Network managers are often forced to work “in the dark” when it comes to wireless networks. But tools for monitoring and analysing wireless networks are shedding light on 802.11a and 802.11b links.
AirMagnet’s Duo and Network Associates’ Sniffer Wireless provide significant information to network administrators charged with deploying and managing wireless LANs. Although the two products overlap in some areas, each has strengths in separate, critical areas of wireless analysis.
AirMagnet Duo excels as a site-survey tool, while Sniffer Wireless does a better job of packet decoding.
Both are available in handheld and laptop versions; we tested the laptop versions. The handheld products are far more convenient when walking through an installation, but the laptop versions provide more comprehensive display and reporting options.
AirMagnet and Network Associates sell the laptop versions of their tools as software that is installed by the customer. The AirMagnet Duo software ships with a NetGear 802.11a/b PC Card. Sniffer Wireless supports a variety of wireless NICs (network interface cards) from Proxim, Symbol Technologies, Agere Systems, Enterasys and Cisco.
Network Associates provided Sniffer Wireless on a laptop computer with Symbol 802.11b and Proxim 802.11a wireless NICs. In looking at both packages it’s important to remember that they rely on custom network drivers, so you cannot use this software with just any wireless NIC.
The big picture
When AirMagnet Duo launches, the first thing you see are twin graphs showing the strength of network signals and other signals (or “noise”) on all 802.11a and 802.11b channels. Next to the graphs is a table that lists all access points and all clients transmitting a signal. This first screen illustrates the AirMagnet’s strengths: It does a very good job of telling you what’s going on in the radio environment surrounding your wireless network.
In our case, we could see the effect of 2.4GHz cordless telephones on the noise level of the channels they share with 802.11b, and make decisions on access point channel assignment based on the information.
After showing the RF (radio frequency) details, AirMagnet performs a security audit of your wireless network. The software supports information on WEP (Wired Equivalent Privacy), 802.1x, LEAP (Lightweight Extensible Authentication Protocol), TKIP (Temporal Key Integrity Protocol), and MIC (Message Integrity Check), telling you which access points and clients are using the various authentication and encryption methods, which are broadcasting the SSID, and providing suggestions for improving security based on the settings it finds.
AirMagnet presents much of its information using graphs. One of the graphs that may surprise you is the speed at which transfers are taking place.
When the network adapter for one client indicated a 54Mbps 802.11a link (with excellent signal strength), AirMagnet showed that communications were actually occurring at 6Mbps. Similar results were seen on 802.11b, with AirMagnet indicating that several access points had dropped to 2Mbps to maintain a data link.
Monitoring the network
Sniffer Wireless opens with a dashboard graphical display showing throughput, link speed, network utilisation, and error counts. As with the AirMagnet Duo, the opening screen is a good indication of the strengths of the software.
Sniffer Wireless focuses on the performance of the network, bringing the same sort of monitoring to wireless networks that other Sniffer products provide for cabled links. Sniffer Wireless gives you a complete array of statistics on network performance, from various sorts of collision and error information to network utilisation and total throughput.
In addition to the basic statistics, Sniffer Wireless allows you to define a number of different performance measurements, including ping times and response times from defined clients to specific hosts. These application-based performance measurements can be critical tools for network managers trying to understand why users might see problems with particular programs.
Sniffer Wireless takes a database-driven approach to network security, focusing on detecting rogue access points and clients. Detected devices are compared to an address book of known devices, and an expert system analyses the differences and suggests corrective action. In our tests, a new access point was identified and labelled a rogue within seconds of appearing in the network.
Information in Sniffer Wireless is available in a variety of user-defined graphs, but most information is presented in table format as a default. This makes it easy to see specifics when an alarm is issued, but may make it more difficult to pick up problems during a human scan of the information.
Both AirMagnet and Sniffer Wireless offer a range of user-definable alarms to be issued in response to error conditions. Sniffer Wireless provides more alarm options, which is understandable — the software seems especially suited to deployment in an integrated network management scenario where alarms are the primary interface between user and software.
That point of deployment is the source of most differences between the two packages. AirMagnet is an ideal site-survey tool, with very good features for looking at the RF environment and judging how effectively access points are working with one another and with clients.
Sniffer Wireless is not as adept at site-survey tasks, due both to its array of features and the sensitivity of the wireless NICs under the control of the Network Associates drivers. The difference between the two packages was most apparent on 802.11a, where the AirMagnet frequently displayed the strength of signals that Sniffer Wireless could not find.
It is worth noting that AirMagnet provides information on 802.11a and 802.11b networks simultaneously, while Sniffer Wireless currently can monitor only 11a or 11b. Network Associates’ say that this will change later in the year when they complete development of a driver for an 802.11a/b combination card, but today there is a significant difference in this area between the two products.
If you are charged with deploying and managing wireless networks, both of these tools have a place in the toolkit. Sniffer Wireless will do more to tell you how the network traffic is performing as it moves across the wireless links.
This product also provides security analysis tools that make it easy to identify rogue components that may be brought into an existing network. Sniffer Wireless is a solid network monitoring tool that happens to specialise in radio as the physical layer.
AirMagnet Duo will be more useful when you’re trying to deploy a wireless network in a way that will require less troubleshooting after deployment. In its security analysis, it focuses on characteristics of access points that might make them more vulnerable to intrusion by unauthorised users.
AirMagnet Duo is a solid RF tool that happens to specialise in Ethernet as the traffic flowing across the connection.