Your wireless LAN is as much a part of your network as the rest of your infrastructure. You cant afford not to monitor it, any more than you can ignore how your switches and routers are coping with traffic levels. But monitoring WLANs has its own set of requirements that dont apply to the wired world - and WLAN hardware vendors will try to persuade you to spend lots of money to meet those needs. If you have a large complex WLAN environment, you may well have to use their tools but here are a few ideas of what you can do to see how things are behaving, without splashing out large sums.
Whats out there?
There is no shortage of hacker utilities that gain most of their visibility from their use in breaking into other peoples networks, but some of these can equally well be used to monitor your own network and theyre free. For example, the likes of Netstumbler, nmap or Kismet tend to be thought of in less than fond terms, but can have their place in a network engineers tool bag along with more commercial utilities.
The use of these types of applications, is, it must be said, much more limited if used on a network with proper (i.e. non-default WEP) security in place. However, there are a couple of clever things you can do with them. NetStumbler, for instance, makes an excellent tool for measuring signal strength and signal-to-noise ratios - not something youre normally bothered with when installing a data network, but increasingly more important in the wireless world. If you want to deploy point-to-point wireless links - for example, maybe to link to a warehouse situated across the car park without laying fibres - you can use NetStumbler to help you position the antennae for the maximum signal. Theres a MIDI option that gives you audio feedback with the pitch increasing with signal strength. Now how useful is that for an easy way to get your antennae set up properly?
Theres a version of NetStumbler for the PocketPC too (unfortunately without the MIDI support) and you can get Kismet for the Compaq iPAQ, so you dont even necessarily need to lug your laptop about. Wander through your office with one of these and see if you pick up any SSIDs that you dont recognise. Youll soon spot any unauthorised Access Points that someones installed to give them their own personal wireless access or let you know if someone in the company next door isnt quite as security conscious as your own IT group.
This can be useful to find out as its possible to set wireless clients to connect to the AP with the highest signal strength, rather than trying each profile (with associated SSID) in the order configured. In this case it may be possible for your users to associate with next doors unsecured network, instead of yours, which will lead to help desk calls when they cant get to their database server any more.
Using your normal laptop, associated to one of your APs, try a ping of your local broadcast address (you may need to play about with timeouts from the defaults to give everyone a chance to respond) and see who replies. If you know you have an office with half a dozen users and you get ten addresses replying, its time to see whos hijacked your network. You can get MAC addresses from the arp cache, which will often let you figure out the NIC vendor from the OUI (the first six digits of the MAC address), so you can also see if anyone has swapped their company-issued, standard wireless card for anything else.
The likes of iperf (available for Windows and Linux) will let you carry out end-to-end throughput tests to see what sort of real performance your users are getting over the ether.
You can spend a lot of money on a commercial wireless analyser such as Sniffer Wireless or Airopeek (reviewed here), both of which are very comprehensive wireless analysers, but you might also want to try downloading the popular Ethereal for free and seeing if that does what you need. In all cases, youll start to find limitations if you want to do packet capture and analysis, and your wireless is protected by anything more than the standard static WEP. You need to tell the analysers what the WEP key is, so that they can decrypt the data, and if youre running dynamic WEP, where the key is constantly changing, thats not going to work. Thats good news if youre worried about anyone else trying to capture your data but a bit of a pain if youre legitimately trying to troubleshoot. However, you do have one big advantage over unauthorised intruders on your network in that you can easily plug a normal analyser into a LAN port and see the traffic as it appears into your wired network and they hopefully cant.
If you have a large WLAN environment, then we would recommend you buy the deployment and monitoring tools you need to keep your network in check. But if youre just starting out with wireless and dont have a big budget for network management (and who does?), then take a look at how you can use some standard tools to find out whats going on.