AirMagnet Laptop Analyzer 5.0

The Right Stuff

AirMagnet claims to have more than 2,000 customers, and we can see why it's so popular--we rely on AirMagnet in our Syracuse labs as a day-to-day troubleshooting and analysis tool. You can piece together freeware tools to accomplish much of what AirMagnet does, but if your wireless network is growing, you'll solve problems more quickly with the right product. At $3,500, AirMagnet isn't cheap, but the ROI can be significant.

Unlike wireless protocol analyzers from Fluke Networks, Network General, Network Instruments and Wild Packets, AirMagnet offers only rudimentary packet decoding and analysis. Despite this, the product's AirWise expert system does a credible job of aggregating and analyzing network traffic, letting AirMagnet provide a high-level assessment of security and performance problems. It also detects rogue devices, attacks and internal wireless policy violations. It tracks more than 130 potential wireless problems, and you can customize the tracking to conform to your network policies.

AirMagnet also is a powerful learning tool for wireless network managers looking to better understand both common and obscure wireless security and performance problems. Version 5.0's new integrated reporting capabilities are first-rate and can provide regulatory compliance reports for the Department of Defense, GLBA, HIPAA and Sarbanes-Oxley.

License To Roam

AirMagnet sent me a beta of Laptop Analyzer 5.0. The first change I noticed was the new licensing model. Previous versions only let you tie the license to a specific network card, so you could run AirMagnet on multiple laptop computers. This old model lets a group of network technicians share a single copy of AirMagnet.

Version 5.0, though, also lets you tie the license to a specific laptop, giving you the flexibility to use it with any supported wireless cards--handy if you're trying to assess subtle differences in client behavior when using different network cards. However, given the product's lack of support for Intel's Centrino and many other popular wireless NICs, the value of this feature is questionable. AirMagnet has been working with Intel to add support for Centrino, but for now, at least, if your notebook uses Centrino, you'll need a PC Card wireless NIC to run AirMagnet.

Test Run

I installed AirMagnet using a Netgear WAG511v2 dual-band PC Card on a Dell Latitude D610 laptop with an integrated Centrino 802.11 a/b/g interface. AirMagnet's custom drivers take full control of the wireless card so you can't use the same wireless interface to run AirMagnet and to access wireless services through Windows. Fortunately, I was able to use the Centrino interface to access network resources through Windows. AirMagnet says it's working on a more flexible driver architecture that will let users more easily switch between its app and Windows network services.The well-designed AirMagnet start page provides a graphical and hierarchical text-based view of wireless traffic organized into several panes. Signal level is displayed across all supported channels, and the system is sensitive in detecting even distant wireless devices.

I easily toggled between 2.4-GHz 802.11b/g and 5-GHz 802.11a monitoring. AirMagnet scans every channel sequentially, capturing and analyzing traffic on each. By default, it spends 250 milliseconds on a channel before moving to the next one, but you can configure the dwell time to focus the system's monitoring capabilities on the busiest channels. Tabs at the bottom of the start page let you access other program modules easily, including a view of a single channel's traffic, the AirWise expert analysis system interface, a protocol decode page and useful utilities.

AirMagnet is known for its intrusion-detection capabilities, but I discovered that intrusion detection is still as much an art as it is a science. After I installed the product in our lab, it immediately began generating alarms suggesting a possible denial-of-service attack on our network, based on what appeared to be exceedingly high RF noise floor on certain channels. After using a spectrum analyzer to verify the noise didn't exist, I discussed the problem with AirMagnet. The company attributed the problem to a driver glitch with my Netgear card and said it's working on a fix.

Detailed Information

AirMagnet's UI has always been strong, and the company has made subtle improvements to information presentation. More notable are version 5.0's enhanced reporting capabilities, which will help network managers more effectively respond to management requests for periodic wireless system audits. Each major program model includes one or more context-specific reports. For example, from the start page, I easily generated reports that provided summaries of overall RF statistics, APs (access points) and stations. These reports can be stored and organized for further analysis. Report data also can be exported as a text file in CSV format. However, more flexible external reporting capabilities would be useful.

AirMagnet's AirWise analysis system aggregates and analyzes network traffic and presents detailed alerts and alarms for both security and performance. During a 30-minute scan of wireless traffic at the recent NetWorld+Interop conference in Las Vegas, it generated more than 150 security-related alerts/ alarms and 65 performance-related alerts and alarms, as you would expect from a trade show demonstration of wireless features.

The security and performance events are classified in a hierarchical tree so you can drill down. For example, the system detected 55 configuration vulnerabilities, six denial-of-service attacks, and 92 user authentication and encryption problems. On the performance side, AirMagnet generated 27 events signaling deployment and operation errors, 20 related to problematic traffic patterns and 20 associated with RF management issues.AirMagnet also comes with useful troubleshooting tools. Some provide general network-troubleshooting services, including ping, traceroute, DHCP, whois and performance assessment. Others are more wireless-specific, including basic site-survey, jitter, roaming, signal quality and performance. All the tools are well-implemented and come with nice, easy-to-use interfaces.

Dave Molta is a Network Computing senior technology editor. Write to him at [email protected].