Method and apparatus for capture, analysis and display of packet information sent in an IEEE 802.11 wireless network

US 6,697,337 B1
Filed: 09/17/2001
Issued: 02/24/2004
Est. Priority Date: 09/17/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for operating and programming a wireless analyzer device for an IEEE 802.11 wireless LAN, said method comprising the steps of:

performing a per packet processing routine to obtain packet statistics;

performing a one second timer routine;

arranging the packet statistics in a logical manner for display on a computer monitor;

wherein said step of per packet processing routine includes the steps of;

acquiring out of band packet information;

acquiring packet data;

determining whether wired equivalent privacy (WEP) is enabled;

decrypting a data portion of a captured frame and validating a WEP integrity check value (ICV), in response to enablement of WEP; and

processing packet statistics either in response to disablement of WEP, or to decryption of the data portion of a frame.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A wireless analyzer device for an IEEE 802.11 Wireless LAN is programmed to perform both a per packet processing routine to obtain packet statistics, and a one second timer routine, followed by arranging the packet statistics in a logical manner for display on a computer monitor.

Citations

19 Claims

1. A method for operating and programming a wireless analyzer device for an IEEE 802.11 wireless LAN, said method comprising the steps of:
- performing a per packet processing routine to obtain packet statistics;
  
  performing a one second timer routine;
  
  arranging the packet statistics in a logical manner for display on a computer monitor;
  
  wherein said step of per packet processing routine includes the steps of;
  
  acquiring out of band packet information;
  
  acquiring packet data;
  
  determining whether wired equivalent privacy (WEP) is enabled;
  
  decrypting a data portion of a captured frame and validating a WEP integrity check value (ICV), in response to enablement of WEP; and
  
  processing packet statistics either in response to disablement of WEP, or to decryption of the data portion of a frame.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein said step of acquiring out of band packet information includes the steps of:
3. The method of claim 1, wherein said one second timer routine includes the steps of:
- calculating network utilization;
  
  calculating data packet throughput; and
  
  calculating per second statistics.
4. The method of claim 1, wherein said step of processing packet statistics includes the steps of:
- accumulating general statistics;
  
  accumulating size distribution;
  
  accumulating detail errors;
  
  accumulating packet physical layer convergence protocol (PLCP) header statistics; and
  
  accumulating IEEE 802.11 statistics.
5. The method of claim 4, wherein said step of accumulating general statistics includes the steps of:
- accumulating packet length into TOTAL_BYTES;
  
  incrementing TOTAL PACKETS;
  
  incrementing PACKETS_THIS_SECOND;
  
  incrementing packet duration into Total Packet Duration;
  
  determining whether a frame is multicast;
  
  determining whether the frame is Broadcast;
  
  incrementing MULTICAST_PKTS if the frame is Multicast and not Broadcast; and
  
  incrementing BROADCAST_PKTS if the frame is Broadcast.
6. The method of claim 4, wherein the step of accumulating size distribution includes the steps of;
- determining whether the frame length is less than 14 bytes, and if so increment UNDERSIZE_PKTS;
  
  determining in response to the frame length being greater than or equal to 14 bytes, whether the frame length is less than 64 bytes, and if so increment TOTAL_—14_—63_PKTS;
  
  determining, in response to the frame being greater than or equal to 64 bytes, whether the frame length is less than 128 bytes, and if so increment TOTAL_—64_—127_PKTS;
  
  determining, in response to the frame length being equal to or greater than 128 bytes, whether the frame length is less than 256 bytes, and if so increment TOTAL_—128_—255_PKTS; and
  
  accumulating size distribution 2 in response to the frame length being equal to or greater than 256 bytes.
7. The method of claim 6, wherein the step of accumulating size distribution 2 includes the steps of:
- determining whether the frame length is less than 512 bytes, and if so increment TOTAL_—252_—511_PKTS;
  
