- Overview
- WCAE
- Wireless Config Analyzer Express - Engine
- Wireless Config Analyzer Express - GUI
- License Statement
- What is new! (engine)
- What is new! (GUI)
- Checks available in tool
- RF Health
- How to use - Cloud
- How to collect show tech wireless for Catalyst 9800
- How to colletct sh-run-config
- RF Graph analysis using WCAE Desktop and Gephi
- Client Audits
- Support
- WLAN Poller
- Wireless Detector
- AireOS Meraki Translator
- 9800 Guestshell/EEM scripts
- WiFi Hawk - Wireless Captures Analysis
- Cisco Support Assistant Extension (CSAE)
- KPI Dashboard
- WLCCA
- 9800 Traces to ELK stack
- 9800 Telemetry Pipeline
WiFi Hawk How to Use
Installation
The tool is normally distributed as a pre-packaged Python application, you only need to unzip the file content and run directly from the install point In case of a un-signed Apple file (the download filename will indicate it), you may need to use a workaround to execute the application. Signed Mac OS apps are provided whenever possible
Files Supported
You can process any wireless "over the air" (OTA) capture file. Specific files formats supported are:
- Native 802.11
- Radiotap
- Omnipeek
- Peekremote
- Prism
- AP in Sniffer mode (native or in CAPWAP encapsulation)
- Meraki
Ethernet/IP/wired captures are not supported
Processing File
Click on the "Browse" button, to open a Open File dialog, and select the file to process
After selecting the file, click on "Process File" to start the analysis process
Click on the "Browse" button, to open a Open File dialog, and select the file to process
This may take several minutes, depending on the file size (aprox. 1 min per 8 MBs)
The resulting report, will be created with the same name + ".xlsx" extension and location, as the input file
Using the Report
The starting point is the "Contents" tab. From this initial page, we can navigate to the different sections, and get a summary of "what" is present in the file
You can think of the report as an Index of all that is present in a wireless capture file, with highlights of the most important parts
There are four main object types or "devices" tracked on each wireless capture:
- BSSIDs: they represent each one of the source mac addresses, providing SSID/WLANs services. WiFi Hawk can monitor beaconing activity, Information Element variations, and report any possible AP defect that could impact clients
- AP Radios: this is the combination of BSSIDs that belong to a single AP. Used to monitor channel change, NDP (Neighbor Discovery Packets) and BSSID base configuration variations
- Clients: WiFi Hawk can monitor and create flows for Client wireless on-boarding processes, and highlight critical issues, both from client or AP side, that could impact a successful Wireless connection
- Channels: This is used to track all the "visible" channels in the capture. Normally, we will have one channel per file, but some capture devices can do a multi-channel capture
Each device type will show a summary of all error or warning messages found, when applicable
BSSIDs
They would roughly translate to WLAN serviced per a particular AP Radio. The report will contain the detected security configuration, channel reported by AP, and total beacon count
The event flow will show all detected and relevant client triggered events, and any possible BSSID failures, like beacon loss, interval variations or rate changes, that may impact client associations
The frame number acts as a "index" to search for the location in the file capture, using the "Go to frame" function of Wireshark
Whenever possible, the report will also contain a histogram of power levels for beacons and probes. Not all wireless file types can provide this information, so it will depend on the method used to capture the data
Clients
Each detected client in the file will be tracked, and all relevant events will be reflected in its event flow diagram. Clients with less than 3 frames seen, will be filtered out by default.
The tool will try to identify the device manufacturer, based on the mac address OUI, and association request information Additionally, it will reflect all the client reported capabilities and features supported
The event flow will follow a similar logic, to the one used in BSSIDs report, including all the relevant events for a given client, plus tracking power saving state when possible