The present invention relates generally to computerized communication networks for permitting computers to communicate with each other in an organized manner, and more particularly to a network troubleshooting tool for detecting, diagnosing, and repairing network failures, which tool includes a method for capturing, analyzing and displaying detailed information about data packets or frames transmitted across a wireless communications network such as IEEE802.11 local area network (LAN).
Over the years, the wireless communication field enjoyed tremendous growth and popularity. Wireless technology now reaches or is capable of reaching nearly every place on the face of the earth. Hundreds of millions of people exchange information every day using pagers, cellular phones, and other wireless communication devices. With the success of wireless telephony and messaging services, wireless technology has also made significant inroads into the area of personal and business computing. Without the constraints imposed by wired networks, network users can move about almost without restriction and access a communication network from nearly any location, enabling wireless transmission of a variety of information types including data, video, voice and the like through the network.
Many different forms data communication protocols have been developed for enabling computers to communicate with one another in an orderly manner. For example, several proprietary versions of wireless local area networks (LANs) were implemented for testing and development. One wireless network standard that was recently adopted by the wireless community is the IEEE802.11 LAN, which led to a surge in use of wireless LANs. The IEEE802.11 standard establishes specifications on the parameters of both the medium access control and the physical layers for enabling wireless connectivity between fixed, portable, and moving stations within a local area. The term xe2x80x9cstationxe2x80x9d refers hereinafter to an active or passive device part of a computer network that is capable of communicating at least one data packet or frame within the computer network. Such stations include, but not limited to, personal computers, servers, routers, printers, personal digital assistants, scanners and data collectors, palmtop computers, handheld PCs, pen-based computers, and the like.
According to the IEEE802.11 standard, the physical layer that handles transmission of data between stations, may utilize either direct sequence spread spectrum, frequency hopping spread spectrum or infrared (IR) pulse position modulation. The medium access control layer (MAC) comprises a set of protocols that is responsible for maintaining order in the use of the shared medium. In accordance with the MAC protocol, when a station has a data packet or frame to be transmitted, it first listens to ensure no other station is transmitting. If the channel is clear, it then transmits the packet. Otherwise, it chooses a random xe2x80x9cbackoff factorxe2x80x9d that determines the amount of time the station must wait until it is allowed to transmit the packet. During periods in which the channel is clear, the transmitting station decrements its backoff counter, and when the channel is busy it does not decrement its backoff counter. When the backoff counter reaches zero, then the station transmits the packet. Since the probability that two stations will choose the same backoff factor is small, collisions between packets are thus minimized. In certain environments, before a packet is to be transmitted, the transmitting station initially sends a short request-to-send (RTS) packet containing information on the length of the time required to transmit the packet. If the receiving station hears the RTS, it responds with a short clear-to-send (CTS) packet. After this exchange, the transmitting station sends its packet. When the packet is successfully received, as determined by a cyclic redundancy check (CRC), the receiving station transmits an acknowledgement (ACK) packet.
Like wired network counterparts, wireless networks may, during operation, encounter network difficulties or anomalies including, but not limited to, data traffic congestion at peak usage, point failures, and the like. Such network difficulties negatively impact network responsiveness and throughput. As a result, network users experience productivity loss, network processing delays and other disruptions. A measure of a network""s performance is often referred to as the quality of service. Quality of service is typically measured by responsiveness, including the amount of time expended waiting for images, text, and other data to be transferred, and by throughput of data across a communications channel. Other aspects may be application-specific, for example, quality of playback, jitter, quality of the data transmitted over the communication channel, and the like. In order to troubleshoot, maintain, and optimize the performance of communication networks, the data traffic flowing through the communication channel is monitored, tested and analyzed to provide rapid detection, diagnosis and correction of network failure and system breakdown, through use of tolls developed for this purpose. Network Associates, Inc., of Santa Clara, Calif., has been in the forefront of technology for many years in developing and providing software for managing and troubleshooting computer networks. The software is known as xe2x80x9cSniffer(copyright) Softwarexe2x80x9d.
In the course of testing and analyzing a network""s quality of service, a network monitoring tool is typically used to access a passive station positioned at a point along a wired network connection or communication channel through which all of the data traffic of interest streams. By accessing the passive station with the network monitoring tool, all the data traffic passing through the corresponding network connection may be easily tracked and observed. Any irregularities in the data traffic flow may then be readily detected and analyzed to determine the source of a particular anomaly. This type of analysis is referred to as promiscuous mode analysis. Such wired network analysis techniques, however, would fail to monitor data traffic transmitted over wireless communication channels. In network systems where wireless and wired networks are connected, the monitoring tool accessing the passive station of the wired network portion would fail to perceive any of the data traffic transmitted along the wireless portion of the network.
For the foregoing reasons, there is a need to provide network analysis tools with a method for both extracting data packets or frames transmitted in a network such as between wireless stations, or between wireless stations and access points in a wireless LAN, and displaying the detail information contained in the data packets or frames for the user. The limitation of the processing power and available memory of the computers may make the real time detailed analysis of the frames virtually impossible. Therefore, the data packets or frames are captured in a buffer while the monitoring tool performs a real time analysis. The captured data packets or frames are later replayed for further detailed analysis and display.
The present invention is generally directed to a method for displaying and analyzing information contained in data packets or frames transmitted along a wireless communication channel. The method of the present invention provides the benefits of efficient network monitoring using a detailed offline analysis of the frames after they are captured in a buffer, thus greatly assisting the maintenance and troubleshooting of the network.
In particular, one aspect of the present invention is directed to a method of decoding information contained in an IEEE802.111 header of data packets or frames transmitted between stations in a wireless local area network, the method comprising steps of:
(a) establishing a direct wireless logical connection with the wireless communications network;
(b) receiving wirelessly, in real-time, data packets or frames transmitted in the wireless communication network;
(c) storing in a memory storage device, the data packets or frames captured; and
(d) decoding and displaying the information contained in the IEEE802.11 header of the data packets or frames stored in the capture buffer.
In another aspect of the present invention, there is provided a network monitoring apparatus for capturing and selectively filtering data frames transmitted between stations in a wireless communications network. The apparatus of the present invention comprises:
a wireless network interface device working in a promiscuous mode within a wireless
communications network, for capturing a plurality of frames transmitted through the network;
a user interface system comprising input and output devices for enabling a user to input and obtain information associated with plurality of captured frames;
a memory storage device for storing the plurality of captured frames from the wireless communications network; and
a processor device electronically connected to a network interface device, the user interface system, and memory storage device, the processor device being programmed to execute a routine comprising the steps of:
(a) establishing a direct wireless logical connection with the wireless communications network via the network interface device;
(b) receiving wirelessly, in real-time, frames transmitted in the wireless communications network via direct wireless logical connection;
(c) receiving one or more frame attribute parameters inputted by a user through the user interface system;
(d) storing in the memory storage device, the frames received from the wireless network via direct wireless logical connection;
(e) decoding in detail and displaying to the user, the information contained in the frames stored in the memory storage device.