Omnipeek Remote Adapters

Click a link below to learn more about the remote adapters available with Omnipeek.


Aruba Remote Adapter

Contents

Introduction

The Aruba Remote Adapter allows existing Aruba managed APs to be temporarily converted to packet capture devices, forwarding all of their packets back to Omnipeek via TCP/IP over the wired network. Rapid access to packets anywhere in the wireless network is just a few clicks away since Omnipeek can started directly from the Aruba software management system. The Aruba Remote Adapter with Omnipeek allows for packet streams from multiple Aruba APs to be aggregated within a single Omnipeek capture, simplifying data collection and analysis, allowing you to view all wireless data including channels 1, 6 and 11 simultaneously, or allowing you to monitor the roaming of wireless clients from one AP to the next.

Omnipeek Configuration

Before you can begin capturing packets using the Aruba Remote Adapter (from an Aruba access point), make sure the Aruba Remote Adapter is enabled in Omnipeek (enabled by default).

To enable the Aruba Remote Adapter in Omnipeek:

  1. In Omnipeek, choose Tools > Options. The Options dialog appears.
  2. Select the Analysis Modules option.
  3. Select the Enabled check box for the Aruba Remote Adapter entry.
  4. Click OK.

Important: On the Omnipeek computer, use the ipconfig command to obtain the computerís IP address and Gateway IP. You will need this information when configuring the Aruba access point to send packets, as explained below.

Capturing Packets from Aruba Access Points

Capturing packets from Aruba access points begins like you begin a capture from any other adapter in Omnipeek; however, packets will not populate the capture window until the Aruba access point begins sending packets to the Omnipeek computer as noted below.

To capture packets from Aruba access points:

  1. Create a new capture window in Omnipeek. The Capture Options dialog appears
  2. Select the Adapter options.
  3. Double-click New Remote Adapter below the Module: Aruba Remote Adapter entry. The Aruba Remote Adapter Properties dialog appears.
  4. Enter a Name and Port for the Aruba adapter. The name can be anything, but leave the port number set to 5000 (the default port number used by Aruba access points).
  5. Click OK to close the Aruba Remote Adapter Properties dialog.
  6. Select the new adapter and click OK to close the Capture Options dialog. A new capture window appears that has a Start / Stop Aruba Capture button in the upper right corner.
  7. Click the Start Aruba Capture button. Packets will not populate the capture window until the Aruba controller begins sending packets to the Omnipeek computer as described in Configuring the Aruba Access Point to Send Packets below.
  8. Click the Stop Aruba Capture button to stop capturing packets. No additional packets are allowed into the capture buffer.
  9. The Aruba access point will continue sending packets to the Omnipeek computer until the Aruba controller is configured to stop sending packets. Packets not accepted into the capture window buffer are returned as ICMP packets.

Important: When you want to stop sending packets, you must configure the Aruba controller to stop sending packets; otherwise, the Omnipeek computer will send an ICMP Destination Port Unreachable for every incoming packet received. This will impact the performance of the Omnipeek computer and possibly your network. See Configuring the Aruba Access Point to Send Packets below.

Configuring the Aruba Access Point to Send Packets

In an Aruba wireless deployment, Aruba access points can be configured to provide either Access Point (AP) or Air Monitor (AM) functionality. An Aruba access point operating as an Air Monitor will allow you to send packets from the access point to the Omnipeek computer. This section describes how to enable Air Monitor functionality on an Aruba access point, and then how to begin sending packets.

To send packets from an Aruba access point to the Omnipeek computer:

Note: Depending on your Aruba controller, the following instructions may differ slightly.

  1. Open a web browser and connect to the Aruba controller using the appropriate IP address.
  2. Login to the Aruba controller.
  3. In the Monitoring view, select the WLAN access point(s) you wish to operate as an Air Monitor.
  4. In the Access Point tab, select the access point and click the Packet Capture button.
  5. Click the BSSID Address that has the desired Radio Type.
  6. Click the New Raw Packet Capture button.
  7. In the Raw Packet Capture section, select AiroPeek, enter the target IP address (Omnipeek computer), Port, Channel, and Radio Type.
    Note: Make sure the Channel is appropriate for the Radio Type you selected.
  8. Click the Start button. Packets begin populating the Omnipeek capture window.

