AiroPeek NX 2.0.2 Readme Welcome to AiroPeek NX for Windows! This file includes important, updated information for users of AiroPeek for Windows. The information is more current, in some cases, than that provided in the User's Manual or online help files. Please read this information carefully. INSTALLATION NOTES IMPORTANT! If you are upgrading from an earlier version of AiroPeek, you should remove it before installing this release. The installer can do this for you automatically. To remove AiroPeek manually, open the "Add/Remove Programs" control panel, select the program and click the "Add/Remove" button. Any files created after installation, including free plug-ins downloaded from our website, may need to be deleted manually. If you've installed the capture driver in the Network Control Panel, uninstall it from the Network Control Panel and reboot. For local wireless packet capture, AiroPeek NX requires the installation of a special NDIS driver for a supported network adapter. Look in the "Driver" folder for a driver for your card and installation instructions. Due to possible incompatibilities with the device drivers, we recommend that you uninstall any other versions of AiroPeek or AiroPeek NX. You must install the latest drivers even if you've installed earlier versions of the program. This will ensure compatibility and will provide new features, such as dBm measurements for those drivers that support it. Rogue Client and Access Diagnostics- As all devices have the default of "Unknown," the Rogue Client and Rogue Access Point event diagnoses in AiroPeek NX will automatically be triggered upon the start of a capture. This is true until you begin to identify the trust state of the nodes throughout your network. SUPPORTED NETWORK ADAPTERS AiroPeek NX supports the following 802.11 multi-band cards: - D-Link AirPro DWL-AB650 Multimode Wireless Cardbus Adapter (A/B) - D-Link AirXpert DWL-AG650 Wireless Cardbus Adapter (A/B/G) - Linksys Dual Band Wireless A+B Notebook CardBus Adapter (A/B) - Linksys Dual Band Wireless A+B Notebook MiniPCI Adapter (A/B) - Linksys WPC55AG Dual-Band Wireless A+G Notebook Adapter (A/B/G) - NetGear WAB501 Dual Band Wireless Adapter (A/B) - NetGear WAG511 802.11a/b/g Dual Band Wireless PC Card (A/B/G) - ORiNOCO 8460 Gold 802.11a/b ComboCard (A/B) - ORiNOCO 8480 Gold 802.11a/b/g ComboCard (A/B/G) - ORiNOCO 8481 Silver 802.11a/b/g ComboCard (A/B/G) - SMC EZ Connect 2.4Ghz/5Ghz Universal Wireless Cardbus Adapter (2335W) (A/B) - SMC EZ Connect Universal 2.4GHz/5GHz Wireless Cardbus Adapter SMC2336W-AG (A/B/G) AiroPeek NX supports the following 802.11g cards: - D-Link AirPlus Xtreme G DWL-G650 Adapter (Rev. B1 only; Rev. A1 not supported) - D-Link AirPlus Xtreme G DWL-G520 Adapter AiroPeek NX supports the following 802.11a cards: - Cisco Systems AIR-CB20A Wireless LAN PC Card - D-Link AirPro DWL-A650 Wireless Cardbus Adapter - D-Link AirPro DWL-A650 rev.B Wireless Cardbus Adapter - Intel(R) PRO/Wireless 5000 LAN Cardbus Adapter - Intel(R) PRO/Wireless 5000 LAN 3A Mini PCI Adapter - LinkSys Instant Wireless PC Card (WPC54A) - NetGear HA501 Wireless Adapter - Proxim Harmony 802.11a Network Adapter (Model 8450) - Proxim Skyline 802.11a Network Adapter (Model 4030) - SMC EZ Connect 802.11a Wireless Cardbus Adapter (2735W) - Sony 802.11a Wireless LAN Adapter (PCWA-C500) AiroPeek NX supports the following 802.11b cards: - 2Wire Wireless PC Card - 3Com 3CRWE737 AirConnect Wireless LAN PC Card - Avaya Wireless PC Card - Agere/Lucent ORiNOCO Wireless LAN PC Card - Agere/Lucent ORiNOCO Wireless LAN Mini PCI - Buffalo WLI-PCM-L11/GP Wireless LAN Adapter - Buffalo WLI-PCM-L11G Wireless LAN Adapter - Cisco Systems 340 or 350 Series Wireless LAN PC Card - Cisco Systems AIR-MP20B Wireless Mini PCI Card - Cisco Systems MPI350 Wireless Mini PCI Card - Compaq WL110 PC Card - connect2Air WLAN E-1100 PC-Card - Dell TrueMobile 1150 Series Mini PCI Card - Dell TrueMobile 1150 Series PC Card - D-Link Air DWL-660 Wireless PC Card - ELSA AirLancer MC-11 - ELSA Vianect WLAN MC-11 - Ericsson DSSS Wireless LAN PC Card - Fujitsu 802.11b Wireless LAN Adapter (A) - I-Gate 11M PC Card - Intel(R) PRO/Wireless 2011 LAN PC Card - Joynet WLAN PC Card - LANCOM Systems AirLancer MC-11 - NCR WaveLAN/IEEE PC Card - NEC Corporation Wireless PC Card - Nortel Networks e-mobility 802.11 Wireless LAN PC Card Card - Onair PC Card (INT) - Onair PC