Wireless LAN Tools: Building Your Toolkit (Part 2)
July 27, 2004
In part two of this four part study, we focus on choosing the tools you'll use to analyze your wireless local area network.
Like their wired counterparts, Wireless LAN analyzers provide packet capture, protocol decode, traffic analysis, alerting, trending, and reporting for 802.11 networks. Many also provide wireless-specific functions like spectrum analysis, net stumbling, site survey, and rogue detection.
In Part 1 of this article, we identified several open source and commercial WLAN Analyzers. Now it's time to pull together a WLAN Analyzer toolkit to support common WLAN planning, administration, and trouble-shooting tasks.
Choosing your platformsFirst, we'll need to select a Pocket PC, laptop, or desktop on which to install WLAN analyzer software. With a few noteworthy exceptions (e.g., Fluke OptiView, Tektronics WCA300), these tools don't require dedicated systems. You can probably reuse devices that you already own, but keep in mind that you can't passively capture traffic and actively send traffic without using multiple network adapters.
A Pocket PC is a good choice for tools used during WLAN planning and ad hoc intrusion detection. Obviously the PPC's big advantage is portability -- it's easier to wave a PDA around than even an ultra-light laptop. However, PPCs also have limitations:
Many 802.11b Compact Flash and 16-bit PC cards are currently available for PPCs. However, 802.11g or 802.11a WLAN analyzers for the PPC platform are rare. One product that offers that capability is BVS Yellowjacket; this software uses a custom 802.11b/g or 802.11a PC card and iPAQ sleeve, purchased with or without the iPAQ.
PPCs have limited battery life, and active network adapters just make that worse. For best results, use a PPC with an extended life battery, purchase extra batteries, and bring a battery recharger with you on site surveys.
PPCs have limited display "real estate" and storage, but you can capture traffic on your PPC and transfer those files elsewhere for replay/review, analysis, and reporting. Use removable media to move large captures off your PPC when you're in the field and can't readily ActiveSync those files onto a PC.
Laptops are undeniably the most popular platform for WLAN analysis. They combine portability with larger displays, bigger disks, and more horsepower than PPCs. More importantly, most laptops have a 32-bit PCMCIA slot to support a broad set of 802.11a/b/g adapters. As we'll see, matching tools with WLAN adapters can be tricky, so using a laptop as your WLAN analysis platform can be a big time-saver. Outfitting your laptop with adequate storage is important, since capture files can grow quite large. However, most WLAN analyzers apply size limits and circular buffers to help you manage disk space.
Using a fixed desktop to analyze mobile traffic might sound odd, but desktops can play an important role. Uploaded captures can be examined on larger screens, reports can be exported and printed with greater ease, and files can be archived onto networked servers for later reference. Desktops can also provide a platform for continuous WLAN monitoring, using event triggers to kick off recording or alert forwarding to a central server. In fact, WLAN intrusion detection systems use fixed sensors for this very purpose, packaged as appliances instead of desktop software to ease deployment.
You don't need to adopt just one platform for WLAN analysis. Any good toolbox contains a variety of tools that excel at different tasks. Look for tools that generate common capture file formats to maximize data interchange options. Using similar products on multiple platforms can reduce training -- for example, AirMagnet Handheld, Laptop, and Distributed share a common base and therefore look and feel. Adding wireless to a LAN Analyzer you already know can also be handy -- for example, the same Network Instruments Observer and open source Ethereal software can be used with 802.11, 802.3, and many other network adapters.