How AirMagnet watches Wi-Fi networks

How to plug in AirMagnet on a Compaq iPAQ to monitor WLANs

When you have to track down problems on your wireless network, dragging a laptop around isn’t always an option. As portable as laptops are today, they can still be cumbersome. This is where the power of your PDA comes in handy. In this article, I will show you how to use AirMagnet on a Compaq iPAQ to watch your Wi-Fi networks.

Author’s note
For the purposes of this article, I’ll be using an iPAQ 3850. AirMagnet will work on any Pocket PC compatible device that uses an Xscale or StrongArm processor. Make sure your Pocket PC device has at least 32 MB of RAM, but AirMagnet suggests that you have at least 64 MB for optimum performance.

Getting your iPAQ ready to handle AirMagnet
Two updates that you’ll want to install before trying to use AirMagnet are end user update 2 (EUU2 applies the latest fixes for CE) and the update for Bluetooth. Even though the iPAQ 3850 doesn’t have Bluetooth, some of the files in this update will also provide updates needed for the sleeve you’ll be using for the Wi-Fi NIC for AirMagnet. You can find the updates you need for this or the particular iPAQ you want at Compaq’s Support Web site.

While you are downloading some updates for your iPAQ, you should download the Remote Display Control for Pocket PC power toy. This will allow you to incorporate screen captures from Sniffer into documents you create. You can obtain it from Microsoft’s Mobile Web site.

The only accessory you’ll need from Compaq is the single PC Card sleeve. There are two different versions of this item. The main difference is one of the sleeves has a removable battery that can be used to extend the time between charges. Depending on how much you intend to use your iPAQ, using the sleeve with the removable battery may be the better choice.

Version 1.5 of AirMagnet includes a 350-series Wi-Fi NIC from Cisco. You don’t have to worry about installing the NIC driver; that happens automatically during the installation of AirMagnet. The last piece of preparation that needs to be done is to install ActiveSync on a workstation so that you can install the product.

Installing AirMagnet
AirMagnet installs on your iPAQ using ActiveSync just like any other Pocket PC program you’ve ever installed. During the ActiveSync install, you should have connected either a docking cradle or sync cable to your computer and to the iPAQ. Verify that the cable is connected and that the ActiveSync icon shows the iPAQ as being connected and synchronized. If this is not the case, power up the iPAQ and resolve the situation before proceeding.

Insert the AirMagnet CD into the CD-ROM drive of the workstation on which you just installed ActiveSync. Once AirMagnet has been installed, perform a soft reset on the iPAQ. You can then insert the PDA into the PC card sleeve. After the sleeve is firmly in place, you should see a message briefly appear on the screen about the sleeve initializing. Insert the Cisco Wi-Fi card that came with the product. The card should initialize in about 15-20 seconds. The iPAQ will appear to briefly freeze but will go back to normal momentarily. If you get any errors when inserting the Cisco NIC in the sleeve, perform a soft reset to resolve the problem.

Using AirMagnet
To start AirMagnet, tap on the Windows icon in the upper left hand corner of the screen and tap on AirMagnet from the list of installed applications. There are two modes you can use AirMagnet in, Site Survey and Expert. When you first start the application, it will default to Expert mode. You can change to the site survey mode by tapping on File | Change Mode | Site Survey.

You’ll use the Site Survey mode when you want to locate a clear channel for setting up a new Wi-Fi network. You can also use Site Survey mode to avoid any cochannel interference. For the purposes of this article, I’ll concentrate on the Expert mode, as shown in Figure A.

Figure A
You can run AirMagnet in Expert or Site Survey mode.

The power behind AirMagnet is the engine called AirWISE, short for AirMagnet Wireless System Expert. This engine is responsible for the security and performance monitoring in the application. The information is effectively presented on the screen so that even someone who has bifocals won’t have a problem reading the screen. You’ll find that you don’t have to wade through a series of menus to get to what you are looking for.

The main Expert mode screen gives you a quick summary of what’s happening on the network. You get more detailed information by tapping on the area of the screen that contains the information you want to view. Tapping on one of the channels that is in use will bring up a detailed screen showing the different connection speeds in use and the access points that have been heard on this channel.

A scrolling signal strength graph is on this screen and can help you fine-tune the coverage area of a particular access point by showing where the signal is strong and weak for a particular access point. You can switch to other Wi-Fi channels by tapping on the channel number list at the top of the screen. You can get back to the main Expert screen by tapping on the bar chart icon, which is the first icon to the right of the File button, on the bottom toolbar.

