CACE is one of the most visible firms in network analysis today, offering a number of products for both wired and wireless applications. AirPcap is consequently one of the best-known tools for WLAN capture and analysis. It's based on the very popular, open-source Wireshark (formerly Ethereal) protocol analyzer. AirPcap adds the wireless-specific parts, and includes a Wi-Fi receiver as part of the package - no other adapter is required, so getting up and running is quick and easy: install the driver (as is always good practice, don't use the included CD; download the latest version), insert the USB adapter, install Wireshark, and that's it.
A concise but helpful manual is included, along with MAN pages for Wireshark (and there is lots of other Wireshark information on the Web), but it would be fair to say that this product is aimed at experienced professionals with a solid networking background -- just the sort of folks qualified, after all, to do any form of packet capture and analysis in the first place. Also included are developer tools, making this product ideal for custom applications.
The company provided the USB-based AirPcap Ex Version for review, which supports a/b/g but not 802.11n. An 802.11n version is available, however only with an included PC card adapter form factor. An external antenna is also in the box, which can increase sensitivity, but we didn't need it for our testing.
AirPcap is fully integrated into Wireshark and is simple to use. Just start Wireshark, select the AirPcap adapter there, select your channel, and packets are grabbed and saved per your direction - easy. A wireless toolbar integrated into Wireshark eliminates the need to use the separate AirPcap control panel interface. The format of the decode information displayed in Wireshark is a bit primitive when compared with AirMagnet's and OmniPeek's verbose expansions, but still very useful. And we liked that multiple AirPcap adapters can be aggregated to capture multiple channels simultaneously (and completely, since it would be impossible to scan channels with a single radio while recording all traffic) in a single stream. It's also possible to decrypt data if keys are provided. Frame decoding is very complete and easy to use, although most information is displayed only when the capture is stopped and frames are individual examined.
Serious users, however, should also look into CACE's Pilot product, which isn't really a packet analysis tool, although it easily integrates with AirPcap for that purpose. Pilot is instead more of a specialized WLAN assurance tool, which provides statistical analysis and reporting (such as traffic by frame type) and displays a wide variety of analysis using a ribbon (just like Microsoft Office 2007) and drag-and-drop interface that allows the user to drag particular "views", or methods for analyzing captures, onto devices (radios that grab packets) and files (for recording captures for subsequent analysis). This does take a little experimentation, but within five minutes we were producing detailed charts and graphs. And while Pilot is sufficient for many traffic capture and analysis exercises, it's also possible to send captured data (seamlessly) to Wireshark for deep, low-level packet analysis. The combination of AirPcap, Wireshark, and Pilot provide a lot of power and convenience at a very fair package price of $1,745.
And documentation is outstanding - there's a very complete manual, pop-up help, and even an integrated library of brief videos showing just how to use Pilot's many capabilities. This product combination is a very nice complement even to those already using a WLAN assurance package given the broad range of additional functionality included in Pilot.
< Return to main test: WLAN sniffers pass the sniff test >