  determining, in response to the frame length being greater than or equal to 512 bytes, whether the frame length is less than 1024 bytes, and if so increment TOTAL_—512_—1023_PKTS;
  
  determining, in response to the frame length being equal to or greater than 1024 bytes, whether the frame length is less than 2048 bytes, and if so increment TOTAL_—1024_—2047_PKTS;
  
  determining, in response to the frame length being equal to or greater than 2048 bytes, whether the frame length is greater than 2346 bytes, and if so increment TOTAL_—2048_—2346_PKTS; and
  
  incrementing OVERSIZE_PKTS in response to the frame length being equal to or greater than 2346 bytes.
8. The method of claim 4, wherein the step of accumulating detail errors includes the steps of:
- determining if a frame error is cyclic redundancy code (CRC), and if so increment both TOTAL_CRC_ERRS, and ERROR_THIS_SECOND;
  
  determining, in response to a frame error not being CRC, whether a frame error is physical layer convergence protocol (PLCP), and if so increment both TOTAL PLCP ERRS, and ERRORS THIS SECOND;
  
  determining, in response to a frame error not being PLCP, whether a frame needs decryption; and
  
  determining, in response to a frame needing decryption, whether there was a WEP ICV error during decryption, and if so increment both TOTAL_WEPICV_ERRS, and ERRORS_THIS_SECOND.
9. The method of claim 4, wherein the steps of accumulating PLCP header statistics includes the steps of:
- determining if a frame signal is transmitted at a speed of 1 Mbps Barker Code, and if so, increment TOTAL_—1 MBPS_PKTS;
  
  determining, in response to the frame not being a 1 Mbps frame, if the frame is a 2 Mbps Barker Code frame, and if so, increment TOTAL_—2 MBPS_PKTS;
  
  determining, in response to the frame not being a 2 Mbps Barker Code frame, if the frame is a 5.5 Mbps CCK frame, and if so, increment TOTAL_—5_—5 MBPS_PKTS;
  
  determining, in response to the frame not being a 5.5 Mbps CCK frame, if the frame is an 11 Mbps CCK frame, and if so, increment TOTAL_—11 MBPS_PKTS; and
  
  accumulating PLCP Header Statistics 2.
10. The method of claim 9, wherein the step of accumulating PLCP Header Statistics 2 includes the steps of:
- determining is a frame PLCP is a short PLCP, and if so, increment TOTAL_SHORT_PLCPS;
  
  determining, in response to the frame not being a short PLCP, if the frame is a long PLCP, and if so, increment TOTAL_LONG_PLCPS; and
  
  accumulating frame duration into TOTAL_PACKET_MICROSECONDS.
11. The method of claim 4, wherein said step of accumulating IEEE 802.11 statistics includes the steps of:
- determining if the frame control field wired equivalent privacy (FCF.WEP) is set, and if so, increment the variable TOTAL_WEP_PKTS;
  
  determining if the FCF.RETRY is set, and if so, increment the variable TOTAL_RETRY_PKTS;
  
  determining if the FCF.ORDER is set, and if so, increment the variable TOTAL_ORDER_PKTS; and
  
  accumulating IEEE 802.11 Packet Data Statistics 2.
12. The method of claim 11, wherein said step of accumulating IEEE 802.11 Packet Data Statistics 2 includes the steps of:
- determining if the frame control field type (FCF.TYPE) contains a value indicating that the IEEE 802.11 frame is a Data frame;
  
  responding to the FCF.TYPE being Data, by successively incrementing TOTAL_DATA_PKTS, and accumulating Packet Length into TOTAL_DATAPACKET_BYTES;
  
  determining, in response to the FCF.TYPE not being Data, if the FCF.TYPE is Management;
  
  responding to the FCF.TYPE being Management, by successively incrementing TOTAL_MGMT_PKTS, and accumulating IEEE 802.11 Management Statistics;
  
  determining, in response to the FCF.TYPE not being Management, if the FCF.TYPE is Control; and
  
