Know thy WLAN
AirMagnet brings comprehensive network monitoring to wireless
THE PROMISE OF SIMPLICITY is one reason why wireless LANs are all the rage. No messy cables, just install an access point and some 802.11b (or Wi-Fi, as some prefer) cards, and unless you care about little details like security, you’re good to go, right?
That casual attitude may be enough when setting up a SOHO (small office/home office) network where there aren’t a lot of neighbors close by who might be tempted to do the same thing, but it won’t fly in a crowded urban setting where corporate data is being broadcast.
Securing and troubleshooting wireless networks involves unique challenges not found in wired networks, and fortunately, we’ve found an excellent tool for doing so in the AirMagnet Wireless LAN Handheld Analyzer. The AirMagnet analyzer is a specialized 802.11b card — an 802.11a model is due around year’s end — with software for Pocket PC-based handhelds. This is a natural platform choice: Laptops are simply too cumbersome to wave around in the air. Anyone responsible for a WLAN should have an AirMagnet, which has earned a score of Deploy.
Simple and smart
Outside of the WLAN card, the requirements for using AirMagnet are as vanilla as one might ask: A variety of Pocket PCs are supported, including the Compaq iPaq, the Hewlett-Packard Jornada (being phased out as a result of the HP-Compaq merger), and the Sharp Cassiopeia. Of course, the more RAM and available data space, the better; AirMagnet recommends keeping 8MB free for the software to use.
The mark of a versatile software-based LAN analyzer in the wired world is the capability of working with a variety of network cards — so long as they support the so-called “promiscuous” mode that allows the capture of any packet on the LAN, instead of the normal one that only accepts its own traffic. But the rules are different for wireless. The custom 802.11b card, made by Proxim for AirMagnet, is designed to capture low-strength traffic and noise that ordinary cards should ignore. Therefore, the dedicated hardware requirement that would ordinarily be a mark against AirMagnet, is actually a benefit.
As one would expect of a network analysis tool, AirMagnet provides a comprehensive set of tools for real-time performance and security monitoring, and it supports multiple WLAN environments through the use of discrete profiles. This makes the product equally useful for corporate and outsourced IT support staff. Site survey functions are also present, analogous to the cable testing and network mapping features of traditional wired LAN analyzers. Finally, the AirMagnet offers troubleshooting options, including trace file playback, packet capture and decode, and basic IP diagnosis tools such as ping, traceroute, and Whois.
Security is in the air
Perhaps the most interesting use of the AirMagnet WLAN analyzer is as a security assessment tool. Although the WEP (Wired Equivalent Privacy) encryption scheme used in 802.11b is a far cry from secure, it is better than nothing, and unless there’s a reason for permitting public access, is best enabled when the wireless access points are installed. The AirMagnet system can determine if access points are overloaded, which may indicate a DoS (denial of service) attack. It can also identify access points using factory default configurations; determine whether access points and clients are using WEP; or figure out if the WEP encryption is flawed because of an insufficiently randomized seed. AirMagnet can also go further and indicate that unauthorized access points are in use, or that “war driving” — the attempt of unauthorized passersby to access network resources — is taking place.
It slices! It dices!
We tested AirMagnet in a variety of environments, using a Compaq iPaq 3765 and AirMagnet software Version 1.2; Version 1.5 which shipped last week, includes 802.1x and VPN support. The documentation includes a pocket-sized reference guide as well as a user manual.
The slimness belies the user manual’s usefulness; we even found tips for wringing the most usefulness out of the Pocket PC. AirMagnet is the first “real” (non-PDA, that is) application that we’ve tested on this platform, so we felt the two pages of what would otherwise be assumed knowledge were justified.
The AirMagnet application performed well as both a site survey tool and a diagnostic appliance. The software’s AirWISE (AirMagnet Wireless System Expert) runs in the background, performing the data collection; identifying access points, clients, and signal characteristics; and providing solutions to common problems as they’re diagnosed. The data can be exported in comma-delimited format for analysis or consolidation with other reports.
AirMagnet is almost always scanning the available wireless channels as appropriate for the location. The WLAN card does have to switch from promiscuous to normal mode in order to use the IP tools or the other applications on the handheld that require a network connection. The user interface makes effective use of the handheld’s limited screen space to provide a maximal amount of useful data; views can be altered with a tap or two of the handheld’s stylus.
As is any other network analyzer, in the wrong hands AirMagnet is a weapon. But it’s the kind of weapon anyone who supports WLANs should have within reach. We have always believed that many shops foolishly cut diagnostic tools out of the budget in an attempt to save money, then find executives and users complaining because nobody can figure out what’s wrong with the network. There’s no reason to learn this lesson all over again with wireless networking; thus, WLAN deployments of any significant size should include an AirMagnet.