Like the products that use PC Card NICs, Yellowjacket requires dedicated power from internal batteries. But unlike the PC Card sleds whose batteries charge along with your PDA, this product comes with four AA batteries that must be charged with an external unit, and battery life is quite limited--about two hours in our experience. Other products we worked with had useful battery lives of six to eight hours or more when using Compaq's PC Card sled with integrated battery. We'd like Yellowjacket to be equipped with a better power system that includes easier charging and better battery life. Yellowjacket's proprietary radio can analyze 802.11 traffic, but it is the only product tested that cannot function as a node on an 802.11 network, which limits its ability to perform user-oriented tasks, such as connecting to APs and measuring performance.

When we powered up Yellowjacket, the spectrum-analyzer screen appeared, showing us an oscilloscope-like view of 100 MHz of radio spectrum from 2.4 to 2.5 GHz, covering all 14 WLAN channels. (Each 802.11 channel is 22 MHz so there is considerable overlap, which can be a source of performance problems.) By selecting the peak-hold function, we were able to see the 802.11 waveforms in the bands where WLAN devices were active, as well as any other RF interference that existed, including our microwave oven, whose RF emissions were visible from our break room down the hall. Good thing we don't use the microwave to defrost pot roast. You can view three separate traces and save a snapshot of the spectrum screen, to be viewed later. Unfortunately, you can't name the snapshots individually. Although Yellowjacket assigns each snapshot a unique name, we expect more control from such a costly device. That limitation is characteristic of Yellowjacket: It's a functional device, but it won't win any awards for programming elegance (nor for spelling--analyzer is misspelled on the product's initial splash screen). On a more positive note, Yellowjacket is the only analyzer that can detect multipath-interference problems. For some RF-hostile sites (such as warehouses and metal buildings), this feature alone is worth the price of admission since it can aid you in selecting alternate antennas, adjusting power output levels or applying more RF-friendly materials to some walls.

At Layer 2, we used Yellowjacket to detect APs and the system displayed the device's channel, signal level and WEP status. We located APs using the built-in Geiger-counter utility, though the directional antenna made it no easier than competitors' products to detect these systems. In addition, while the visual indications are effective, audio feedback was not as useful as on the WaveRunner and AirMagnet products.

Features List click to enlarge

To detect rogue WLAN devices, Yellowjacket compares discovered devices to an internal list of known MAC (Media Access Control) addresses. Managing the authorization list is easy, and device lists can be imported from text or Excel files. The WLAN utilization screen displays bandwidth utilization for individual channels and percentage of traffic by 802.11 transmission speed.

The BVS Chameleon Data conversion utility converts data captured by the analyzer, which can be processed using Microsoft Excel. This is not true protocol analysis. It's also a little crude, but it can be useful for some troubleshooting tasks, as it provides a sortable and searchable presentation of 802.11 data and management frames.

Yellowjacket WLAN test receiver 3.0, $2,800 for Yellowjacket module with software; $250 for directional antenna option. Berkeley Varitronics Systems, (732) 548-3737. www.bvsystems.com

Fluke Networks WaveRunner Wireless Network Analyzer

The WaveRunner competes most directly with AirMagnet, providing passive channel scanning as well as design and troubleshooting tools. Unlike AirMagnet, WaveRunner is built on a Linux OS. This is both a blessing and a curse. Some techies will applaud the use of a powerful, non-Microsoft OS, and the user interface is appealing. However, Linux has almost no traction in the PDA market and you'll give up the flexibility associated with Pocket PC, which has better integration with external systems and a much broader base of applications.

Consistent with its tradition of delivering a range of network-analysis devices from simple to complex, Fluke views a handheld analyzer as a field device that should provide the summary information most pertinent to troubleshooting. For this reason, WaveRunner doesn't try to do everything. You won't find AirMagnet's and Sniffer's packet-decode capabilities, and there's no Layer 1 analysis like Yellowjacket's. Fluke has adopted the KISS principle, and focuses on such tasks as detecting WLANs through beacon analysis, overall WLAN traffic analysis, identification of busiest nodes and troubleshooting client logon problems. Fluke does understand the need for in-depth protocol analysis; its OptiView Integrated Network Analyzer is a slick tablet device that provides full analysis capabilities similar to those of Sniffer Wireless' laptop version or on Wild Packets' Airopeek (see "Companion Offerings," at right).

WaveRunner comes bundled with Fluke's 802.11 NIC. The system includes drivers for several other wireless NICs, and though you can't use them for detailed analysis, you can verify their functionality on the network. We successfully tested Cisco Aironet 350, Symbol's Spectrum 24 and Proxim's Orinoco Gold wireless NICs.

WaveRunner's navigation capabilities are excellent and, like most of the analyzers tested, located APs through passive scanning, providing information on RF channel, SSID, WEP status, clients connected and signal strength. Like Yellowjacket and AirMagnet, the WaveRunner has a device-locator utility that uses a bar graph and variable-frequency sound to help you locate APs. We used this feature to locate a rogue AP in our facility.

