- Features
In this chapter we talk about Spectrum Analyzer, features, configuration and how to recognize pattern.
Spectrum analyzers, like protocol analyzers, have a common set of features. These include views, reports, and Wi-Fi integration.
- Views
Spectrum analyzer views show you various representations of the RF energy in the monitored spectrum. They may show RF activity over time, at the moment, or in the past when looking at saved captures. They will also show statistical information such as channel quality, maxim dBm, and utilization. (As you can imagine, spectrum analysis is used in support of many communications beyond Wi-Fi, as well.)
To understand the ways in which spectrum activity is displayed, it is important to grasp some basic concepts of RF representation. The first is the FFT. The FFT shows spectral activity in the frequency domain, while waterfall or swept spectrogram views attempt to represent RF activity over time. Figure 6.11 illustrates the frequency and time domains of spectrum analysis. You can think of the frequency domain as the way RF activity would appear if the waves were coming at you and the time domain as the way it would appear if the waves were going past you. While this is not a physically specific interpretation, it is helpful for understanding. The frequency domain shows each frequency with the amplitude of energy on that frequency at any given moment. The time domain shows each frequency as it existed over time while monitoring or sweeping the spectrum.
Figure 6.11: Frequency and Time Domains
Figure 6.12 shows the Spectrum XT view of the FFT information. This would be analogous to the frequency domain. In this case, it is also showing where the 2.4 GHz channels fit in this space. Along the left scale you can see the power level in dBm for the signal. Along the right scale you can see the 2.4 GHz channel numbers. From this, you can determine the channels that have the strongest active RF energy, and the weakest active RF energy.
As Figure 6.12 shows, the energy in the 2.4 GHz spectrum at the location monitored included some very strong signals; however, this view does not reveal utilization, which is the key factor that will determine whether or not the signals will cause significant interference.
Figure 6.12: Spectrum XT FFT View
Additionally, the view represented does not reveal whether these signals include 802.11 signals, other wireless signals, incidental energy or anything else. That information will come from signature matching and Wi-Fi integration. Signature matching is used to detect (either automatically in software or manually by the viewing engineer) different signal types such as wireless phones, wireless cameras, Wi-Fi channels, and microwave ovens. In a later section, you will review signatures (or patterns) of common devices.
Figure 6.13 shows the FFT view in Chanalyzer (called the density graph) from Metageek. In this case, the bright red areas are revealing utilization. Deeper reds indicate higher levels of utilization. As with Spectrum XT, this view in Chanalyzer can reveal the max signal seen, average signal and current reading.
Figure 6.13: Chanalyzer FFT View
The waterfall view in Chanalyzer attempts to reveal the RF activity over time. Figure 6.14 shows Chanalyzer in the outdoor color scheme with the zoom on channel 11 and the waterfall view outlined in red.
Figure 6.14: Chanalyzer Waterfall View
Spectrum XT also supports such a view. Figure 6.15 shows the swept spectrogram view in Spectrum XT. Both of these views are useful to locate RF activity over time. Some interferers are sporadic in nature. They may appear only every few milliseconds, and the time views like the waterfall and spectrogram can help to detect such devices.
Figure 6.15: Spectrum XT
Finally, spectrum analyzers will present charts or tables with important statistical information. Figure 6.16 shows the Channel summary in Spectrum XT, and Figure 6.17 shows the Channels tab in Chanalyzer. Both reveal important information about the RF activity within 802.11 channel areas. Channel tables typically show the current RF amplitude, maximum, average and utilization or duty cycle. They may also list the number of APs on a channel when using Wi-Fi integration.
Figure 6.16: Spectrum XT Channel Summary
Figure 6.17: Chanalyzer Channels Tab
- Reports
Report generation is a useful feature of spectrum analyzers. Figure 6.18 shows the report builder in Chanalyzer. This tool allows you to build reports from the different views in the Chanalyzer software. You can also format the header, report title, author, location, and data. You can add custom blocks as well, where you might include photos or screenshots from other software.
Spectrum XT also includes report building features. According to Fluke Networks: AirMagnet Spectrum XT's integrated report engine makes it easy to turn RF spectrum analysis sessions into professional reports. Customization features allow this Wi-Fi spectrum analyzer to generate reports on the RF spectrum graphs, Wi-Fi charts and the list of RF interference sources for the current environment. With the wireless spectrum analyzer, reports can be exported in the Word, RTF, PDF, HTML formats for handoff.
