Companies looking for general network analysis tools are spoilt for choice as theres a huge range of products and prices to suit all pockets. Unfortunately, wireless networks dont get anywhere near the same blessings, which is surprising as they are rarely out of the news - all too often for the wrong reasons, as security is their biggest weakness.
With this dearth of products, AirMagnet stands out by a mile. This company offers an impressive range of analysis tools. Along with a distributed version, which deploys permanent probes alongside the WLAN, there are versions for laptops and PDAs, all of which had a recent update. On review is the laptop version which requires you to bring your own laptop and also add one of a range of supported wireless PC Cards.
For testing we used a Pentium III 800MHz laptop, running Windows XP, and equipped with a Cisco AiroNet 352 PC Card. Installation only took a few minutes. A proprietary driver is installed and we found that although AirMagnet requires exclusive use when loaded you can use the network card for normal network access at other times.
The AirMagnet interface is a cheerful affair with plenty of brightly coloured charts and graphs making it easy to spot any problem areas. Seven different options are available and AirMagnet opens with a Start screen revealing a table of all discovered APs. You can see at a glance which channel each one is broadcasting on. It also shows the signal strength, noise levels plus signal-to-noise ratios and the graphs to the left can be expanded to show each of these values separately. More importantly, the table shows which APs have WEP or WPA enabled and even those employing 802.1x port authentication.
Colours are put to extremely good use in the AP table as a red channel number advises that there is an outstanding alarm whilst the corresponding MAC address cell turns green, yellow, red or grey depending on how long the device has been inactive. Reduce the signal graphs to a single display and the extra space below is now used to show a tree listing all 802.11 information about the number of SSIDs identified, which APs are operating in Ad-Hoc and Infrastructure mode, and the total number of wireless clients. A pie chart below ties in with the tree and displays the busiest APs and frame address types, along with associated stations, and you can easily see the distribution of 802.11a, b and g operating modes.
A second tree section reveals one of AirMagnets key features. This provides access to the AirWISE analysis engine, which automatically spots a wide range of wireless-related problems. Our four APs all used different configurations with some left wide open and others using different levels of WEP encryption. AirWISE provided audible and visual alerts as it picked out the security holes we had intentionally left. Double-clicking on the Security branch immediately switches you to the main AirWISE screen where youll find a comprehensive breakdown of each problem. These are accompanied by an AirMagnet Expert that provides a complete description of the reasons for each alert and plenty of advice for remedial action.
AirWISE does a lot more as it detects rogue APs, unauthorised clients and DoS attacks on wireless networks. This latest version adds new alarms for APs not using TKIP or 802.1x authentication, excessively high client association attempts and unusual out-of-hours WLAN traffic. External attempts to hack in can also be spotted as AirMagnet now watches out for clients attempting to associate with any available AP.
Theres much more to AirMagnet as the Channel screen gives a superbly detailed breakdown of throughput, signal strength, alerts and utilisation by wireless speed. You can easily swap between channels and individual APs can be monitored more closely from the Infrastructure tab. Basic packet capture and decoding is also provided and trace files can be saved and replayed as though live and you can limit the capture process to individual wireless channels. Lastly, AirMagnet also proves a good collection of diagnostic tools, including traceroute, whois, a traffic generator for the link between the AirMagnet system and selected AP, a site survey and a Coverage tool which allows you to check on minimum signal levels allowing SLAs to be maintained.
With the potential for huge security breaches, wireless network analysers are now a must-have tool for support staff. Even though AirMagnet is a software-only solution it does compare extremely well on price to most alternatives. Fluke Network’s PDA-based WaveRunner, for example, may be more portable but is a costlier option and doesn’t provide the same level of features, or troubleshooting assistance, as AirMagnet.