Initially, all wireless devices are marked as unknown, but we could mark devices known or rogue. We even added audio comments for each device, a feature unique to this product and a handy capability for field investigations. Although WaveRunner lacks the expert analysis found in AirMagnet, the product provides some limited diagnostic tools, including excessive channel traffic and errors.

WaveRunner includes a number of utilities, such as a link test tool that lets the analyzer act as a client and connect to any access point, and simple to use software-upgrade tools. A network-validation test lets the administrator verify client connectivity. The integrated Web browser, meanwhile, lets you access Web services on the network. We used the throughput test to measure performance using ping and FTP; the results were more consistent than with AirMagnet. These tests can also be performed with third-party WLAN cards, which may help you understand whether certain adapters are encountering problems in fringe-coverage areas.

WaveRunner also has extensive reporting capabilities, including rogue equipment, site deployment verification and traffic analysis. Reports can be generated in HTML as well as CSV formats. Overall, we were impressed with WaveRunner--as a version 1.0 offering. But other products provide a broader range of advanced features and functionality on a more broadly supported OS platform.

WaveRunner Wireless Network Analyzer, 802.11b tester, $3,995 (includes Compaq iPaq and PC-Card expansion sleeve). Fluke Networks, (800) 283-5853, (425) 446-4519. www.flukenetworks.com

SUB: Network Associates Sniffer Wireless PDA 1.0

Sniffer PDA provides the extensive packet-capture and decoding facilities the other analyzers are missing. Although functional as a standalone unit, the device is designed as a companion to Sniffer's laptop wireless analyzer. The analyzer software runs on a Compaq iPaq using a Symbol Technologies wireless PC Card NIC. The wireless PDA version has most of the laptop's features, but its limited screen size cuts down on usability. Captures can be saved for subsequent analysis on other Sniffer analyzers, but we don't find tremendous value here. For the really tough problems that require protocol analysis, most network engineers would carry their Sniffer-enabled notebook computer into the field. We can't really see first-level technicians using this product in the field.

The dashboard monitor view gave us overview details on network utilization and the number of data, control, management and error packets. Aside from security, performance will likely concern enterprise IT professionals, if not at the time of original rollout, then certainly as the system increases in popularity with users. Sniffer meets these needs by providing good overviews of network utilization, including a top-talkers feature that is nicely implemented. Drilling down a bit, the matrix view monitors host conversations on the network. We did note that the handheld version is missing the matrix graph found in the portable PC version. This graph draws different host conversations and indicates the conversation occupying most bandwidth, using the thickness of the line on the graph. This feature helps administrators catch the culprits at a glance and could be a useful feature to include in the forthcoming releases if Sniffer can overcome some of the limitations of the PDA screen size.

True to its heritage, this analyzer excels at packet analysis. When you enter the appropriate WEP keys, the analyzer can decrypt and decode encrypted packets, though this simple form of eavesdropping will not be easy to replicate in future environments that implement more secure dynamic encryption keys. Capture filters help you select the packets to be captured depending upon the station, type of packet (control, management and data packets) or various combinations. Triggers start and stop the capture of packets when an alarm signals that a defined threshold value has been exceeded. It is also possible to schedule packet capture for any time of the day. Post-capture views include traffic details, top talkers, host conversations and protocol distribution. As noted, these post-capture trace files can be transferred to some of the other Sniffer products for further analysis. In fact, Sniffer designed the system for these kinds of field-capture operations, and they include options for CompactFlash and PC Card hard drives needed for large captures. The decode view is divided into different panes on the screen, providing a summary of the packets captured, DLC (Data Link Control)-layer information and each packet in the hexadecimal and ASCII format.

The product performs some basic security analysis, such as WEP detection, association, authentication problems and rogue-device detection. Expert analysis detects the rogue devices after comparing the MAC addresses of the APs or radio workstations with the database of known devices. However, its security analysis pales in comparison to that provided by AirMagnet, which continues to add new security alarms with every release. The expert analysis also notifies the administrator about many other problems, including multicast/broadcast problems, CRC (cyclic redundancy check) and PLCP (Physical Layer Convergence Protocol) errors, channel mismatches and LAN overload.

Sniffer Wireless PDA is an excellent field companion to the laptop version targeted at experienced data network engineers. Field technicians can capture field traces and e-mail them to more experienced staff for further analysis. If Yellowjacket is the tool of choice for advanced physical layer, Sniffer PDA provides equivalent advanced analysis capabilities for higher layers. But for less experienced technicians assessing daily wireless problems, the AirMagnet and Fluke products are probably more useful.

Sniffer Wireless PDA 1.0, $3,995 for software (perpetual license). Network Associates, (800) 338-8754. www.networkassociates.com

Dave molta is a senior technology editor at Network Computing. He is also an assistant professor in the School of Information Studies at Syracuse University and director of the Center for Emerging Network Technologies. Molta's experience includes 15 years in IT and network management. Write to him at dmolta@nwc.com.

Post a comment or question on this story.