To stay on top of how your Wi-Fi network is running, pay close attention to the Expert Advice portion of the screen. In this area of the screen's display, the AirWISE engine breaks down issues in to two categories: security and performance. Within these two areas, the items needing your attention are separated into severity levels of Urgent, Warning, and Info.

By tapping on either the security or performance category, you’ll get details on the items that the AirWISE engine has found. When you tap on one of the items, you go to even more of a detailed screen that gives specific information on the issue you are looking at and general suggestions on what needs to be done to resolve the situation.

For example, if someone sets up a new wireless access point, he or she may not remember to change the default access password to prevent someone from changing the configuration of the access point. Worse yet is that someone may have set up an unauthorized access point and provided an opening into your network because he or she didn’t enable WEP as shown in Figure B. These are good reasons to periodically walk around your network with AirMagnet to catch an issue before it becomes a problem.

Figure B
AirMagnet can help you identify security holes on your network.

Identifying access point problems
Sometimes you’ll encounter a workstation that won’t talk to the Wi-Fi network. AirMagnet can emulate a Wi-Fi client so that it can attach to an access point, acquire a DHCP-assigned IP address, verify DNS resolution, and use the default gateway to reach another device on the network. You get to this test by tapping on the Tools icon (this looks like a small hammer) on the toolbar on the bottom of the screen and then tapping on the DHCP tab that is found there. This can be a definite advantage over following the same process with a workstation that, more than likely, will require a reboot when you change a setting in the Wi-Fi NIC driver.

Packet captures with AirMagnet
While not as detailed as a conventional protocol analyzer in that you can’t watch traffic on a specific TCP/IP port, AirMagnet can drill down to a specific access point's BSSID (Basic Service Set Identifier) or MAC address of a workstation having a problem communicating on the network. You begin the process by tapping File | Configure and setting up AirMagnet to look at a specific Wi-Fi channel.

If you tap on the Filter tab, you can further drill down to watching a specific BSSID or workstation MAC address. Be sure to tap on the New button and assign the filter a name so that you can use this filter again without modifying the default filter.

Once you have created the desired filter, tap on the real-time packet display icon, which looks like three horizontal bars one on top of the other. Tap on the Stop button to stop the capture that has automatically started. Tap on the drop-down list to select the filter that you created, tap on the check box beside Filter, and then tap the Start button to start a capture with the filter in place. Once you have captured the information that you are looking for, tap on the Stop button to stop the trace.

Tap File | Save As, enter a unique name for this trace file, and tap on the OK button to save the captured information. The manual brings up a good point about periodically syncing your handheld so that you can delete files to clear up room for other captures. Another option is to put a SDRAM or Compact Flash card in the handheld so that you can save the captures to an alternate location, thereby keeping the files handy on the handheld and not tying up main memory. As a general rule, the capture files won’t take up significant amounts of memory but being able to save them to an alternate memory location will allow you to keep more of your storage open for other purposes.

Assessing security threats with AirMagnet
One threat to your network is rogue wireless access points. These are access points that you didn’t set up or ones that aren’t configured properly with WEP to help provide some protection to your network. Finding a rogue access point begins by walking around your network with AirMagnet seeing what it can detect. As you review what AirMagnet has found, you’ll want to write down the SSID and MAC address of each access point that should be on the network.

The next step will be to tap on the Tools icon (the little hammer) and then tap the ACL tab as shown in Figure C. Here, you should see a list of all the access points that were found on your network. You’ll notice the first time you go into this screen that all the discovered access points will have an X beside them.

Figure C
AirMagnet can find rogue wireless access points on your network.

Tap on each line that belongs to an authorized access point and then tap on the Add button at the top of the screen. You should see the X change to a check mark. The next time you use AirMagnet, it will remember the access points you added to the ACL and will show you any new ones that have been found. It will also display previously known access points and those that it knows about but that aren’t responding.

Would you like that to go?
I have just touched the surface on the capabilities of what AirMagnet can do to help keep your network running with a minimum of problems. Although this is not a cheap software package, (you can contact AirMagnet for exact pricing), it will save you more than money when you’re trying to hunt down problems while lugging a laptop around, and using whatever “extra” software is provided by the wireless vendor.

Editor's Picks