AirMagnet 1

By Cameron Sturdevant  |  Posted 2002-05-06 Print this article Print

.2 Reveals WLAN Trouble Spots"> AirMagnet Inc.s AirMagnet Sniffer works right, right out of the box—much to its credit and to network administrators advantage and earning it an eWeek Labs Analysts Choice award.

eWeek Labs ran the AirMagnet Version 1.2 protocol analyzer on a device that represents new territory for this genre of product—a handheld computer, namely a Compaq Computer Corp. iPaq. AirMagnet provided "just-the-facts" details about 802.11b traffic it detected—no protocol decodes but 802.11b traffic statistics that are essential to performing wireless network security audits and site surveys.

AirMagnet, which started shipping last month (at the same time the company announced it was going into business), costs $2,495 for detection software and an 802.11b card (in our case, a Proxim Inc. Harmony card). The handheld device is not included in this price.

The AirMagnet system is not cheap, and IT buyers would be wise to question whether a company this new will be around to support its wares in the future. While AirMagnet is just getting started as a company, however, its founders and designers are all industry pros that developed solid products we tested years ago, including NetXRay from Cinco Networks Inc., which was purchased by Network Associates Inc.

Well go out on a limb and say that the simplicity and elegance of the product make it worth the cost and that the caliber of the companys founders and product developers should ease buyers minds about future support.

Buyers should also bear in mind, however, that Network Associates is slated this week at NetWorld+Interop to announce a handheld version of its Sniffer product line, called Sniffer Pocket.

With other wireless sniffers weve tested, we had to set up filters, start and stop captures, wade through piles of documentation, and drag a power-hungry laptop with an even more power-hungry wireless card around the office to get our traffic samples.

With AirMagnet, in contrast, we simply loaded the software, recognized the card, turned the system on and started sensing traffic.

AirMagnet automatically scanned all the frequencies available in 802.11b and consistently pointed out which channels had real traffic, as opposed to those channels that were carrying spillover radio signals.

AirMagnet is not a protocol analyzer in the sense that it can decode TCP/IP application traffic. But thats OK because front-line technicians performing site surveys and network managers doing security audits dont need Layer 3 and 7 information to perform quick checks.

That said, we could use AirMagnet to do simple Layer 3 trouble-shooting. For example, we were able to select our access point from among many in our Foster City, Calif., test lab and send a ping over it to make sure it was communicating with the wired network.

We were also able to use AirMagnet as a type of rogue access point locator. The coolness factor went up almost immeasurably as we used the AirMagnet-loaded iPaq in full "tricorder" mode to zero in on unauthorized access points. It almost goes without saying that this is the same way that IT managers conducting a site survey can determine where to place access points for the best coverage before installing end-user stations.

The AirMagnet is a good security tool for ferreting out rogue access points but should also serve as a reminder to network administrators about the vulnerability of wireless networks.

AirMagnet, unlike the very able shareware utility NetStumbler (available from, operates in a completely stealth mode and only "listens" for packets.

Malicious users of the product couldnt do much more than discover the existence of a wireless LAN and the location of access points, but the malicious person could do so without network administrators ever knowing.

The only exception we found to this was when we used AirMagnet to generate traffic to test the performance of an access point during a site survey. Here, AirMagnet had to associate with the access point and send traffic, which was then detectable.

Senior Analyst Cameron Sturdevant can be contacted at

Cameron Sturdevant Cameron Sturdevant has been with the Labs since 1997, and before that paid his IT management dues at a software publishing firm working with several Fortune 100 companies. Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility, with a focus on Android in the enterprise. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his reviews and analysis are grounded in real-world concern. Cameron is a regular speaker at Ziff-Davis Enterprise online and face-to-face events. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel