPeek
Product Support
Product Tips and Tricks
Intra-Chassis Virtualization Capture and Analysis
In today's networks, many organizations have moved heavily towards using virtualization solutions to alleviate many headaches associated to stand-alone systems, like the overhead of management, power efficiency, physical space, and overall costs. But with that move from physical to virtual, one thing that often gets somewhat overlooked is the network traffic, especially the traffic between those machines that you just put in a virtual environment. After all, you just eliminated virtually all network latency! What is happening in there?!
WildPackets Forum
Discussion forum for WildPackets products and general networking issues.
view the forum »
Custom Integration & Engineering
WildPackets understands that one size does not fit all. Moreover, we all face new challenges every day. WildPackets Custom Engineering performs software development and systems integration, complementing WildPackets products and enhancing the capabilities of Network Operations Centers.
Learn more »
Network Analysis & Consulting
WildPackets offers a full spectrum of professional services, available remote and on-site. Our network engineers provide expertise for your network troubleshooting, capacity planning, or baseline performance analysis needs.
Learn more »
Blog              Forum              MyPeek              Site Map              Privacy Statement              Contact Us            Follow us on Twitter
COPYRIGHT © 2010 WILDPACKETS, INC — All registered and unregistered trademarks are the sole property of their respective owners