Madge isn't a name you hear a great deal these days, but the company is still around and still making networking equipment - in this case a combination of a central security appliance and distributed wireless LAN (WLAN) probes that you can use to detect and prevent nefarious activity on the uncabled parts of your network.

The WLAN Probe Monitor is a 1U appliance (a PC in a headless box) that sits in your rack and connects to the LAN via a traditional Ethernet link (or, unsurprisingly for Madge, via Token Ring if you choose to buy that option). You then connect remote probes (in this case called WLAN Probe 2) to the LAN and place them around your organisation so they are likely to be able to detect any wireless activity that's going on in the network.

Probes that give you information
We'll start with the probes, as they're the easy part. You can see from the Madge product page that these are the same as the Red-Detect probes form Red-M, which is a spin-off from Madge. We review Red-Detect here.

Each probe is about the size of your hand, and wall-mounts via a little plastic bracket. You can use IEEE802.3af (Power over Ethernet) if you wish, but in case you don't have that facility, you get a little mains PSU with the box. Interestingly you don't actually get the mains power cord (the country-specific "kettle lead") with the unit, though I guess most of us have a cupboard full of spare ones anyway. The LED on the front of each probe provides diagnostic information (what colour it is and whether it's flashing tells you stuff), which was handy in our review because we managed to use a flaky Ethernet cable to connect one of the probes.

A simple central unit
Now for the central monitoring unit. The device itself is simple to use, since out of the box it gets an IP address via DHCP and the associated software (which you install on a PC) can auto-detect the server without the need for you to know the IP details. Although the unit has two Ethernet ports, you only ever use the OL ("Office LAN") port with the probe monitor. The second port is there in case you've bought the alternative Security Server product, in which case you plug your WLAN access point collection into the second WL ("WLAN") port; the security server then acts as a gateway between the wired and wireless worlds, and can drop packets and refuse connections as per the rules you set. It's worth mentioning, incidentally, that although it's primarily a monitoring tool, the basic Probe Monitor does let you launch "countermeasures" against a dodgy-looking conversation – that is, if you see two devices communicating you can make the system disrupt the conversation.

The PC application that provides the GUI to the server is a standard-looking two-pane window, with an overview on the left and a larger detail pane on the right. When you first start it up, you'll want to tell it where its probes are (you simply tell it their MAC addresses and it goes and finds them). Once the probes are configured (you can dictate what protocols to listen to – any or all of 802.11a, 802.11b/g and Bluetooth) the server will collate a list of devices whose existence the probes report. For devices whose identities you know, you can build a hierarchical list of known kit, into which the various items can be dropped. For devices whose MAC addresses you don't recognise, you at least know where to start looking because you'll be told which probes have seen which devices.

Configuring alerts
Once you've got your world set up, you can configure the alerting mechanisms of the system. There's a vast list of the possible events that can happen (both legitimate and illicit) and for each event type you get to define what level of important it has ("alert", "event" or "info"), whether to log it so it appears on the GUI console, and whether to cause an SNMP trap. Because the list's quite long it can take a little while to do, but they've thought the GUI out very sensibly and so instead of going into a "properties" window to change something, you can make all selections from a menu by right-clicking.

The GUI-based alert list is sensibly laid out and strikes a reasonable balance between brevity and verbosity (each entry is multi-line, but not excessive). There are some graphical representations of overall statistics, and it's a shame you can't click on (say) a segment of a pie chart and be taken to the raw data for that particular statistic.

So what do we think? To be honest, we're pleasantly surprised. The system is simple to use, and although the GUI is a bit basic it's usable and it works. The range of events is good, and the documentation goes into reasonable detail about what everything means (the textual descriptions of events in the GUI are also informative). The only fundamental things we'd change would be to make the charts drill-downable, and to make the system update the text of old alerts when you give a human-readable name to a device that's been found (at present it only uses this information on subsequent messages, so it makes glancing through historical events a little tedious). All in all, though, quite a nice package.


As there are two distinct products – the monitor-only Probe Monitor and the proactive Security Server you need to decide whether you want to simply watch what's happening or actually put a filter between your wired and wireless worlds.