We used a base platform of a HP ZV-5000 notebook (AMD Athlon 64 with 2GB dynamic RAM, 100GB internal drive and internal Broadcom Wi-Fi 802.11a/b/g chipset) running a freshly updated version of Windows XP SP2.

We used several access points, but principally an IPv6 Linux version of the Linksys WRT54G access point for testing purposes.

Several Wi-Fi cards were tested, but we principally used a Linksys WPC55AG Wi-Fi card (supports 802.11a/b/g). The HP notebook was connected by a Gigabit Ethernet connection to our internal network.

We used several other notebooks, including an HP DV9000, several Macintosh Powerbooks, and a Compaq Presario desktop with a Linksys 802.11a/b/g PCI network card to perform connectivity, monitoring and test attacks.

We simulated or used several attack profiles, run from a Macintosh Powerbook running Apple's AirPort Extreme card. We did a man-in-the-middle attack (MAC Spoof Attack), a Wi-Fi Protected Access (WPA) dictionary attack and an authentication flood attack (sends bogus MAC addresses).

The man-in-the-middle attack was correctly identified (except by the OptiView III), though the WPA dictionary attack and authentication flood attack were each seen differently by each analyzer; all triggered alarms.

All of the analyzers worked only on Windows XP SP2 (and not on Vista; Windows 2000 Professional wasn't tested, as it's no longer widely supported by Microsoft).

Network General's Sniffer Portable required use of Internet Explorer 6/7 (rather than Firefox or another browser) and had decided boundaries on memory and CPU speed, which it misidentified.

< Return to main test