Main Forums > The Roundtable

Analyzing Wireless Sniffing?

(1/1)

Ben:
I don't know much about this, but maybe some of you IT smarty-pantses can clue me in.

I was just perusing Federal Computer Week, and there's an article about the "Airmagnet Spectrum Analyzer" -- software that can tell who's sniffing your wireless network, apparently even down to, as an example, a wireless phone model being used to try and get in. The software costs $3500. Anyone know of something similar in the free/shareware community that runs on either Windoze or Linux? I'm just looking at this for personal curiosity, so don't want to spend any (or just a few) ducats.

Chris:
interesting... not familiar with the soft you named and don't know of any free/share soft that can do the same; but as a SoHo wireless net user I'd be curious just the same; I use http://www.netstumbler.com/ to sniff out my neighboring nets and for wardriving, but it doesn't have any real network analyzing features.

client32:
I have been told of Kismet, http://www.kismetwireless.net/

I don't know how well it works, but it might fix that curiosity.

Harold Tuttle:
http://www.tomsnetworking.com/Reviews-209-ProdID-AIRMAGSPECTRUM.php

RF analysis is important because packet-level products like AirMagnet's Enterprise, and Laptop and Handheld Analyzer products [reviewed here] rely on being able to receive and decode WLAN signals. But sometimes the problem in a wireless LAN is caused by RF interference sources that don't emit valid 802.11a/b/g signals. Microwave ovens, cordless phones and Bluetooth devices are the most prevalent sources of RF interference, although by no means the only ones.

What it is

ASA is essentially a repacked / rebranded version of Cognio's ISMS Mobile 1.0 product, which provides the core technology. The family jewels come in the form of a CardBus card (AirMagnet calls it the Spectrum PC card) that contains the hardware guts of a miniature spectrum analyzer that covers the 2.4 and 5GHz 802.11a/b/g spectra, as well as the 4.94 - 4.99 GHz U.S. Public Safety Band.


Figure 1: The little wonder itself

Here's what's inside the card (from the ASA User Guide):

Radio  The radio transceiver detects the RF spectrum and feeds this data to Spectrum Analysis Engine, SAgE
SAgE  Spectrum Analysis Engine performs a Fast Fourier Transform (FFT) of the RF spectrum, and provides the feed of low-level data concerning the behavior of the RF spectrum. Low-level data includes basic information on the power vs. frequency in the spectrum at a given instant, and information on individual pulses in the RF spectrum. SAgE also performs on-board statistical analysis of the spectrum, and statistical analysis of RF pulses (which relieves CPUs of this processor intensive task)
MCU  A programmable MicroController Unit (MCU), running proprietary software, provides low-level analysis of the data stream. The analysis engines include:
Measurement Engine  Aggregates SAgE data, and normalizes it into meaningful units.
Classification Engine  Identifies specific types of interferers (Bluetooth devices, microwave ovens, cordless phones and headsets, radar, etc.).
The card represents some pretty impressive engineering, especially considering that the ASA's closest competitorBerkeley Varitronics Systems (BVS) Bumblebeerequires a PocketPC-sized "sled" to hold its RF circuitry. Specs (Figure 2)are pretty impressive too, most notably a noise level of only -124dBm and amplitude accuracy of +/- 2.5dBm.


>>>>>>


I'm glad to see AirMagnet get a wireless LAN RF analysis product into the market, which has been pretty much dominated by BVS' handheld BumbleBee and YellowJacket product lines. Of course there are always handheld general-use spectrum analyzers from companies like Willtek, Rohde & Schwarz, B&K and Anritsu. But these generally cost significantly more and could present a steeper learning curve given their more general-purpose nature.

As an RF analysis-only product, ASA is more comparable to BVS' BumbleBee than its YellowJacket, which provides both spectrum analysis and decoded 802.11 data features. So what makes the AirMagnet Spectrum Analyzer worth almost $4000 while the Bumblebee can be yours for $2500 (sans Pocket PC)?

Not having had a BumbleBee to put through its paces, I can't speak directly to its possible advantages. But AirMagnet and Cognio are emphasizing the ASA's use of the more powerful notebook / tablet-based platform vs. BumbleBee's PocketPC-based design. (Since AirMagnet has the benefit of user feedbackand sales volume historyfor both PocketPC and Notebook-based products with its Laptop and Handheld Analyzer products, they know where their customers' preferences lie.)

AirMagnet also feels that notebooks' longer battery life, larger screen and more powerful CPUnot to mention the tiny CardBus form-factor of the measurement hardwareresult in a more user-friendly and feature-rich product. ASA's ability to display up to nine plots simultaneously, its more expansive array of plot types to choose from, and its automatic Interferer identification also contribute to AirMagnet's view of ASA as a superior offering.

So while you may swallow a bit hard at the steep price tag, AirMagnet's Spectrum Analyzer will be a powerful addition to any wireless LAN professional's toolkit. But hey guys, given the top buck you're asking for the product, let the Device Finder help track down 802.11 stuff too!

Ben:
Thanks for the info guys!

Navigation

[0] Message Index