The present invention relates generally to computerized communication networks for permitting computers to communicate with each other in an organized manner, and more particularly to a network troubleshooting tool for detecting, diagnosing, and repairing network failures, which tool includes a method for capturing and selectively filtering data packets or frames transmitted across a wireless communications network such as an IEEE802.11 local area network (LAN).
Over recent years, the wireless communication field has enjoyed tremendous growth and popularity. Wireless technology now reaches or is capable of reaching nearly every place on the face of the earth. Hundreds of millions of people exchange information every day using pagers, cellular telephones, and other wireless communication devices. With the success of wireless telephony and messaging services, wireless technology has also made significant inroads into the area of personal and business computing. Without the constraints imposed by wired networks, network users can move about almost without restriction and access a communication network from nearly any location, enabling wireless transmission of a variety of information types including data, video, voice and the like through the network.
Many different forms of data communications protocols have been developed for enabling computers to communicate with one another in an orderly manner. For example, several proprietary versions of wireless local area networks (LANs) were implemented for testing and development. One wireless network standard that was recently adopted by the wireless community is the IEEE802.11 LAN which led to a surge in use of wireless LANs. The IEEE802.11 standard fixes specifications on the parameters of both the medium access control and physical layers for enabling wireless connectivity between fixed, portable, and moving stations within a local area. The term xe2x80x9cstationxe2x80x9d refers hereinafter to an active or passive device part of a computer network that is capable of communicating at least one data packet or frame within the computer network. Such stations include, but are not limited to, personal computers, servers, routers, printers, personal digital assistants, scanners and data collectors, palmtop computers, handheld PCs, pen-based computers, and the like.
According to the IEEE802.11 standard, the physical layer which handles transmission of data between stations, may utilize either direct sequence spread spectrum, frequency hopping spread spectrum or infrared (IR) pulse position modulation. The medium access control layer (MAC) comprises a set of protocols that is responsible for maintaining order in the use of a shared medium. In accordance with the MAC protocol, when a station receives a data packet or frame to be transmitted, it first listens to ensure no other station is transmitting. If the channel is clear, it then transmits the packet. Otherwise, it chooses a random xe2x80x9cbackoff factorxe2x80x9d which determines the amount of time the station must wait until it is allowed to transmit its packet. During periods in which the channel is clear, the transmitting station decrements its backoff counter, and when the channel is busy it does not decrement its backoff counter. When the backoff counter reaches zero, the station transmits the packet. Since the probability that two stations will choose the same backoff factor is small, collisions between packets are thus minimized. In certain environments, before a packet is to be transmitted, the transmitting station initially sends a short request-to-send (RTS) packet containing information on the length of the packet. If the receiving station hears the RTS, it responds with a short clear-to-send (CTS) packet. After this exchange, the transmitting station sends its packet. When the packet is successfully received, as determined by a cyclic redundancy check (CRC), the receiving station transmits an acknowledgment (ACK) packet.
Like wired network counterparts, wireless networks may, during operation, encounter network difficulties or anomalies including, but not limited to, data traffic congestions at peak usage, point failures, and the like. Such network difficulties negatively impact network responsiveness and throughput. As a result, network users experience productivity loss, network processing delays and other disruptions. A measure of a network""s performance is often referred to as the quality of service. Quality of service is typically measured by responsiveness, including the amount of time expended waiting for images, text, and other data to be transferred, and by throughput of data across a communications channel. Other aspects may be application-specific, for example, quality of playback, jitter, quality of the data transmitted over the communication channel, and the like. In order to troubleshoot, maintain, and optimize the performance of communication networks, the data traffic flowing through the communication channel is monitored, tested and analyzed to provide rapid detection, diagnosis and correction of network failure and system breakdown, through use of tools developed for this purpose. Network Associates, Inc., of Santa Clara, Calif., has been in the forefront of technology for many years in developing and providing software for managing and troubleshooting computer networks. The software is known as xe2x80x9cSniffer Softwarexe2x80x9d.
In the course of testing and analyzing a network""s quality of service, a network monitoring tool is typically used to access a passive station positioned at a point along a wired network connection or communication channel through which all the data traffic of interest streams. By accessing the passive station with the network monitoring tool, all the data traffic passing through the corresponding network connection may be easily tracked and observed. Any irregularities in the data traffic flow may then be readily detected and analyzed to determine the source of a particular anomaly. This type of analysis is referred to as promiscuous mode analysis. Such wired network analysis techniques, however, would fail to monitor data traffic transmitted over wireless communications channels. In network systems where wireless and wired networks are connected, the monitoring tool accessing the passive station of the wired network portion would fail to perceive any of the data traffic transmitted along the wireless portion of the network.
For the foregoing reasons, there is a need to provide network analysis tools with a method for extracting data packets or frames transmitted in a network such as between wireless stations, or between wireless stations and access points in a wireless LAN and selectively filtering the captured frames in a facilitated manner for efficient display to a user. One benefit of such a method is that the user may avoid being overwhelmed by a flood of frame data information indiscriminately collected by a network analysis tool by selecting identifying characteristics such as a specific data frame type or function for display and subsequent analysis. This enables the user to better detect and pinpoint the source of network anomaly in a precise, efficient manner during the course of maintaining, troubleshooting, and optimizing the network""s quality of service.
The present invention is generally directed to a method of capturing and filtering data packets or frames transmitted along a wireless communication channel for display. The method of the present invention provides the benefits of efficient network monitoring in real-time mode, thus greatly assisting the maintenance and troubleshooting of the network.
In particular, one aspect of the present invention is directed to a method of capturing and selectively filtering data packets or frames transmitted between stations in a wireless local area network, the method comprising steps of:
(a) establishing a direct wireless logical connection with the wireless communications network;
(b) receiving wirelessly, in real-time, data frames transmitted in the wireless communications network;
(c) receiving frame attribute parameters inputted by a user through a user interface system;
(d) comparing frame attributes of one of the received data frames with the user-inputted frame attribute parameters; and
(e) displaying to the user and/or storing in a memory storage device, the data frames that match with the user-inputted frame attribute parameters.
In another aspect of the present invention, there is provided a network monitoring apparatus for capturing and selectively filtering data frames transmitted between stations in a wireless communications network. The apparatus of the present invention comprises:
a wireless network interface device working in a promiscuous mode within a wireless communications network and capturing a plurality of data frames transmitted though the network;
a user interface system comprising input and output devices for enabling a user to input and obtain information associated with the plurality of captured data frames;
a memory storage device for storing the plurality of captured data frames from the wireless communications network;
a processor unit electronically connected to the network interface device, the user interface system, and the memory storage device and being programmed to execute a routine comprising the steps of:
(a) establishing a direct wireless logical connection with the wireless communications network via the network interface device;
(b) receiving wirelessly, in real-time, data frames transmitted in the wireless communications network via the direct wireless logical connection;
(c) receiving one or more frame attribute parameters inputted by a user through the user interface system;
(d) comparing frame attributes of one of the received data frames with the user-inputted frame attribute parameters; and
(e) displaying to the user and/or storing in the memory storage device, the data frames that match positively with the user-inputted frame attribute parameters.