Card (EMB) - RoamAbout 802.11 DS (Enterasys) - Samsung SEW-2001p Card - Samsung SEW-2001m Card - Skyward PC Card - Sony PCWA-C100 Wireless PC Card - Sony PCWA-C150 Wireless PC Card - SPEED TOUCH PC Card - Symbol Spectrum24 11 Mbps DS Wireless LAN PC Card - Toshiba Wireless LAN Mini PCI Card - Toshiba Wireless LAN PC Card - WARPSTAR WL11C (PC-WL/1C) - Westell 802.11b PC Card - Xircom Wireless Ethernet Adapter Some configurations may require specific firmware and/or client manager versions. Refer to the driver installation instructions for more information. UNINSTALLATION NOTES To remove AiroPeek NX, open the "Add/Remove Programs" control panel, select "WildPackets AiroPeek NX 2.0.2" and click the "Add/Remove" button. All files created during the installation will be removed; however, you may need to manually delete the AiroPeek NX folder to remove files created after installation. If you've installed the PEEK capture driver in the Network Control Panel, uninstall it from the Network Control Panel and reboot. Reinstall the vendor-provided adapter drivers for your network adapter. PRODUCT DOCUMENTATION Please read the AiroPeek NX Quick Tour for an overview of the features of AiroPeek NX. The Online Help is available from the Help menu within the program. A pdf of the User Manual, with full descriptions of the features and functionality of AiroPeek NX, can be found in the Documents directory in the 1033 folder under the directory in which you installed AiroPeek NX. A pdf of the RFGrabber Probe User Manual is also available in this location, as well as the Peek SDK folder. (Note: Demo and Eval versions of AiroPeek NX do not contain a pdf of the User Manual or the Peek SDK folder.) NEW FIXES AND ENHANCEMENTS IN AIROPEEK NX 2.0.2 - Enhanced Signals graph shows Min, Max, Average, and Last signal strengths per channel - SSID tree more intelligently discovers node ESSID/BSSID - Support for 802.11g RFGrabber Distributed WLAN Analysis Probes - Fixed bug using multiple captures with RFGrabber - Fixed Atheros turbo mode - Added regulatory domains to Cisco mini PCI, CardBus 802.11a, Atheros AB/ABG cards - BSSID and ESSID channel scanning now works for all cards - Fixed bug which caused Save Selected to fail when using a combo AB/ABG card - Fixed bug which caused 802.11 Analysis module to fail to correctly report 54Mbps traffic NEW FIXES AND ENHANCEMENTS IN AIROPEEK NX 2.0.1 - Fixed bug which caused Expert to not correctly track conversations when capturing with A/B/G combo cards NEW FEATURES AND ENHANCEMENTS IN AIROPEEK NX 2.0 - Support for RFGrabber Distributed WLAN Analysis Probe - Improved 802.11 Nodes view includes SSID Tree which displays the hierarchical view of wireless associations - Display of new support for “trust” identification in the name table - Column for type of Authentication and Encryption in use - Channel signal strength column by percentage or new dBm value - Improved monitoring and graphing inherited from EtherPeek NX 2.0 - Trending/historical statistical output - Multiple NIC support allowing the simultaneous analysis of multiple channels - Trace file annotation - Improved protocol identification (ProtoSpecs engine), with ability to identify tunneled protocols - New signal, noise, and signal/noise ratio Graphs - New Send functionality - New compressed packet file format reduces size of packet traces - Unified Capture Options dialog greatly eases capture configuration - Unified Options dialog eases application configuration NEW WIRELESS EXPERT FEATURES IN AIROPEEK NX 2.0 - Ad-hoc Communication Detected - AP Association Attack - Authentication Attack - AP not Configured - AP not Using WEP - AP with Weak Signal Strength - AP Broadcasting SSID - AP Restarted - Association Denied - Authentication Problem - High Access Point CRC Percentage at Capture Location - High Station CRC Percentage at Capture Location - Rogue Access Point - Rogue Client - Same Transmitter and Receiver Address - Station Reassociation Denied - Too Many Simultaneous Access Points on Channel - Transmitter has Broadcast Address - Transmitter has Multicast Address - Weak Station Signal at Capture Location - EAP Failure - Deauthentication - Deauthentication Attack - Station using AP MAC Address NEW/IMPROVED PACKET DECODERS IN AIROPEEK NX 2.0 - BACnet- Building Automation and Control Networks - GARP/GVRP/GMRP - GPRS/GTP - IP Mobility - iSCSI - LPD- Line