Important: When you want to stop sending packets, you must configure the Aruba access point to stop sending packets; otherwise, the Omnipeek computer will send an ICMP Destination Port Unreachable for every incoming packet received. This will impact the performance of the Omnipeek computer and possibly your network.

To stop sending packets from an Aruba access point to the Omnipeek computer:

  1. Login to the Aruba controller.
  2. In the Raw Packet Capture section, select the check box of the access point you wish to stop sending packets.
  3. Click the Stop button.

Known Issues

  • You will receive a "Socket Error" if you configure two or more Aruba remote adapters. This is due to the default Adapter Port value being set to Port 5000. Currently, Omnipeek cannot multiplex the port; however, you can configure an Aruba remote adapter and the Aruba access point to use a different Port value (e.g., Port 5001) to send and receive data. This allows you to have two captures going from two different adapters simultaneously using two unique Ports.
  • Real-time decryption is not supported on Aruba captures. Post-capture decryption (Tools > Decrypt WLAN Packets); however, are supported.
  • When manually creating captures, the 802.11 capture options are not functional, as these functions are defined in the external hardware.
  • Aruba captures contain packets with a 0 Data Rate value.
  • Network utilization statistics in Omnipeek do not change based on the adapter speed configured on the Aruba Remote Adapter.

Cisco Remote Adapter

Contents

Introduction

The Cisco Remote Adapter allows existing Cisco managed APs to be temporarily converted to packet capture devices, forwarding all of their packets back to Omnipeek via TCP/IP over the wired network. Rapid access to packets anywhere in the wireless network is just a few clicks away. The Cisco Remote Adapter with Omnipeek allows for packet streams from multiple Cisco APs to be aggregated within a single Omnipeek capture, simplifying data collection and analysis, allowing you to view all wireless data including channels 1, 6 and 11 simultaneously, or allowing you to monitor the roaming of wireless clients from one AP to the next.

Omnipeek Configuration

Before you can begin capturing packets using the Cisco Remote Adapter (from a Cisco access point), make sure the Cisco Remote Adapter is enabled in Omnipeek (enabled by default).

To enable the Cisco Remote Adapter in Omnipeek:

  1. In Omnipeek, choose Tools > Options. The Options dialog appears.
  2. Select the Analysis Modules option.
  3. Select the Enabled check box for the Cisco Remote Adapter entry.
  4. Click OK.

Important: On the Omnipeek computer, use the ipconfig command to obtain the computerís IP address. You will need this information when configuring the Cisco access point to send packets, as explained below.

Capturing Packets from a Cisco Access Point

Capturing packets from Cisco access points begins like you begin a capture from any other adapter in Omnipeek; however, packets will not populate the capture window until the Cisco access point begins sending packets to the Omnipeek computer as noted below.

To capture packets from Cisco access points:

  1. Create a new capture window in Omnipeek. The Capture Options dialog appears
  2. Select the Adapter options.
  3. Double-click New Remote Adapter below the Module: Cisco Remote Adapter entry. The Cisco Capture Adapter Properties dialog appears.
  4. Enter a Name and IP address for the Cisco access point. Leave the IP address blank if you want to capture from any access point.
  5. Click OK to close the Cisco Capture Adapter Properties dialog.
  6. Select the new adapter and click OK to close the Capture Options dialog. A new capture window appears that has a Start / Stop Cisco Capture button in the upper right corner.
  7. Click the Start Cisco Capture button. Packets will not populate the capture window until the Cisco controller begins sending packets to the Omnipeek computer as described in Configuring the Cisco Access Point to Send Packets below.
  8. Click the Stop Cisco Capture button to stop capturing packets. No additional packets are allowed into the capture buffer.
  9. The Cisco access point will continue sending packets to the Omnipeek computer until the Cisco controller is configured to stop sending packets. Packets not accepted into the capture window buffer are returned as ICMP packets.