Figure 6.18: Chanalyzer Report Builder
The Chanalyzer report builder can save reports in the Wi-Spy Report Format only; however, you can export the report in PDF, Rich Text, or HTML formats as shown in Figure 6.19.
Figure 6.19: Chanalyzer Report Export Dialog
- Wi-Fi Integration
Pure spectrum analysis is not specifically Wi-Fi aware with the exception of signal patterns. Many common transmitters use OFDM patterns such as HDMI wireless video devices, so relying on signal matching alone can be misleading. To properly detect 802.11, the spectrum analysis software needs to implement Wi-Fi integration. This simply means that the analyzer will use the laptop’s 802.11 adapter to scan for and display wireless networks. The same basic information that is available in a Wi-Fi scanner like inSSIDer or Acrylic will be available in the spectrum analyzer software.
Figure 6.20 shows the information available in Chanalyzer with Wi-Fi integration. Notice the indicated networks in the density view (FFT) and the Networks Table tab shown below.
Figure 6.20: Chanalyzer with Wi-Fi integration
Figure 6.21 shows the Spectrum XT Wi-Fi integration from the perspective of detected Wi-Fi devices. This information is available due to actual frame captures instead of simple scanning. For this reason, both client devices and APs are shown with details on security features and frame times as well as APs to which client STAs are connected.
Additionally, on the left pane of Spectrum XT, you can see the channel summary and the channel devices with a count of APs, client STAs and phones per channel. Finally, based on signature matching, you can see possible interferers in the left pane, which in this case shows a wireless headset.
Note also, Figure 6.22 shows an example extract from the Spectrum XT report that has information available because of Wi-Fi integration. Particularly examine the AP and STA count columns.
Figure 6.21: Spectrum XT Wi-Fi Devices View
2. Configure a Spectrum Analyzer
Once installed, the spectrum analysis software will need to be configured. Several configuration options are common, including:
- Resolution bandwidth
- Scanning frequency
- Wi-Fi adapter
Resolution Bandwidth
If the spectrum analyzer supports adjusting the RBW, you may desire to do so. This is particularly true when scanning a smaller frequency range. However, understand that the sweep time is a factor of RBW, dwell time and frequency range. For example, if you increase the RBW (by selecting a lower kHz value), but do not scan a smaller frequency range or reduce the dwell time, it will take much longer to sweep the entire target frequency range. When it takes longer to sweep the target frequency range, it is possible that you might miss some intermittent signals or RF radiators. Carefully consider changes to RBW.
Scanning Frequency
The scanning frequency defines the band and range you will scan in the spectrum analyzer. Metageek Chanalyzer supports selecting the full 2.4 GHz band, the full 5 GHz band, and several other options. In addition, you can zoom into a specific frequency range to get a detailed view. Figure 6.23 shows the expanded menu for band/channel selection in Chanalyzer.
Figure 6.23: Selecting the Frequencies to Scan in Chanalyzer
Wi-Fi Adapter
Finally, for Wi-Fi integration, you can choose the wireless adapter you wish to use. For example, your laptop may have an integrated adapter that supports only 2.4 GHz bands.
For this reason you may choose to use a USB adapter that supports 5 GHz as well. In Metageek Chanalyzer, simply select Wi-Fi and then the adapter you desire as shown in Figure 6.24.
Figure 6.24: Selecting the Wi-Fi Adapter
- Performing Spectrum Analysis
Three spectrum analysis skills are essential for troubleshooting. First, recognizing patterns helps to identify devices. Locating devices helps to find interferers and remove or address them. Finally, discovering issues includes identification of high duty cycle devices in channels and other tasks as well. This final section provides an overview of these processes and identifies several common device patterns.
3.1 Recognizing Patterns
An important skill to develop in relation to spectrum analysis is pattern or signature recognition. You can often identify a signal by the RF signature it generates. For example, 802.11 signals are required to comply with specific spectral masks per the 802.11 standard. Figure 6.25 shows the standard OFDM 20 MHz channel spectral mask.
Figure 6.25: 20 MHz OFDM Spectral Mask from 802.11-2012
Note the characteristic flat top of the spectral mask. If you were to compare this to the older DSSS signal spectral mask, you would notice the DSSS mask has a rounded top as in Figure 6.26. The simple point is that these are signal signatures or patterns that can be recognized to help identify the type of wireless device detected in the spectrum analyzer.
