AiroPeek NX
By Jim Geier
June 5, 2002
Price: $3,495 MSRP
Wildpackets' AiroPeek NX
is software that performs packet analysis of IEEE 802.11 wireless LANs in support
of security audits, site surveys, network management, and troubleshooting.
Pros:
- Rich security auditing features
- Broad protocol support
- Flexible packet filtering
Cons:
- Priced high for some organizations
- Limited NIC and operating system support
There's little argument, AiroPeek NX is an excellent 802.11 analysis tool.
The product's special focus on security auditing and flexibility in capturing
numerous protocols makes it a must for anyone supporting an enterprise-wide
wireless LAN.
The only difficulty I had with AiroPeek NX was identifying its negatives. Although
the product's price is relatively low compared to competitors, smaller Information
Services organizations and the many "one-person integrators" will
have difficulties affording it.
The need for a special radio NIC for tools such as AiroPeek NX is common. The
idea is to be cognizant of this and purchase the correct NIC, the cost of which
is relatively insignificant compared to the price of the software. Also keep
in mind that AiroPeek NX only runs on Windows 2000 or Windows XP.
Basic Features
AiroPeek NX captures and decodes packets, with special emphasis on the 802.11
protocol. AiroPeek NX receives all wireless LAN packets based on user settable
configuration parameters and stores these packets in memory. For example, you
can set a filter to capture all packets, only 802.11 authentication request
frames, or all frames except beacons frames. Just about any combination of packet
types and protocols are possible.
I found AiroPeek NX's packet filter flexibility very important to limit the
capture size and narrow down a search for specific protocol events. I like the
alarm feature that indicates the occurrence of a user-defined event, such as
the reception of a suspicious packet not belonging to the network. In addition,
a configuration screen lets you choose which set of RF channels to scan, and
you can easily set 802.11 NIC configurations, such as SSID, WEP keys, etc.
The user controls the length of time a capture runs by manually stopping the
process or indicating the maximum buffer limit. Of course, packets fly by at
lightning speed, but AiroPeek NX temporarily stores associated packets for viewing
at your leisure. You can save the results of the capture to a file for later
use and run a multitude of statistics and expert analysis tools.
A nice feature within AiroPeek NX is its ability to color-code specific packets
and 802.11 frames to ease the analysis process. Gauges provide continuous real-time
information, such as percent network utilization, packets per second, and error
per second, whether or not you have a capture in process. This provides a reference
to quickly see the real-time affects of one or more users surfing the Web, checking
email, etc.
The capturing of packets is only the first step in analyzing a wireless LAN.
The next step is to decode these packets, which is when AiroPeek NX really shines.
The software decodes 802.11 and other protocols, and you can readily view a
list of the packets along with corresponding information such as source address,
destination address, data rate, protocol type, etc. You view details by clicking
on a particular packet, which offers a view of individual packet field contents.
For example, you can drill down quickly and see whether the power save bit of
a particular stations data frame is a "1" or a "0."
When viewing the details of a packet, AiroPeek NX displays a short summary,
including packet length, data rate, signal level, etc. The display also shows
the value of each 802.11 field, as well as the headers and payloads of other
protocols, such as TCP/IP and AppleTalk, contained within the body 802.11 data
frames. AiroPeek NX displays corresponding data in both hex and ASCII formats,
which provides raw data that you can use as the basis for deeper analysis if
necessary.
AiroPeek NX not only supports the analysis of protocols -- it's also an excellent
learning tool. For one of my recent workshops, I'd prepared several capture
files of various protocol activities, such as RTS/CTS, fragmentation, authentication/association,
etc., to show people how the 802.11 protocol operates. System integrators could
easily understand the concepts by seeing the protocol in action.
You'd be amazed by the amount of packet traffic that can occur on a wireless
LAN, even when people are not using the network. Most of the traffic is access
point beacons, but occasionally other network devices can generate a large amount
of overhead traffic. Because you can view all packets, the use of AiroPeek NX
makes it possible to find the problem and minimize overhead.
For example, I used AiroPeek NX to sniff the packets on a wireless LAN at a
local company, and found a large number of broadcast packets other than 802.11
beacons. Based on the capture file, we took note of the applicable IP addresses,
which pointed us to a server on the Ethernet side of the network. This prompted
the company to place a router between the wireless LAN and the server, a solution
that decreased utilization 30 percent.
Setup/Installation
I found the setup and installation of AiroPeek NX very easy to accomplish.
I'd initially downloaded the free demo version of
the software directly from Wildpacket's website. The demo allows you explore
all of the features, but you have limitations on the length and storage of the
captures. The demo only whet my appetite. The only glitch I had during setup
of the full version was that I found that AiroPeek NX didn't support the NIC
in my laptop. After a quick change I was up and going in a total of about ten
minutes.
At the time of my testing, AiroPeek NX was capable of interfacing with the
following network cards:
- 3Com AirConnect 11 Mbps DSSS PC Card
- Cisco Systems 340 or 350 Series Wireless LAN PC Card
- Intel PRO / Wireless 2011 LAN PC Card
- Nortel Networks e-mobility 802.11 PC Card
- Symbol Spectrum24 11 Mbps DS PC Card
- Lucent/Agere ORiNOCO PC Card
AiroPeek NX supports a limited set of cards because of the time involved with
adapting and qualifying specific vendor drivers. It's always a challenge to
support multiple radio NICs in such a product because of version control issues
with vendor-supplied drivers. AiroPeek NX is forging ahead, however, and will
soon support 802.11a with the Proxim Harmony CardBus Card 802.11a.
Security Auditing
AiroPeek NX's Security Audit Template creates a capture window that triggers
a notification when a packet matches various custom security filters. The template
includes pre-defined filters that look for common wireless LAN security issues.
For example, this feature can track access points using known vendor default
SSIDs and find unknown hosts trying to obtain DHCP
(Dynamic Host Configuration Protocol) addresses.
Expert Analysis
AiroPeek NX performs expert diagnostics in real-time, during capture. An expert
view provides analysis of latency, throughput, and many common network problems.
Users can also define settings and thresholds to fine-tune the Expert System.
The program's Expert ProblemFinder offers descriptions, causes, and remedies
for each of the problems that the expert analysis identifies. I know in past
projects it would have been handy to have this tool to detect IP address issues,
timeouts, etc.
Expert Mapping
The very intuitive AiroPeek NX Expert Peer Map indicates communications between
nodes on the network. The line thickness illustrates the level of traffic, and
you can customize the view through filtering parameters. This mapping feature
was extremely valuable to visualize the level of activity of each access point.
Maintenance Program
Wildpackets offers a multi-level maintenance program for AiroPeek NX. Level
I maintenance is available for twelve or twenty-four months and offers priority
technical support via telephone, electronic mail, and fax. Higher levels of
support include remote trace file analysis, which is important if you can't
figure out what's wrong with your network.
Summary
I certainly recommend AiroPeek NX for analyzing wireless LANs. The product
gives you detailed insight into 802.11, as well as other protocols such as TCP/IP.
Its ease of use and flexibility will enable you to uncover just about any security
or performance issue.
Jim Geier provides independent consulting services to companies
developing and deploying wireless network solutions. He is the author of the
book, Wireless LANs
(SAMs, 2001), and regularly instructs workshops on wireless LANs.
Don't miss Jim Geier as one of the featured speakers at the 802.11
Planet Conference and Expo next week. He'll be giving a workshop on RF Site
Survey Basics, and speaking on panels discussing wireless data and home networking.
|
Quality Management ROI Calculator - Focus on Test Automation
IE 7
Firefox 2.0
