AirMagnet Handheld

If you’ve got a wireless LAN running in your network and you want to measure performance, or if you think there are rogue access points that you’re not aware of, you need a wireless LAN protocol analyzer.

The Reviewmeister tried out a bunch of WLAN analyzers and found that each tool has its own strengths and weaknesses. Here’s what you need to know. First off, WLAN analyzers usually consist of the same components used in WLANs: popular 802.11 network cards in either a notebook, handheld, or proprietary portable form factor.

The handheld analyzers usually consist of software on an HP iPAQ PDA. And because they are mobile, the handheld devices are used less for protocol analysis than for WLAN-specific features, such as surveying radio channels for signal strength and device populations. The range of a handheld device is similar to that of notebook-based WLAN analyzers, except that a handheld device is much easier to wave in the air while looking for a signal.

Our favorite tool was the AirMagnet Handheld. AirMagnet makes strong use of the user interface on the iPAQ, and delivers a lot of information on each screen. Through the use of color choices and understandable icons, we became rapidly productive with AirMagnet’s features and functions.

The AirMagnet gets the most out of the iPAQ’s small screen real estate. Icons that can rapidly change context or feature choice let us find the test problems/results quickly. AirMagnet provides an instant visual representation of what it has discovered, and immediately let us drill down to the WLAN objects in our test domain.

The software has two modes – expert and survey. We found that switching between these modes was initially confusing, but we adapted quickly. Survey mode audits what’s in the air, and expert mode allows probing or specific analysis of devices found. AirMagnet shipped a Cisco AiroNet 350 WLAN adapter to be used with its software.

There are up to 14 channels possible in 802.11b, although in the U.S., only 11 are used. An 802.11b analyzer should be able to survey all of the channels because users have the option of running equipment over both legal channels and illegal ones. The AirMagnet scanned all 14 802.11b channels, and delivered accurate signal and noise figures for the 802.11b devices we tested. AirMagnet also detected background interference from our microwave oven and 2.4 GHz cordless phone.

The AirMagnet had the best sensitivity of the handheld units – initially this presented a problem. It found adjacent WLANs blocks away from our test site.

The AirMagnet offered analysis of alarm conditions (such as an access point advertising its SSID or an access point with Wired Equivalent Privacy disabled). It also gave us performance data, such as clients sending a high rate of low-speed packets, or excessive beaconing, which can indicate a radio problem. We used the AirMagnet to associate with both ad hoc (clients) and infrastructure (usually access points) devices, obtain Dynamic Host Configuration Protocol (DHCP) addresses, and ping various nodes.

The software let us rapidly build access control lists so we could detect media access control (MAC)-layer addresses that were foreign to the network, so rogue WLAN devices could easily be detected and visually identified. We then used the AirMagnet to find the rogue devices by scanning for signal strength of the rogue device(s). Drive-by logon attacks also were correctly noted.

Finally, the AirMagnet also has easily invoked tools such as a ping, whois and DHCP controls. By the end of our tests, we were grabbing the AirMagnet to verify the other tools we were testing – a highly paid compliment. For the full report, go to: https://www.nwfusion.com/reviews/2003/0414rev.html