Figure 6.27 shows the pattern templates (interferer identifiers) available in Metageek Chanalyzer. Simply click on one of the templates to make it available for overlay in the density view as shown in Figure 6.27.
Figure 6.26: DSSS Spectral Mask
Figure 6.27: Interferer Identifier Overlay in Chanalyzer
The following pages will provide visualizations of common patterns exhibited by RF signals and seen in spectrum analyzers. They should be useful in helping you to recognize common patterns in your tool of choice. It is important to know that some spectrum analyzers, such as Spectrum XT can perform automatic device identification based on the signal detected. For example, it can detect phones, microwave ovens, and headsets among other devices. Figure 6.28 shows this listing in Spectrum XT.
Figure 6.28: Identified Non-Wi-Fi Devices in Spectrum XT
20 MHz OFDM Signal Pattern
Figure 6.29 shows the 20 MHz OFDM signal represented in the spectral mask of Figure 6.25 captures in a protocol analyzer.
Figure 6.29: 20 MHz OFDM
40 MHz OFDM Signal Pattern
Figure 6.30 shows a 40 MHz OFDM spectral capture.
Figure 6.30: 40 MHz OFDM
Bluetooth Signal Pattern
Figure 6.31 shows Bluetooth discovery. Bluetooth devices have two distinct phases: Discovery and data transfer.
Bluetooth discovery uses a unique hop and dwell pattern that will create identifiable patterns over time. For example, in Figure 6.31, the swept spectrogram shows a Bluetooth discovery scan that includes some transmissions on the lower side of the band and some in the middle of the band. A small section of the band (perhaps 20 MHz wide, near Wi-Fi channel 3 or 4) is unused by this device in discovery. The real-time FFT pattern also has a distinct shape in Bluetooth discovery, whereas the “spikes” (for lack of a better word) appear more random in the data transfer stage.
Figure 6.31: Bluetooth Discovery
Figure 6.32 shows Bluetooth in connected transfer mode. Compared with the discovery stage, you can see that the Bluetooth data transfer phase appears much more random (both in the real-time FFT and the swept spectrogram displays).
Figure 6.32: Bluetooth Transfer
Cordless Phone Signal Pattern
Cordless phones are narrowband transmitters, with a peak amplitude in the middle and a tapered edge. The image in Figure 6.33 shows a frequency hopping cordless phone that has transmitted in three places across this band. Other cordless phones may have narrower transmit signatures, but the consistent trait is the narrowband, high amplitude peak. Many 2.4 GHz and 5.8 GHz cordless phones are used today, so do not be surprised to see this interferer in 2.4 GHz or the higher end of 5 GHz bands. Figure 6.33 shows a spectrum capture of a cordless phone in 2.4 GHz.
Figure 6.33: Cordless Phone
Video Transmitter Signal Pattern
Video transmitters have a similar transmit signature as audio transmitters with a narrow peak, high amplitude, and 100% duty cycle. Figure 6.34 shows a video transmitter. Some late-generation video transmitters operate in 5 GHz, and have a signal pattern that appears exactly like an OFDM signal, but with a very-high duty cycle.
Figure 6.34: Video Transmitter
Wideband Jammer Signal Pattern
“Jammer” is a somewhat generic term for an RF signal generator. A signal generator is essentially a radio transmitter that can be designed for malicious purposes, or simply to test antennas or other RF components. In Figure 6.35, a wideband signal generator is emitting high-amplitude energy across the entire 2.4 GHz band. This would prevent any and all nearby 802.11 devices from communicating. Narrowband-signal generators are also common.
The word “jammer” typically alludes to malicious intent. Radio communications can be easily disrupted with a jammer. Figure 6.35 shows a wideband jammer signal.
Figure 6.35: Wideband Jammer
Microwave Oven Signal Pattern
Microwave ovens come in all shapes and sizes, and their transmit masks vary right along with them. The consistent trend with microwave ovens is that they are high amplitude, and appear as fairly wide transmitters in a spectrum analysis. A microwave oven transmission typically centers between Wi-Fi channels 7–9. Cafeterias are well-known locations where microwave oven interference is likely.
Figure 6.36: Microwave Oven
**** Source: CWAP Official Study Guide by Tom Carpenter
No comments:
Post a Comment