  responding to the DCF.TYPE being Control, by successively incrementing TOTAL_CTRL_PKTS, and accumulating IEEE 802.11 Control Statistics.
13. The method of claim 12, wherein the step of accumulating IEEE 802.11 Control Statistics includes the steps of:
- determining if the FCF.SUBTYPE is a Power Save Poll (PS-POLL), and if so, increment TOTAL_PSPOLL_PKTS;
  
  determining in response to the FCF.SUBTYPE not being PS-POLL, if the FCF.SUBTYPE is an Acknowledgment (ACK), and if so, increment TOTAL-ACK_PKTS;
  
  determining, in response to the FCF.SUBTYPE not being ACK, if it is a Request To Send (RTS), and if so, increment TOTAL_RTS_PKTS;
  
  determining, in response to the FCF,SUBTYPE not being RTS, if it is a Clear To Send (CTS), and if so, increment TOTAL_CTS_PKTS;
  
  determining, in response to the FCF.SUBTYPE not being CTS, if it is a contention Free End (CF-END), and if so, increment TOTAL_CFEND_PKTS; and
  
  determining in response to the FCF.SUBTYPE not being CF END, if it is CF END/CFACK, and if so, increment TOTAL_CFEND_CFACK_PKTS.
14. The method of claim 12, wherein the step of accumulating IEEE 802.11 Management Statistics includes the steps of:
- determining if the Frame Control Field Subtype is an Association Request (FCF.SUBTYPE ASSOC REQ), and if so, increment TOTAL_ASSOC_REQS;
  
  determining, in response lo the FCF.SUBTYPE not being ASSOC REQ, if it is an Association Response (ASSOC RESP), and if so, increment TOTAL_ASSOC_RESP;
  
  determining, in response to the FCF.SUBTYPE not being an ASSOC RESP, if it is a Reassociation Response (REASSOC RESP), and if so, increment TOTAL_REASSOC_RESP; and
  
  accumulating Management Packet Statistics 2 in response to the FCF.SUBTYPE not being a REASSOC RESP.
15. The method of claim 14, wherein said step of accumulating Management Packet Statistics 2 includes the steps of:
- determining if the FCF.SUBTYPE is an Authentication, and if so, increment TOTAL_AUTH_REQS;
  
  determining, in response to No for the previous step, if the FCF.SUBTYPE is a Deauthentication, and if so, increment TOTAL_DEAUTH_REQS;
  
  determining, in response to No for the immediately previous step, if the FCF.SUBTYPE is a PROBE REQ, and if so, increment TOTAL_PROBE_REQS;
  
  determining, in response to No for the immediately previous step, if the FCF.SUBTYPE is a PROBE RESP, and if so, increment TOTAL_PROBE_RESP; and
  
  accumulating Management Packet Statistics 3, in response to the FCF.SUBTYPE not being a PROBE RESP.
16. The method of claim 15, wherein said step of accumulating Management Packet Statistics 3 includes the steps of:
- determining if the FCF.SUBTYPE is a Disassociation, and if so, increment TOTAL_DISASSOCATIONS;
  
  determining, in response to No for the previous step, if the FCF.SUBTYPE is an announcement traffic indication message (ATIM), and if so, increment TOTAL_ATIM_PKTS; and
  
  determining, in response to No for the immediately previous step, if the FCF.SUBTYPE is a Beacon, and if so, both successively increment TOTAL_BEACON_PKTS, and then extract Extended Service Set Identification (ESSID) and Basic Service Set identification (BSSID).

