- Navigation Breadcrumbs
- Status Pane
- Navigation Table
- Visualization Pane
- Details Pane
- Time Graphs Pane
At the top level, Tonic has three views:
- Networks View, which shows a list of all of the ESSID's that have been observed
- Clients View, which shows all of the client devices that have been observed
- Channels view, which lists Wi-Fi channels, and details about them
From the Networks View, the user can enter the Navigation Breadcrumbs, and drill down through:
- Networks View
- ESSID View
- BSSID View
- Client View
The Status Pane shows how many packet capture adapters are connected, if a spectrum analyzer is connected, and how much system memory Tonic is consuming.
Each packet capture adapter receives a unique color (indicated by the dot), which is used to identify that adapter's influence elsewhere in Tonic.
A table of selectable objects, depending on the current view. For example, the Navigation Pane shows a list of ESSID's (i.e. Networks) in the Networks View, and a list of active clients in the BSSID (i.e. AP Radio) View.
Click any object in the Navigation Table to drill down into it.
The Networks View is analogous to the "home" screen in Tonic. It's where Tonic begins by default, and is the top-level of the Networks > ESSID View > BSSID View > Client drill down.
The Clients View shows any clients within range of your adapter, including clients that are unassociated or associated to a neighboring network. Clicking on a client will drill down into more details (see Client View below).
The Channels View will display all relevant information for each channel in the 2.4 and 5 GHz bands. This is helpful for understanding which channels are at at capacity, or which channels are the most clear.
|Spectrum Utilization||Only available with a Wi-Spy attached. How often RF activity is occurring on the channel, or how often the channel is being "Utilized"|
|Airtime Usage||Current Airtime utilization taken up by Wi-Fi devices (dark purple) compared to total available airtime on the channel (grey)|
|Highest Utilization||Indicates which ESSID is taking up the most airtime on that channel|
|Legacy Present||Indicates whether an 802.11b device is present on the channel|
The first "drilldown" from the Networks view by clicking on an ESSID. This view will display the radios or BSSIDs underneath the selected ESSID. This view is helpful to understand client distribution per radio.
The second "drilldown" from the Networks view by clicking on a radio or BSSID. This view will display a table of all clients connected to the radio, an Airtime Usage treepie, and AP Radio Details.
AP Radio Details Pane
In the AP Radio Details Pane, you can find live information about the client.
|SSID||The network name that the BSSID is broadcasting|
|Access Point||The device name being broadcasted by the AP, or AP alias. Click the pencil icon to alias the radio.|
|MAC Address||MAC address of the radio|
|Model||Model of AP - select the pencil icon to enter / edit AP model|
|Signal||Current signal strength of radio in dBm|
|Airtime Usage||Current Airtime utilization the radio is taking up (darker purple) compared to total utilization the AP is taking up (light grey)|
|Channel Airtime||How much airtime the radio is taking up compared to the total airtime available on the channel|
|Spectrum Utilization||Only available with a Wi-Spy attached. How often RF activity is occurring on the channel, or how often the channel is being "Utilized".|
|Clients||Number of clients picked up by the adapter|
|Channel||Current channel of the radio and its channel width|
|Security||The security protocol that the access is configured to support|
|Basic Rates||Shows min supported data rates (slower data rates fly farther, but cause more channel utilization)|
Country config currently being used
|PHY Types||Phy type|
|Generation||Wi-Fi Alliance generation designation|
|Max Data Rate||Maximum supported data rate|
How many spatial streams AP is able to utilize
|Max MCS Index||Max MCS index number|
Displays other AP capabilities, such as 802.11v transition
The Clients View is the furthest extent of "drilldown" in Tonic. It contains details about recent Packet Events that the client has experienced, as well as details about the client status, identity, and capabilities.
By performing live analysis of captured packets, Tonic detects Packet Events that occur to clients. In some cases, Packet Events are detected due to the capture of a specific type of packet, or due to a series of events.
For example, if a Deauthentication Frame is heard, then a Deauthentication Packet Event is assigned to the client.
If a client is associated to a BSSID (access point radio), and is seen sending frames to another BSSID (other than Probe Requests), then a "Roamed" Packet Event occurs, indicating that the client must have roamed to a different access point.
Selecting a Packet Event
When a Packet Event is observed, Click on the Packet Event to open the Packet Flow Pane.
Disabled Packet Events
Tonic keeps a 10-minute buffer of all packets in memory. When a Packet Event becomes older than 10 minutes, the packets from the event are no longer available for Tonic to reference. As a result, Packet Events old than 10 minutes are greyed out and are no longer selectable.
Packet Flow shows a list of packets between the access point and client that were captured during or immediately following the Packet Event.
- The AP column, when populated, shows what data rate the access point transmitted the frame at.
- The Frame Type column shows what kind of 802.11 frame was transmitted. The arrow direction shows who the transmitter was, and who the receiver was.
- The Client column, when populated, shows what data rate the client transmitted the frame at.
Air Time Usage Pane
The Multi-Layer Pie Chart (or "treepie") shows how much airtime was consumed in the conversation between the access point and the client.
Client Details Pane
In the Client Details Pane, you can find live information about the client.
Packet Counts Pane
The Packet Counts Pane shows how many packets have been captured in the conversation between the access point (or multiple access points, if the client has roamed) within the selected timespan.
Inferred Data Frames
In some cases, the packet capture adapter(s) might not demodulate some or all of the data frames transmitted by the access point or client device. Missed data frames can be caused by:
- Poor signal strength from the capture adapter's perspective
- AP and client with more spatial streams than the capture adapter
- AP and client newer phy type than the capture adapter
In most cases, even if the capture adapter fails to demodulate the data frames, the capture adapter will still successfully demodulate the Control frames, which are largely responsible for helping coordinate traffic on the Wi-Fi channel. Note: Control Frames are always colored orange in Tonic.
It Tonic captures a CTS (Clear-to-send) and ACK (Acknowledgement), it adds an Inferred Data Frame to the to the Packet Counts table and Airtime Usage graph. The Airtime Usage value is derived from the NAV (Network Allocation Vector) timer set by the CTS.
When packets are exported from Tonic, Inferred Data Frames are not included. Instead, they are only calculated at the time of capture, or when reading in a packet capture file.
Time Graphs Pane
Under each Navigation Breadcrumb (ESSID View > BSSID View > Client View), certain Time Graphs become available at the bottom. You can toggle which Time Graphs are displayed under the dropdown. Time Graphs can be moved up or down using the down and up arrow icons.
|Time Graph||Description||View(s) available in|
|AP Transmit Data Rate||Data rate (Mbps) of selected object over time||BSSID & Client|
|AP Transmit MCS||MCS index of the selected radio over time||BSSID & Client|
|Client Transmit MCS||MCS index of the selected client over time||BSSID & Client|
|Retries||Retry rate (%) of the selected object over time||BSSID & Client|
|Signal Strength||Signal strength (dBm) of the selected object over time||ESSID, BSSID, & Client|