Important: When you want to stop sending packets, you must configure the Cisco controller to stop sending packets; otherwise, the Omnipeek computer will send an ICMP Destination Port Unreachable for every incoming packet received. This will impact the performance of the Omnipeek computer and possibly your network. See Configuring the Cisco Access Point to Send Packets below

Configuring the Cisco Access Point to Send Packets

In a Cisco wireless deployment, Cisco access points can be configured to provide either Access Point (AP) or Sniff mode functionality. A Cisco access point operating in Sniff mode will allow you to send packets from the access point to the Omnipeek computer. This section describes how to enable Sniff mode functionality on a Cisco access point, and then how to begin sending packets.

To send packets from a Cisco access point to the Omnipeek computer:

Note: Depending on your Cisco controller, the following instructions may differ slightly.

  1. Open a web browser and connect to the Cisco controller using the appropriate IP address.

  2. Login to the Cisco controller.
  3. In the Access Point Summary section of the Monitor view, click Detail for the Radio you wish to operate in Sniff mode.
  4. Click Configure for the radio.
  5. In the Sniffer Channel Assignment section, select the Sniff check box.
  6. Select the channel you wish to "Sniff" and enter the IP address of the Omnipeek computer.
  7. Click the Apply button. Packets begin populating the Omnipeek capture window.

Important: When you want to stop sending packets, you must configure the Cisco access point to stop sending packets; otherwise, the Omnipeek computer will send an ICMP Destination Port Unreachable for every incoming packet received. This will impact the performance of the Omnipeek computer and possibly your network.

To stop sending packets from a Cisco access point to the Omnipeek computer:

  1. Login to the Cisco controller.
  2. In the Sniffer Channel Assignment section, clear the Sniff check box.

Known Issues

  • When manually creating captures, the 802.11 capture options are not functional, as these functions are defined in the external hardware.
  • Real-time decryption is not supported on Cisco captures. Post-capture decryption (Tools > Decrypt WLAN Packets); however, is supported.

SNMP Trap Adapter

Contents

Introduction

The SNMP Trap Adapter allows Omnipeek to correlate network events from other devices with network events generated by Omnipeek. The remote adapter extends the reach of Omnipeek by allowing it to receive real-time information from third-party applications or devices. The SNMP Trap Adapter is available for download and installation from MyPeek.

Omnipeek Configuration

Before you can begin capturing SNMP traps from a third-party application or device, make sure the SNMP Trap Adapter is installed and enabled in Omnipeek.

To enable the SNMP Trap Adapter in Omnipeek:

  1. Download and install the SNMP Trap Adapter from MyPeek.
  2. In Omnipeek, choose Tools > Options. The Options dialog appears.
  3. Select the Analysis Modules option.
  4. Select the Enabled check box for the SNMP Trap Adapter entry.
  5. Click OK.

Note: Additional configuration may be required by the third-party application or device.

Important: On the Omnipeek computer, use the ipconfig command to obtain the computerís IP address. You will likely need this information when configuring the third-party application or device.

Windows SNMP Software

On the machine running Omnipeek you will need to install the SNMP Management and Monitoring Tools Windows Component.

To install the Windows SNMP software:

  1. In Windows Control Panel, double-click Add or Remove Programs.
  2. In the left-hand column of options, choose Add/Remove Windows Components.
  3. A Windows Components Wizard window appears.
  4. Select Management and Monitoring Tools.
  5. Click the Details button. The Simple Network Management Protocol and WMI SNMP Provider options must be enabled.
  6. Click OK.
  7. Click Next. You may be asked to insert the Windows install CD.

Receiving SNMP Trap Messages from Third-party Applications or Devices

Certain management applications can send SNMP traps to the address of the machine running Omnipeek, and then post an entry in Summary Statistics. To receive SNMP trap messages, begin a capture using the SNMP Trap Adapter in Omnipeek.

Note: Please refer to the documentation for the management application sending the SNMP traps for configuration details.

Tip: You can set a trigger in Omnipeek to start a capture whenever it receives a trap. This works by creating an advanced filter using Analysis Module/SNMP Trap Adapter. Refer to Omnipeek online help for instructions on creating advanced filters and triggers.