Like OptiView III and OmniPeek, AirMagnet Laptop came with a Cognio Spectrum Analyzer card. AirMagnet Laptop uses an engine that is accessible by AirMagnet sensors, which can be other notebooks running licensed AirMagnet sensor applications or dedicated AirMagnet sensors, similar to OmniPeek's optional sensors.

AirMagnet sensors run in two modes: Enterprise Analyzer Sensor or AirMagnet Enterprise Sensor. The Enterprise Sensor mode sends information to a mothership node, while the Analyzer Sensor uses an application console that looks into the sensor. The server is an engine that collects sensor data for correlation in the console that provides an integrated view of the entire grid of sensors.

A Web interface permits a download of the console application (password controlled), and several users can access the engine simultaneously. The console then becomes the business end for this intrusion-detection system (IDS)/intermediate distribution frame/monitoring application.

AirMagnet found the man-in-the-middle attacker as a rogue access point. The flood attacks were deemed "Suspicious activity," which was amusingly closer to reality than the description offered by OmniPeek and Sniffer.

In our tests, AirMagnet excelled in two places. First, the user interface allows a great deal of interrelated information to be shown on screen. This big-picture console display let us watch attacks and get detailed information from several perspectives concurrently. Second, AirMagnet's diagnostic feature is an articulate description of what is being seen.

Highly detailed information about alarms and detailed references are shown, so that captured alarm information can be understood by the operator. This lets operators assign priorities, knowing how AirMagnet has judged the traffic it is seeing -- and more important, why it's alarming.

This information is invaluable, as the errors found among WLAN protocol analyzers don't often have the same description. As a result, the detective work of determining the seriousness of an error or alarm is more rapidly discerned. The AirMagnet user interface is the antithesis of command-line-interface information.

In monitoring mode, AirMagnet lets you assign different roles to users. Some may have full administrative capabilities, while others can see but not acknowledge alarms that have been found. The AirMagnet console-monitoring application is available as an HTTP download from the main data-collection server so that rapid access to problems that require the use of the console can be accommodated throughout the enterprise.