Analyze This! The AirMagnet Laptop Mobile WLAN Analyzer

Using a technology AirMagnet calls SmartScreen, the AirMagnet Laptop displays the most important WLAN information on a laptop screen without using any scroll bars. The laptop analyzer, which requires a Cisco Aironet WLAN NIC, expands the capabilities of its Pocket-PC-based sister by letting users print various screens, capture more frames and view up to six charts of signal, CRC errors and frame retry information simultaneously.

We installed AirMagnet Laptop v2.0 on a 1.2-GHz Toshiba Satellite laptop with 256 MB of RAM running Windows XP at Network Computing's Real World Lab at Syracuse University. After using it for a week on several campus production and test WLANs, our general impression was positive. However, we're not ready to abandon either the Pocket PC version of AirMagnet or any of the full-blown wireless tools we use for in-depth protocol analysis.

At the Core

AirMagnet Laptop's start screen displays a broad overview of information about the WLAN environment, including signal and noise levels for all 802.11 channels as well as a list of known access points and their signal/noise levels, SSID and WEP configuration. In our first tests, when we selected the signal or noise values on the infrastructure screen to drill down for further information, the entire AirMagnet program crashed. We reported this problem to the vendor; the company quickly sent an update that fixed the bug, and the problem didn't repeat.

AirWISE, the laptop version's expert analysis engine, guides technicians--even those who don't necessarily have in-depth knowledge of WLAN protocols--in monitoring a wireless network's health and troubleshooting problems. The channel screen provides detailed information for individual channels, and the infrastructure screen displays a hierarchical directory-like structure of detected APs, infrastructure/ad hoc mode stations and an 802.1x user list. Depending on the device selected, additional details such as speed and frame-related information can be gathered. The product also indicates the wireless network's top talkers (AP and stations).

AirMagnet Laptop displays the basic sources of performance problems in the WLAN environment, including frame errors, retries and excessive bandwidth usage by particular stations. The analyzer specifies the source and destination addresses of devices involved as well helps pinpoint problems. One of the more useful features is the diagnostics utility, which lets users select a client, step through the entire association and authentication process, and determine precisely where a failure is occurring. AirMagnet Laptop also includes several useful client utilities, among them customizable ping and traceroute tools that are helpful in troubleshooting network problems.

Given the heightened interest in WLAN security, we were particularly interested in AirMagnet Laptop's security assessment system. We were able to detect APs not using WEP, APs using factory default SSIDs as well as rogue APs and client stations. Detection of the default SSID of a 3Com HomeConnect Wireless Gateway in the lab set off the analyzer's alarm. In some respects, this tool is similar to the Security Audit template of WildPacket's Airopeerk NX (see "Sneak an AiroPeek at WLAN Stats").

To detect rogue APs or stations, MAC addresses of all legitimate devices have to be added. Any unlisted AP or station is immediately discovered and flagged. AirMagnet Laptop goes beyond simple security analysis; it has full support for the 802.1x authentication standard, including Cisco's LEAP, TKIP and the MIC security protocols. It gives information on the EAP type and the 802.1x user identities. The diagnostics utility also can be used to troubleshoot failures in 802.1x authentication. Plus, the software monitors for PPTP, L2TP, SSH and IPsec VPN tunnels.

To check out the system's intelligence, we installed an older, defective, wireless broadband gateway known to continuously reset itself. The AirMagnet Laptop analyzer detected the problem and provided a useful and fairly impressive diagnosis.

The product also provides site survey tools, which we used on a recently installed WLAN. After selecting a reference AP, we monitored the signal and noise values along with packet loss and retry details at a number of different locations. At each location, we clicked on the Log button and entered a description of that location. If this had been a real site survey, we could have used the information to map the results.

No Substitute for True Protocol Analyzer

AirMagnet is careful not to position the laptop version of its product as a full-blown protocol analyzer, and with good reason. Unlike WildPacket's Airopeek NX, where the packet decodes can be viewed as data is captured, AirMagnet's packet capture must be stopped to decode it. In addition, it doesn't provide any information about higher layer protocols and the product lacks the peer mapping functionality found in most analyzers. In short, don't rely on AirMagnet if the environment requires true protocol analysis capabilities. Although the laptop system worked as expected, there's no question that the Pocket PC version is better suited to this task.

At the NWC lab, we consider the AirMagnet Pocket PC version a must-have product for most WLAN environments. However, it's not clear where the Laptop version fits in the market. It doesn't have enough functionality to go head-to-head with full-featured wireless analyzers, and it lacks the innate portability and elegant simplicity of the Handheld version. While AirMagnet Laptop effectively consolidates the multiple screen views found on its sister product and provides more flexible output capabilities, there's really not enough added value to offer an enthusiastic recommendation.

Dilip Advani is a research associate at the Center for Emerging Network Technologies at Syracuse University. Dilip's experience includes working as a network engineer and as a Telecom consultant. Send your comments on this article to him at [email protected].