The present invention relates generally to computerized communication networks for permitting computers to communicate with each other in an organized manner, and more particularly to a network troubleshooting tool for detecting, and diagnosing network failures, and providing a general overview of active communications in the spectrum of allowed frequency channels of IEEE 802.11b or all allowed multiplexed communication channels in general.
Over recent years, the wireless communication field has enjoyed tremendous growth and popularity. Wireless technology now reaches or is capable of reaching nearly every place on the face of the earth. Millions of people exchange information every day using pagers, cellular telephones, and other wireless communication devices. With the success of wireless telephony and messaging services, wireless technology has also made significant inroads into the area of personal and business computing. Without the constraints imposed by wired networks, network users can move about almost everywhere without restriction and access a communication network from nearly any location, enabling wireless transmission of a variety of information types including data, video, voice and the like through the network.
Different radio technologies are used to transmit wireless information. Wireless local area networks are most often using methods described in the IEEE 802.11 specification. The goal is to make certain radio channels shareable for many users, but also not to cause problems by overlapping signals, which disturb other communications using other channels but the same modulation types. Presently, three technologies are most common. These are Frequency Hopping Spread Spectrum, Direct Sequence Spread Spectrum, and Orthogonal Frequency Division Multiplexing. IEEE 802.11 describes both technologies and their usage in Wireless LAN environments. Channel Surfing, as described herein, presently operates with Direct Sequence Spread Spectrum, but the general idea is adaptable to other technologies, which also use some type of channels, modulations or patterns to build several logical channels, which allow users to communicate wirelessly.
Direct Sequence Spread Spectrum, as described in IEEE 802.11b can use up to 14 channels, which are located close to each other between 2.4 and 2.4835 GHz. Table 1 shows an overview of all channel numbers and their frequency. Different countries only allow different channels to be used, because of possible interference with existing radio equipment.
An IEEE 802.11 network can run in two difference modes. One is called xe2x80x9cinfrastructure modexe2x80x9d. This in the most important one. Access points act as bridge devices between a wired network and wireless stations. The other mode is called xe2x80x9cad-hoc modexe2x80x9d and is used for peer-to-peer networking between wireless stations without an access point.
The focus of the invention is set on the infrastructure mode, but the concept will work in general. When setting up a wireless LAN infrastructure, all areas need to be covered by access point radio frequency (RF) signals. Every channel, which offers a maximum speed of 11 Mbit/sec, can only handle a certain number of clients. Each access point interface operates on a single channel. The working distance between an access point and a wireless station is limited from about 30 to 300 feet, depending upon the local environment (e.g. walls and other RF absorbing materials). Many access points are needed to fully cover an area with wireless access. Access points, which use the same frequency channel, and are close together, share the same segment and bandwidth. Neighboring channels interfere with each other since the signals are not perfect. There are only three totally nonoverlapping channels, which are 1, 6, and 11. Other channels can be used, if there is enough dead space in the specific local environment.
When performing network analysis in a wireless network environment, it is important to quickly obtain a good overview of the whole local environment. Channel surfing provides a method for efficiently retrieving all information needed to understand the entire wireless environment. The present method of analysis can be utilized in general by any device able to capture network traffic from a wireless environment. The present channel surfing invention is implemented in a Network Associates, Inc. product called Sniffer(copyright) Wireless. The Sniffer(copyright) Wireless is based on the well known and award winning Sniffer(copyright) product, which was formerly owned by Network General.
As previously indicated, IEEE 802.11b based traffic can be sent through up to 14 different channels, which are described by the frequency they are using (see Table 1). When doing network analysis in these environments, the best way to start is to look at every single channel and observe the traffic which is seen on this specific channel. Channel surfing describes the way to do it and also how to efficiently present this data to the network manager.
A screen called xe2x80x9cChannel Surfing Settingsxe2x80x9d, as shown in FIG. 2, is used to setup the requested behavior. The network manager can specify which channels to monitor, and the time period the Analyzer will monitor a channel before moving to the next one. The process starts with the lowest numbered channel selected and continues to the next higher channel selected. When the highest channel selected is finished being monitored, the process starts again with the lowest numbered channel. A selected background process will instruct the NIC (Network Interface Card) to change the channel when the current channel timer expires. All other processes running in the analyzer can start or stop or even continue what they are doing when surfing is active. An indicator on the screen tells the network manger that channel surfing is on, and the channel currently selected.
A capture process, for example, will continue without interruption. It will capture data from all channels, which were selected and accessed during the capture. Very often the network manager needs to capture traffic from a certain station, which is either identified by its DLC-address, IP-address or associated protocol. Triggers can be used to stop the surfing mode and to stay on a specific channel for capturing data, if a specific frame, which occurred during surfing on different channels was observed. This is not a perfect solution, but still a best effort solution, since a single radio device can only receive a signal from one channel at one time.
Channel surfing can also run in an enhanced mode with two NICs. One is running in channel surfing mode, and observes several channels one after the other. A second NIC is used for capturing. As a result, the process which runs the channel surfing can trigger a capture on the second NIC. A specific channel gets selected, and a capture process starts. Channel surfing goes on. If the same trigger statement becomes true on another channel, the second NIC will continue the capture process, but continue it on the new channel. This solution can address some problems with wireless roaming, where some stations change their access point association during the time period of wireless roaming.
A second key item is the presentation of channel surfing statistics. A single view should offer as much information as possible in some easy manner. A matrix display is the preferred textual display (see FIG. 3). Every channel is represented by one line. For every channel, the important values are printed in separate columns. These are counts for packets, bytes of data, management packets and control packets. More details of the meaning and of these three categories can be found in the IEEE 802.11 MAC description. It is also important to count and show the number of packets observed per a given bit rate or speed. CRC errors and retries are useful indicators for poor radio quality and delays on the network. Other valuable information are the access points, which are seen on every channel. An access point can be identified by sending out beacon frames. These frames are typically sent every 100 msec. In one embodiment the last observed access point is shown. In a preferred embodiment, a list of observed access points per channel is shown to provide more useful information.
Instead of a matrix display, the user can also select any type of data and present it in some graphical format, such as simple bar or line charts. An enhanced display will present a 3-dimensional graph. It may show from front to back the different types are shown or vice versa. Scaling of the values can be either linear or logarithmic. FIG. 4 shows an example of a 3-D graphical presentation.
All the information gathered by channel surfing can also be dumped on disc to allow some interesting long term analysis and trending. These are only statistical snapshots, not full time monitoring information of all channels, but they still provide valuable information about the network behavior.