Wireless tool uncovers network flaws

New Sniffer Wireless protocol analyzer pinpoints companies' performance and security problems.

Network Associates Inc.s Sniffer Wireless, the first wireless protocol analyzer on the market, does a good job of showing network managers airborne network problems and security flaws. Although wireless hardware products often include utilities that can reveal some of the same problems, Sniffer Wireless provides a complete picture of the wireless network.

The high-end software product, which is available now through Network Associates early adopter program and is set to ship next month, ranges in price from $11,999 for two years to $17,995 for a perpetual-use license.

Sniffer Wireless will likely take on greater security and intrusion detection duties than its wired counterpart (on which this version is based) because the product can sense all radio transmitters and receivers that may be attempting to operate in the same area. For example, we immediately found other transmitters in use in eWeek Labs that were not part of our test. These units turned out to be part of a test by eWeeks sibling publication, PC Magazine. Managers in organizations that are deploying wireless networks could just as easily find out that the business on the next floor down is using 802.11b wireless technology, which may be responsible for poor network performance or even security breaches.

Of course, Sniffer Wireless needs the same WEP (Wired Equivalent Privacy) encryption key as any other mobile unit (a PC or another device using a wireless network adapter) to access and decode encrypted wireless traffic. However, wireless control packets, which carry instructions on how a wireless network is shared, are not encrypted and can be clearly seen by Sniffer Wireless. Even without the proper WEP key, Sniffer Wireless can tell how much traffic is being carried on each of the 11 channels supported by the 802.11b specification.

Managers do have other ways of getting information on wireless networks. Many of the statistics and performance measures that Network Associates product shows can be obtained, albeit with more work and without as much finesse, with the utilities provided in most wireless cards and access points. For example, access points know how many mobile units they are servicing. In addition, mobile units often have utilities that readily tell signal strength. Further, Network Associates competitor WildPackets Inc. made a prerelease version of its AiroPeek product available Dec. 22; that product is expected to ship in March.

Works like a (Sniffer) Pro

network managers who are accustomed to Sniffer Pro, Network Associates wired equivalent of Sniffer Wireless, will be at home with the layout and use of the controls. After we installed the software and a wireless network card from Symbol Technologies Inc. in a laptop computer (the network card is not included with the software), it was a snap to begin sniffing for wireless traffic.

Although the Sniffer Wireless network card is known to the access point, it is passive and generates no traffic, so it cannot cause problems by becoming a "hidden transmitter." And because Sniffer Wireless is passively sensing traffic, it consumes no appreciable bandwidth of its own.

We got information about the test wireless network by accessing several tabs in the softwares Dashboard, where Sniffer Wireless shows network utilization, packet throughput and errors. In the wireless tab, we were immediately able to see the amount of data, management and control packets on the wireless network. Sniffer Wireless was also able to break up statistics by data rate so we could see at a glance the amount of traffic being transmitted at 1M bps, 2M bps, 5.5M bps and 11M bps.

Two things that we found much more conveniently with Sniffer Wireless than we could have with built-in utilities alone were the Basic Service Set and Extended Service Set IDs, which govern peer-to-peer and distributed networking using wired and wireless networks. This should allow network managers to better track which mobile devices are receiving wireless services from which access points for load balancing and security purposes.