XENGUARD
LOGIN
e-mail
password
Don't have an account? Register now!

Xenguard Server software

device list

The devices tab provides a device-oriented view of your network. Xenguard is the perfect tool for monitoring the health of your wireless network, and rapidly diagnosing problems when they emerge.

The time selector allows you to choose the time window in which devices have been active.

The role selector lets you select between mobile devices, and access points. Here we've chosen STATION (mobile devices).

The search box allows you to easily locate devices on a specific network of interest. Here we've selected Starbucks WiFi. The system shows us all devices which are currently connected to that network. In general you can enumerate an organization's entire wireless network just by typing in it's name.

Click the network name to get full details on that particular network (including all devices which have ever connected to that network).

The device list is color-coded by class, allowing you to easily notice devices of interest. Here we've detected a potential threat device on the Starbucks network. The Xenguard system can detect various threat activities including web sites visited, apps installed, networks visited and so on. By defining triggers, you can automatically classify different groups of mobile devices based on their properties or online activities. In this particular case, the device is marked as a threat because it cannot be properly identified -- someone probably wants to hide from us. Despite the best efforts of hackers, the Xenguard system generally provides enough information to accurately identify every device, even one that's been hacked or masqueraded.

There are a lot of unusual devices running around out there! Most operators of wireless networks have no idea what's really going on in the air -- because conventional wireless routers don't have Xenguard's deep packet inspection capabilities.

device details

Select a device ID to view details. Here we've chosen a random mobile device from Tim Horton's. We are always careful to protect personal privacy, so we will remove information of a potentially sensitive nature. However, in the real world, you simply can't protect a wireless network without being aware of all the devices that are active, and being able to identify potential security threats.

The Xenguard system is designed to safeguard the privacy of the user while exposing full diagnostic and security information about devices.

Private networks must opt in by providing the network access key.

Personally identifiable information is not collected unless a device is opted in by an authorized user or administrator.

The device class indicates how the device is managed.

  • DISCOVERED : a device which has been detected by the Xenguard system
  • MANAGED : a device which runs the Xenguard Agent software
  • MONITORED : a device which has been selected for deep monitoring
  • THREAT : a device which has been found to be a security threat by one of the Xenguard system triggers

The device type indicates what kind of device.

  • MOBILE : smart phones, laptops, tablets etc.
  • VEHICLE : cars, trucks, trains, bus etc.
  • CAMERA : wireless surveillance cameras
  • MEDICAL : medical / health equipment
  • AUTOMATION : various automation, security and industrial control systems
  • ROUTER : switches, relays, access points etc.
  • PRINTER : includes scanners and copiers
  • DISPLAY : wireless displays and speaker systems

The device model identifies the exact model number or name.

The device vendor identifies the organization which made the device.

The device serial uniquely identifies the device. The exact data source used for this unique identifier varies by device.

The device name is it's host name.

The device role indicates if it is a wireless client (STATION) or an access point (AP).

The device owner identifies the person who uses the device.

The touch indicator identifies devices which have been in very close proximity to a Xenguard sensor. This will generally be triggered when a device is within 6 feet of a Xenguard sensor. This feature allows you to quickly tag devices of interest, simply by touching them.

The current network shows which network the devices is connected to right now.

The time seen stamps indicate the time when the device was first detected by the Xenguard system, and when the device was last "seen".

The notes field allows users to add informational text to device records.

network interfaces

The network interfaces section shows the various network interfaces associated with a device. For example, a laptop might have two different WiFi adapters, BlueTooth, ethernet and one or more RFID tags in it's components.

Wireless networks often suffer from congestion and interference problems, which reduces performance and causes various anomalies for network users. The Xenguard software offers an automatic wireless calibration mode which can automatically determine the best possible network configuration, and optionally implement changes in real time. The calibration process utilizes the Xenguard softwares active scanning to discover nearby sources of interference and determine how to best mitigate degradation of the network, strengthening the overall performance and security of a wireless network.

802.11a transmits radio signals in the frequency range above 5 GHz, a part of the wireless spectrum regulated in many countries. This regulation means 802.11a equipment generally avoids signal interference from other consumer wireless products like cordless phones. In contrast, 802.11b/g utilizes frequencies in the unregulated 2.4 GHz range and is much more susceptible to radio interference from other devices. Though it helps improve network performance and reduce interference, the range of an 802.11a signal is limited by use of the high 5 GHz frequency. An 802.11a access point transmitter may cover less than one-fourth the area of a comparable 802.11b/g unit. Brick walls and other obstructions affect 802.11a wireless networks to a greater degree than they do comparable 802.11 b/g networks.

If you use an overlapping channel (anything other than 1,6,11), you get terrible performance and you make everybody else's performance worse. The problem is that any time an AP on the overlapping channel broadcasts, you get stepped on. And because the channels overlap rather than coincide, other network's transmissions are seen as noise, not signal, and don't trigger the bandwidth sharing built into the design.

