WLAN NETWORK SNIFFER
FOR 2.4 AND 5 GHz WLAN ACCORDING TO IEEE 802.11a/b/g/n/ac
The WaveXpert can be used to record and analyze WLAN transmissions (with Wireshark) that are exchanged between two or more participants in his environment. WLAN transmissions according to the international standard IEEE 802.11a/b/g/n/ac can be recorded. WLAN devices whose transmissions are recorded are, for example for mobile devices such as notebooks, smartphones or PDAs, but also permanently installed equipment such as WLAN access points, WLAN printers or PCs with WLAN cards. The WaveXpert is available in two versions, as WaveXpert 1 (2.4 & 5 GHz, 4 channels with 20/40/80 MHz and up to 3x3 MIMO) and as WaveXpert 2 (5 GHz, 4 channels with 20/40/80/160 MHz and up to 4x4 MIMO).
What is recorded
The special feature of WaveXpert is that not only user data but also management and control information is received loss-free and stored for further analysis. The unit operates in passive mode only, WLAN transmissions are only received and nothing sent.
How data is collected
The WaveXpert is designed as a peripheral device for PCs, which have a Thunderbolt™ 3 interface. The data collected by the WaveXpert is transmitted via the Thunderbolt™ 3 interface to the PC and is stored in the PC’s memory. There the data can be displayed and analyzed with Wireshark.
Software/Configuration
For the operation and configuration of the WaveXpert such as for example the definition of the reception channels or of the channel bandwidth a user interface with a Linux Live operating system on the PC is supplied.
Benefits / Why WaveXpert
- Captures in monitoring mode the important management frames (incl. radio tap header)
- Multichannel, Multi-MIMO capture
- Visibility of “roaming processes”
- Saves captures in PCAP format (with Wireshark)
- 4 Wi-Fi cards with 16 antennas in one tidy case
- 20 GBit/s Thunderbolt Interface
Wireshark- Software: efficient and free package analysis
Wireshark is a free open source software for the analysis of data traffic in IT networks. For analysis purposes, the data can be clearly displayed live during network communication or after recording in the form of individual packets with time stamp and numbering. Numerous customizable filters, statistics, color markings and graphics facilitate the analysis.
From 1990 until today, an important tool for IT administrators
Already in the 90s, Gerald Combs and his team, then for the company "Ethereal Software Inc." developed the "Ethereal" software to make network problems easier to understand. For this purpose, the data protocols through which network devices communicate with each other were recorded, prepared, extended with meta information and graphically provided for analysis. After Gerald Combs moved to the company "CACE Technologies" in 2006, he started the development of the successor version "Wireshark", which is widely used today. It runs on almost all operating systems (Linux, Windows, MAC, Solaris), supports many national languages and is available for download on numerous servers worldwide. By extending the software with more and more filters, protocols, functions and graphical representations, Wireshark became an important tool for IT administrators, network experts and IT security experts. Even today Wireshark is provided free of charge and is constantly developed further.
Combination of several interfaces
Wireshark™ is primarily used for TCP/IP Ethernet and WLAN analysis. In addition, further interfaces such as USB or Bluetooth connections can be integrated into Wireshark™™ via corresponding modules. A special feature of Wireshark™™ is that data from several interfaces (e.g. several WLAN adapters) can be automatically combined to a data flow. This makes it possible to record and analyze several WLAN channels in real time. The WaveXpert from Softing IT Networks offers the possibility of simultaneously recording 4 WLAN channels (up to 8 WLAN channels for 2* devices).
Data packets in WLAN
When recording data packets, it is important to note that in switched networks (in contrast to earlier hubs) only the own input or output data traffic can be seen. In order to be able to see the entire network traffic, a "mirror port" is required at the switch or so-called network ports are used.
What is difficult in wired networks is much easier in wireless networks. Since WLAN is a "shared medium", theoretically everyone can read all data traffic from anywhere if there is enough signal strength. As a prerequisite for recording the entire WLAN data traffic, the WLAN adapter used for recording must be set to "Promiscous Mode". However, this mode is not supported by all WLAN adapters. So that the contents of the data packets can only be read by authorized recipients, there are techniques for WLAN encryption. However, the data packets as such can still be captured by all persons within reach and can also be a help in WLAN analysis despite encrypted user data. Wireshark also supports the decryption of WLAN data if the encryption key is available.
In addition to the graphical Wireshark version there is an equivalent version called Tshark, which is controlled without GUI by command lines and operations. This allows e.g. an easy remote use via SSH or working with scripts. Wireshark is not only characterized by the versatile, important functions and the free use, but also by the large and still strongly growing community.
SPECIFICATIONS
External data interface to PC | Thunderbolt™ 3 |
Connector | USB-C-Stecker |
Cable between device and PC | Thunderbolt™ certified with at least 20 Gbit/s Data rate |
Power consumption via Thunderbolt™ from PC | 15 W (max) |
Housing protection | IP20 |
Power Connection | Socket DC In 12 V to 20 V / 2 A (max) 5.5 mm Plug diameter 2.5 mm Center Pin Diameter |
Operating temperature range | 0 - 35°C 10 - 90% RH non-condensing |
Housing dimensions | 200 x 135 x 40 mm |
Weight (without cable) | 0,5 kg |
Conformity | CE: RED directive 2014/53/EU CE: ROHS Directive 2011/65/EU USA/Canada: FCC |
WLAN standard | IEEE 802.11a/b/g/n/ac (up tp160 MHz) |
Frequency | 2,4 GHz: 2.412 bis 2.472 GHz 5 GHz: 5.180 bis 5.825 GHz |
Max. channel bandwidth | 20/40/80/160 MHz |
Simultaneously recordable channels | 4 (8 with two WaveXperts) |
Scope of delivery
- WaveXpert device
- Thunderbolt™ 3 Cable
- USB stick with operating software
- Quickstart manual
- Softbag
Order number: 226559 - WaveXpert 1 (2.4 & 5 GHz, 4 Channels with 20/40/80 MHz up to 3x3 MIMO)
Order number: 226560 - WaveXpert 2 (5 GHz, 4 Channels with 20/40/80/160 MHz up to 4x4 MIMO)