17. A method for operating and programming a wireless analyzer device for an IEEE 802.11 wireless LAN, said method comprising the steps of:
- performing a per packet processing routine to obtain packet statistics;
  
  performing a one second timer routine;
  
  arranging the packet statistics in a logical manner for display on a computer monitor;
  
  wherein said one second timer routine includes the steps of;
  
  calculating network utilization;
  
  calculating data packet throughput; and
  
  calculating per second statistics;
  
  wherein said step of calculating networks utilization includes the steps of;
  
  determining if TOTAL_PACKET_MICROSECONDS is non-zero, indicating packets were received in the previous second;
  
  calculating, in response to Yes for the previous determining step, the previous 1 second network utilization by dividing 1,000,000 into TOTAL_PACKET_MICROSECONDS, and multiplying the result by 100 to provide percent utilization;
  
  resetting TOTAL_PACKET_MICROSECONDS to zero, after completing said calculating step; and
  
  terminating the step of calculating network utilization, either in response to said determining step showing TOTAL_PACKET_MICROSECONDS is zero, or immediately after said resetting step.

18. A method for operating and programming a wireless analyzer device for an IEEE 802.11 wireless LAN, said method comprising the steps of:
- performing a per packet processing routine to obtain Packet statistics;
  
  performing a one second timer routine;
  
  arranging the packet statistics in a logical manner for display on a computer monitor;
  
  wherein said one second timer routine includes the steps of;
  
  calculating network utilization;
  
  calculating data packet throughput; and
  
  calculating per second statistics;
  
  wherein said step of calculating data packet throughput includes the steps of;
  
  determining if TOTAL_DATAPACKET_BYTES is non-zero indicating at least some of received packets are Data Packets in the IEEE 802.11 Frame Control Field (FCF);
  
  calculating, in response to Yes in the previous determining step, the previous 1 second Data Throughput by multiplying the total number of bytes by 8 to obtain the total number of bits transmitted in the previous second;
  
  resetting, after said calculating step, the TOTAL_DATAPACKET_BYTES to zero; and
  
  terminating said step of calculating data packet throughput either after said resetting step, or said determining step finding TOTAL_DATAPACKET_BYTES is zero.

19. A method for operating and programming a wireless analyzer device for an IEEE 802.11 wireless LAN, said method comprising the steps of:
- performing a per packet processing routine to obtain packet statistics;
  
  performing a one second timer routine;
  
  arranging the packet statistics in a logical manner for display on a computer monitor;
  
  wherein said one second timer routine includes the steps of;
  
  calculating network utilization;
  
  calculating data packet throughput; and
  
  calculating per second statistics;
  
  wherein said step of calculating per second statistics provides errors and packets per second, and includes the steps of;
  
  determining if the variable ERRORS_THIS_SECOND is unequal to zero;
  
  setting, in response to Yes in the previous step, the last ERRORS_PER_SECOND value to equal the variable ERRORS_THIS_SECOND;
  
  resetting the ERRORS_THIS_SECOND to zero in response to either said setting step, or to the last said determining step answer being No;
  
  determining if the variable PACKET_THIS_SECOND is non-zero;
  
  setting, in response to the PACKET_THIS_SECOND being non-zero, the value of the variable PACKETS_THIS_SECOND; and
  
  resetting the PACKETS_PER_SECOND to zero, in response to either the immediately preceding setting step, or to No in the immediately preceding determining step.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
Networks Associates Technology, Inc. (McAfee, LLC)
Inventors
Anderson, James Peter, Cafarelli, Dominick Anthony
Primary Examiner(s)
Kizou, Hassan
Assistant Examiner(s)
LEVITAN, DMITRY

Application Number

US09/953,671
Time in Patent Office

890 Days
Field of Search

370/241, 370/242, 370/248, 370/252, 370/253, 370/310, 709/223, 709/224, 714/704, 714/699
US Class Current

370/253
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 43/0847   Transmission error

H04L 43/0882   Utilisation of link capacity

H04L 43/0888   Throughput

H04L 43/16   Threshold monitoring

Method and apparatus for capture, analysis and display of packet information sent in an IEEE 802.11 wireless network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for capture, analysis and display of packet information sent in an IEEE 802.11 wireless network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links