This document gives an overview of the Wyebot Wireless Intelligence Platform (WIP) and the network security requirements of the platform. The WIP is a system designed for monitoring and analyzing WiFi traffic in order to help troubleshoot and optimize wireless networks. It consists of a sensor that resides on-site at the location to be monitored and cloud infrastructure that the sensor communicates with. The sensor captures WiFi traffic that is visible on both the 2.4 and 5GHz frequency spectrums. The captured data is processed by the sensor and sent to the cloud for additional analysis. The information is then presented to the user on a web-based dashboard.
For any questions not addressed in this document, please contact us at support@wyebot.com
No. The sensor is capturing wireless data in the same manner that anyone with a laptop and sniffing software can. Unlike wired ethernet which requires you to have physical access to the infrastructure, WiFi data can be seen by anyone within proximity of the network with commonly available tools. The sensor will connect to your wireless networks if you enable Network Tests.
No. Unlike some other wireless monitors, the Wyebot sensor does not require full packet captures to be sent to the cloud. Our sensor is an “edge computing device” which means most of the processing is done locally onboard the sensor. The sensor strips the payload from data packets and primarily analyzes the 802.11 header portion of the packets. Only aggregated packet metadata is sent to the cloud for further processing.
No. The sensor does not decrypt wireless traffic from 802.1x or Pre-shared key (PSK) encrypted networks.
The Wyebot sensor needs wireless credentials for any SSID that network tests will be run against. This includes Pre-shared keys, username/password for 802.1x and any captive portal credentials. This information is stored encrypted in the Wyebot cloud database. For 802.1x networks, we recommend creating a separate user account for the sensor to use rather than using someone’s personal credentials.
Yes. All communication between the sensor and the Wyebot cloud servers is transmitted via a TLS-encrypted secure MQTT tunnel.
In typical WiFi environments, the bandwidth used by a sensor is less than 10 kbps.
By default, a sensor is a completely passive device. It only captures data; it does not transmit any wireless data. There are two exceptions to this:
No. The sensor can be installed on any subnet that provides internet access, including guest networks. However, for full functionality of the sensor - including automatically discovering the names of WiFi clients and access points - it is recommended to install the sensor on a switch trunk port with access to all management and wireless VLANs that are used in the network.
SSL Decryption (also known as man-in-the-middle decryption) is a technique used by some firewalls to inspect encrypted traffic that passes through it. For this feature to work, the firewall’s SSL certificate must be installed on the client device. Wyebot sensors do not support the installation of your own certificate on them. The sensor must be allowed to bypass any SSL decryption done on the firewall in order to communicate with our cloud server.
The sensors have three WiFi radios, and the sensor analyzes packet capture files (PCAP) from each radio. These are wireless packet captures, and since wireless troubleshooting is only concerned with the packet header, the data payload is discarded. These PCAPs are processed on board and metadata from them is sent to the cloud. The sensor stores the PCAP files on board in the device RAM, and can be downloaded from the Wyebot dashboard. Typically, there should be about 24 hours of PCAP data available to download historically, depending on network activity. If additional storage is needed, we can also provide an external storage device that can be plugged into the USB port - contact your Wyebot representative for more details.
You can download wireless PCAPs from the sensor by navigating to Advanced > Trace Download. The ability to download PCAP files can be disabled by an Admin user under Mangement > General.
The Wyebot Wireless Intelligence Platform captures wireless packets from 802.11 WiFi networks. Within this data, the following identifiable information is collected:
Wyebot also collects statistical information about wireless traffic in the environment. This information is used by the Wyebot system to analyze performance and detect wireless problems. Only the 802.11 header of wireless packets is sent to the cloud for analysis - payload data (including websites, protocols and application data) is not sent to the cloud. The system does NOT decrypt encrypted wireless traffic.