WisMon : A Wireless Statistical Monitoring tool


Overview :

WisMon generates real-time statistics from a unified list of packets, which come from different probes (see below). Not all traffic can be captured by only one wireless enabled terminal, since processing speed, fading and distance generate packet loss. If multiple data sources are used, most (around 99%) of wireless traffic can be captured. Packets are acquired by the probes, and only the relevant parameters are extracted at the source. These parameters are transmitted to a central data collector engine, which adds them to a merged packet buffer, avoiding duplicates (since the same packet may arrive simultaneously to different probes). Then, captured packets are classified by MAC address, and for each MAC address, specific parameters (incoming traffic, outgoing traffic, TX mode, RSSI, repeated packets) are integrated to an online histogram.
A GUI is provided to access these parameters. A list of current observed stations is displayed. From the list, a station and the required parameters can be selected. A new window appears showing the requested information (last 30 seconds). Historical data is saved periodically to enable analysis afterwards.
Notes - WisMon has only been tested with atheros-based cards, using the madwifi driver. However, it should work with other cards which allow promiscuous mode.

Key features :

  • Works as a virtual measuring instrument for wireless local networks
  • Captures packets from multiple sources to collect more traffic
  • Generates statistical information for Physical and traffic parameters
  • Keeps track of the activity for all the detected packet sources in realtime
  • Records the statistics for the stations and APs for offline viewing
  • It is based on a client-server architecture to separate the processing task from the monitoring interface
  • Data transfers are done with an incremental approach to decrease network load

Bibliography :

Architecture :

The Probes

Probes are devices in charge of capturing the packets within the wireless coverage area, and extracting the required parameters to transmit to the packet processor. A probe is a station with at least two interfaces: one wireless 802.11 and one wired ethernet. Packets are captured in promiscuous mode on the wireless side; each packet timestamp is correlated with the beacon of the associated AP, and then specific parameters are extracted to transmit to the main packet processor. Currently, this is done with a modified kismet server (see Installation section). Each probe listens for connections on the wired interface used to transmit the processed data. After a connection is established, data is pushed at the acquisition rate. Passive monitoring is used, i.e., since the interface is in listening mode.

The Packet Processor

The Packet Processor is a server istself, whose main objective is to get statistics from the received packets. The Packet processor connects to the different probes and starts receiving the processed packets, which are classified by MAC address. For each recognized station, the following parameters are currently collected:
  • Received power
  • Repeated packets
  • Inbound traffic
  • Outbound traffic
  • Transmission mode
A circular buffer is built in one-second time buckets, which accumulate the parameter values and events seen during that period. The buffer length is 30 seconds. Data is saved when the circular buffer is full, the oldest bucket is saved in a log.

The Graphical User Interface

The GUI is based on a main window with a list of stations and a child windows to display the processed data. The main window contains the list of recognized MAC interfaces, with a summary of current values. A new station is added when a packet whose source or destination are new to the server. If the server has been running for enough time to see at least one packet per station, then the full station list will be available. To select a station, it must be highlighted. The requested parameters must also be chosen from the select boxes on the right. Only two simultaneous parameters can be selected to be displayed now. There is an offline mode which allows to review history information about any parameter from a selected station.

Downloads :

WisMon is licensed under the Cecill license.
Source distribution of WisMon for linux, are available: wismon_client-0.1-R3.tar.gz
wismon_server-0.1-R3.tar.gz

WisMon is written in C and C++. It heavily relies on gtk for the GUI. It also uses the kismet packet capture engine. Please refer to the install and config page.

System Requirements

  • Linux (tested on fc2)
  • a wireless card with a full promiscuous mode
  • kismet

Snapshots

WisMon main window
WisMon graph window

Mailing Lists:

There are two mailing lists of interest here:

Users Mailing List: wismon-user@sophia.inria.fr
Here you can send comments, suggestions and bug reports.
New releases will be announced in this list.
Send also here your questions.
To subscribe send a mail with the subject "subscribe wismon-user" to: sympa@lists-sop.inria.fr
WisMon-user Subscription

Developers Mailing List: wismon-devel@sophia.inria.fr
You can subscribe here if you wish to collaborate with WisMon development. Thanks!
To subscribe send a mail with the subject "subscribe wismon-devel" to: sympa@lists-sop.inria.fr
WisMon-devel Subscription

Acknowledgements

The first version of this software was developed at Projet PLANETE, INRIA Sophia Antipolis, France with support from the Saint-Exupery grant program, La Dirección Nacional de Cooperación Internacional, Ministerio de Educación, Argentina and the French Embassy in Argentina.