Even if other channels seem less crowded, remember that because channels overlap you still have to deal with interference from those busier channels as well. Your "clearer" channels will still have interference originating from the busy channels, so there is little to gain. What happens when you put your system in between two of the "standard" channels is that now you get interference from both of them. So, if you were to use, say, channel 3, you might now get interference from radios on both channel 1 and radios on channel 6 (and everything in between). Non-overlapping channels (1,6,11) work better than overlapping channels. With overlapping channels, you step on each other and can't do anything about it. With non-overlapping channels, you see each other and share the bandwidth.

transmission power

Most consumer-grade wireless equipment is restricted in transmission power at the firmware level (some adapters even have their regulatory country burned into the PROM). The Xenguard system can, with the right hardware, increase power transmission levels beyond the restricted limit. WARNING : this can be illegal in many areas and should only be used in areas without legal restrictions on transmission power, such as Bolivia. With standard Xenguard-certified equipment, 2000 mW transmission power is generally where the best range is obtained; this is up to 10 times the maximum power level allowed by law in some countries. Increased power will increase range, but increases interference potential.

network transmission latency

Network transmission latency tests are conducted by introducing ICMP control (PING) packets from client to server, and from server to client. Both small (no payload) and large payloads (near the maximum supported frame size, around 8000 bytes) are tested (this exposes the effect of payload size on transmission latency). As user-space processes are generating and receiving the ICMP packets, this number will be slightly lower than the raw wifi data frame transmission rate / latency. Worst-case and average numbers are provided. On a heavily-loaded client, we see a wide variation in latency even over a single hop. This host is in trouble, even though our test shows we lost no packets (this is a single ethernet hop). Deviation is high. On a healthy wireless access point, we see an under-a-millisecond values even though this is a wireless hop. Deviation is low.

The ethernet component of the network is relatively straightforward to test. Performance depends on switching capability and cabling. For testing purposes we assume that the configuration remains static the number of hops and switch configuration remains contant, and no interference from other connected hosts is assumed.

The wireless component of the network is relatively difficult to test, because wifi (unlike ethernet) expects transmitters to wait for a clear channel before initiating data transmission therefore it is possible for one single client (STA) to disrupt connectivity on a particular wireless channel. Even if a wireless infrastructure is performing at maximum capacity, there exists the potential for interference by other clients, and also other non-wifi RF sources.

thoroughput

Thoroughput is measured in packets per second, and bytes per second. Both small and large payloads are tested. This test can be conducted independantly on ethernet and wireless segments of the network.

retransmission

Retransmission indicates that data has been lost between the sender and reciever. Retransmission tests are conducted along with thoroughput tests, to detect the percentage of retransmitted frames. Because retransmission relies on client-specific parameters, it is possible to have more or less demanding devices with different collision-avoidance and transmission-control algorithms. Retransmission is an important consideration when low latency is required, because even a small error rate can dramatically reduce available bandwidth, increase latencies and/or disrupt connectivity (high latency or lost frames). Ideally, tests prove that zero retransmission occurs anywhere on the network. Otherwise, the amount of retransmission must be taken into account in analyzing the results of other tests, because retransmission could add additional overhead and latency to the results. However, it is normal for significant numbers of transmission errors to occur on any wifi network. Retransmission is best measured via the wifi access point, and the wifi client (STA), if access to this information is available, because only the transmitting host knows for sure how many frames it tried to transmit.

Most if not all wifi networks suffer from some errors in transmission. It is recommended that we factor in a realistic error rate (perhaps 5% at least) in order to allow for normal rates of transmission error. Client and server firmware is responsible for how devices behave in regards to retransmission. For example, a client may decide to associate with a different access point, or fall back to slower speeds, or increase its transmission power when certain error rates are detected.

network access

The network access section shows you which networks a device has been accessing. In this example, we've redacted the user's home and workplace. We can see this device visits Second Cup and The Keg, flies Air Transat, uses the Westin business facilities, and so on.

Unlike an ethernet network, wireless networks involve management actions which are required for clients (STAs) to successfully remain connected to the wireless access point. While a networks data frame transmission rate is important, it is also possible that data frame transmission could be interrupted if a particular management action fails. We measure the amount of latency required by each management action in order to identify any potential points of failure for a latency-sensitive application. If direct access to real client hardware is not possible, a wpa_supplicant process may be used to benchmark various management actions. The wpa_supplicant is an open-source component used by many different wireless equipment manufacturers. Timestamping and debug modes of this software provide accurate measurements of how long each management action takes.

Beacons are the Access Points way of announcing its presence to clients. Beacon intervals are an important trade-off between wasting bandwidth, and having fast detection by clients. Beacons also contain the Time Sync Function Counter which is used by clients to re-set the clients clock. Some clients can be highly sensitive to beacon intervals. For example, some client firmwares may disconnect or re-associate if a beacon is not received in sufficient time. On a standard phone, a user may not see an access point appear in his selection list if beacons are not received fast enough. On the other hand, beacons generally cause a lot of wasted bandwidth and interference because the frames are large, and transmitted often. Generally a client device first passively waits for a beacon matching a particular SSID, then sends a probe-request to a particular access point.

Probes are used by clients to detect the presence of access points. The average and worst-case latencies of probe requests and responses are provided. It is possible for a client to disconnect itself from an access point if the access point does not reply to its probe request quickly enough.

Authentication allows data to be encrypted as it is transmitted across the wireless network, negotiating the encryption ciphers and identifying the client to the access point. If authentication is used, the average and worst-case latencies of authentication attempts should be recorded. For example, if RADIUS authentication is used (requiring authentication across the internet), authentication itself can easily take 5 seconds full or more; whereas a standard WPA2 configuration introduces very little latency. Since authentication is generally necessary for hand-off, it should be tested indepdendantly.

Xenguard management system
contact Xenguard
Xenguard services
Xenguard software
Xenguard news
Xenguard library
Copyright © 2013-2020 by Xenguard. All rights reserved.