Printer Daemon - MSN Messenger - VoIP- Q.850, H.245 - RSTP- Rapid Spanning Tree - SSDP- Simple Service Discovery Protocol - TALI- Transport Adapter Layer Interface - TKIP- WPA/SSN - LDAP- GSS - PPP - TNS - MAPI - Yahoo Messenger - WTP + WSP TECHNICAL TIPS AND ADDITIONAL PRODUCT INFORMATION 1. Recommended system requirements 600 MHz processor, 256 MB RAM Windows XP (Service Pack 1 or later) or Windows 2000 (Service Pack 3 or later) Supported wireless network adapter Microsoft Internet Explorer 5.5 or later required 2. AiroPeek NX connections to an RFGrabber probe RFGrabber was designed to capture from one AiroPeek or AiroPeek NX at a time. If you need to connect with a different copy of AiroPeek or AiroPeek NX, you can do so. This will interrupt the capture with the other copy of AiroPeek or AiroPeek NX . 3. Error packet handling in AiroPeek NX All error packets are processed by Network, Summary, Size, and History statistics. However, in Network statistics, error packets only count for total packet and byte count, not for broadcast and multicast counts. Node, Protocol, and Channel Statistics do not process error packets. Only the "802.11 Analysis" module currently processes error packets. Most summary statistics information comes from plug-ins. 4. Windows XP and Windows 2000 users need appropriate permissions to load/unload device drivers and to capture packets If permissions are insufficient, you may see a message that the adapter could not be opened. It is best to solve this problem by using an account with administrator privileges to capture packets with AiroPeek NX. If you need to allow non-administrative users to capture packets, you can install the Peek driver module into the Network Control Panel. This will allow non-administrative users to capture packets with AiroPeek NX. See the Peek Driver module ReadMe for installation details. 5. Incompatible with "Large Fonts" settings If the text in windows captions appears truncated or windows are cut off, you may have "Large Fonts" enabled. Return the setting to "Small Fonts" to correct this problem. Change the "Font Size" setting by clicking the "Advanced" button in the Display Control Panel's "Settings" tab. 6. Statistics Menu Name Change. Statistics menu has been renamed to Monitor. References to Global Statistics have been renamed to Monitor Statistics. 7. Chart FX Properties Dialog The Chart FX Properties dialog contains many charting options unavailable in other AiroPeek NX dialogs: - Color and weight of border lines - Width and shape of bars (bar chart only) - Grid lines and tick marks for X and Y axes - 3D - Colors for individual statistics in a multiple-statistic graph - depth, angle, and perspective To see the Chart FX Properties dialog, double-click the chart area of any graph in the Graphs tab of a capture or file window. The Chart FX Properties dialog contains bugs. The dialog makes available many options that have no effect on AiroPeek NX graphs, such as Color Palette. Other options such as Cluster/Z-Axis have temporary effect, lost as soon as you switch to another graph, or exit AiroPeek NX. Some options freeze or crash AiroPeek NX, such as Color Scheme. To minimize the potential for lost capture data, WildPackets recommends setting up graphs before capturing critical data. Set up your graphs while capturing sample data, or while working with saved packet files. Once your graphs are set up, avoid the Chart FX Properties dialog during critical capture sessions. 8. Send functions use adapter that is not capturing All Send functions (e.g., commands in the Send menu and Send window) send packets via a selected wireless adapter, one which is currently not being used to capture packets. 9. Use of Cisco cards for local analysis. There are known issues with the use of WEP decryption on Cisco Wireless adapters. These relate to an issue with the firmware which we have received assurances from Cisco will be addressed in an upcoming firmware update. Please see the Cisco Driver Readme for more information. 10. Using RFGrabber with NAT Please refer to our support FAQs at http://www.wildpackets.com/support/knowledge_base/ rfgrabber. ------------------------------------------------------ WildPackets, Inc. 1340 Treat Blvd., Suite 500 Walnut Creek, CA 94597 USA (925) 937-3200 http://www.wildpackets.com/support/contact Copyright © 2001-2003 WildPackets, Inc. All rights reserved.