AirMagnet Laptop Analyzer and its sister product AirMagnet Handheld Analyzer are commercial wireless network analysis tools produced by AirMagnet, Inc. that are designed for ease of use while enabling full-featured network monitoring and wireless reconnaissance. From its beginning, AirMagnet has been the commercial product of choice for wireless site surveys as well as for such tasks as locating rogue access points after they are identified. It was originally offered only in a handheld form factor, which made it great for local site surveys, but terrible for wide area network reconnaissance work such as wardriving. AirMagnet quickly responded and released a version designed for use on laptops.
AirMagnet's family of analyzers has probably the best combination of strong automatic analysis abilities combined with a very easy-to-use interface. The user interface on the handheld version is my personal favorite of all the wireless analysis and reconnaissance tools. The laptop version has an interface that feels a bit like a bloated version of the handheld analyzer, but it is still a very good user experience. Most users will find AirMagnet analyzers powerful and easy to use, but it is lacking in some of the same ways as AirDefense Mobile. It was designed to manage a single location and is not as well adapted to wardriving as some of the free tools. Figure 5-13 shows AirMagnet's main interface screen.
Signs of AirMagnet's handheld device heritage can be seen all over the user interface. For starters, there are almost no drop-down menus; instead, clicking on almost any object on the interface presents you with more detailed information. It is a little different from the other graphical tools of its kind, but the interface is actually fairly intuitive.
When you first start it, you see a main screen that is very similar to the AirDefense Mobile dashboard screen. The key things to look at here are the discovered access point and station lists at the top right, the AirWISE security notifications at the bottom right, and the radio and network utilization information on the top and bottom left of the main screen. If any particular item is of interest to you, click on it to get more detail. At the bottom left, there is a row of buttons that directly take you to all the displays. If at any point you get lost in the interface and do not know how to get back, simply click on the button labeled Start, and you are taken back to the main page.
Packet capturing is done by default while using AirMagnet. To save the capture traffic, go to File → Save and select a capture file format from the list. To see a live view of the traffic you are capturing, select the Decode button from the bottom left, as shown in Figure 5-14. This is similar to the live packet view features in Kismet and AirDefense Mobile.
One place that AirMagnet shines above the rest is in its location-tracking feature. To enter this mode and locate a wireless network, simply right-click on the object in question and select Find from the pop-up menu. This feature works similar to location tracking in the other tools, but the interface provided by AirMagnet makes it easy to see on the same screen both a device's location and who is talking to it. The ability to quickly switch between different signal sources on the same network allows you to find the network faster because in most cases, finding any node on the network is as good as finding the access point itself. Figure 5-15 shows the Locate screen.
One final feature that differentiates AirMagnet from the other commercial wireless scanners is that it now supports GPS tracking while you scan. To get to this feature, select the WiFi Tools icon at the bottom right and then select GPS from the available options. Table 5-8 contains a summary of the pros and cons of AirMagnet.
Table 5-8. Pro and con analysis of AirMagnet
Pros | Cons |
|---|---|
Good auto analysis | Not free |
Excellent user interface | Closed software |
Windows support | Not ideally suited to wardriving |
Handheld support in one version | Limited wireless card support |
Good deep inspection | |
Basic IDS features | |
SSID decloaking | |
Good location tracking |