WLAN sniffers pass the sniff test

The value of capturing and analyzing network traffic is well-established. After all, the generic "sniffer" has been a fixture of networking since the days of "datascopes" on RS-232 connections. But wireless links introduce a number of complicating elements to this process - Wi-Fi protocols are unique at Layer 2, and traffic over the air isn't serialized, as is the case with wire. Simultaneous competing traffic is often the norm.

Packet capture tools are no longer the first-line approach to troubleshooting that they once were, and many Wi-Fi assurance suites include a variety of capabilities that can resolve even vexing problems without resorting to protocol analysis. But there are times when a look at and analysis of raw, real data is the only way to go, particularly when diagnosing connection and authentication challenges.

Wi-Fi packet capture and analysis products come in a number of forms. Some vendors offer this capability as part of more elaborate analysis toolsets, while others are quite ad-hoc, focusing only on capture and analysis. In this Clear Choice Test, as part of our continuing series of WLAN management tool reviews, we tested the applicable packet capture and analysis features of all of the major Wi-Fi assurance tools, including those from AirMagnet, Aruba Networks (the former Network Chemistry line), Motorola (the former AirDefense product family), and WildPackets.

We also tested ad-hoc products from CACE Technologies and TamoSoft. There are a number of other ad-hoc tools available, but they were not suitable for this test for a variety of reasons. (See related story.)

The good news here is that four out of the six products tested got perfect or near-perfect scores in our evaluation, showing a particularly high level of both functionality and maturity. Any of these would be suitable to resolve even difficult Wi-Fi connectivity challenges.

So it is therefore difficult to reduce this testing to a single obvious winner because the range of functionality across the products we tested, to say nothing of the range of prices, is so broad. There's a lot to be said in favor of a large, omnibus assurance package like AirMagnet or OmniPeek, both of which contain very robust and useful packet capture and analysis functionality - and, of course, a lot more.

But if we had to pick one, WildPackets' OmniPeek would be it because it is undeniably simple, powerful and convenient. AirMagnet finishes in a very close second. The choice really depends upon what other assurance features are required and one's preference for a specific approach to user interface.

Of the more focused products, CACE Technologies' AirPcap and Tamosoft's CommView for WiFi both encompass an excellent combination of high function, ease of use and convenience, in simple, low-cost packages. But it's CACE's AirPcap that gets the nod here, because of the included hardware adapter and the availability of the optional but very powerful and excellent Pilot reporting tool. Wireshark, which serves as the basis of the AirPcap product, is a popular open-source packet analyzer, so one could in theory assemble a Wi-Fi capture and analysis solution at no cost other than writing a little code and a bit of integration. But CACE makes it so simple that one can easily justify the very modest cost of its bundle.