AiroPeek 1.0 Review

AiroPeek v1.0

Well, the "official" version of the WildPackets wireless sniffer arrived last week.

I must say, for the most part I am very pleased. What is very attractive is the price. At under two thousand dollars, (AiroPeek's) functionality is almost identical with the competition (at) almost 10 times the price. It is ironic that even the competitor vendor agrees that their product has a "hefty" price on their own web page. In most cases I find the interface more intuitive than the competition as well."

I setup the AiroPeek program with no problem. WildPackets supports the Cisco 340 card with their own set of drivers. This was the only thing that took thought. Reading the documentation and following the setup was easy and concise. I do believe that the Lucent is to be supported in the future. Even with this fact, the price is still very attractive in comparison to other products since the 340 is a fairly inexpensive part of the puzzle.

My test bed included 3 Cisco Access Points, (340s with the latest software revision) 1 running 128 bit WEP, 1 running 40bit WEP, 1 running in the clear; 1 Lucent Orinoco Access point in the clear; 1 Apple Airport in the clear. Four Laptops, 2 running Cisco Aironet, 1 running Lucent and 1 running an Ampwave 2mb card.

Upon starting the program and running the capture utility, it instantly picked up a Lucent access point located over in our Engineering department. Since we were moved outside into a trailer due to our remodel, Engineering is not very far across the way. Using the laptop, I located the "rogue" Airport Access Point within 10 minutes.

In the default configuration, Source, BSSID, Data Rate, Channel, Signal Strength as well as plug-in info are displayed. Using Control-K allows the screen to scroll during the capture. By using the Source and Signal strength I was able to locate the system fairly quickly. After locating the access point, I inserted the device into the name table by right clicking on the source in the capture window.

The only thing that I think needs addressed over the NA Sniffer version is a dynamic channel sweep. Although I changed frequencies on the Access Points and AiroPeek followed it, it would be nice to have another window that was specific to locating Access Points. A poor man's direction finder as it were.

Signal strength and the channels are important when trying to determine interference factors within the network. Following the instructions I added the flags column in the capture window and did notice CRC errors that were clustered in certain channels (mainly 6).

The plug-in feature is quite interesting, which provides additional features that you can actually design. Plug-ins can be enabled and disabled in real-time or to a captured file.

For those using wireless for research, you can write your own decoder. For those people writing their own protocols for use with wireless, this is a very nice feature.

The manual is quite sufficient and fairly well written. It spends some time explaining the theory behind what you are trying to do with the sniffer. I personally think that this is a good approach in the manual. Anyone with even with small amounts of experience with a packet sniffer will find AiroPeek very intuitive and easy to navigate. If this fails, WildPackets offers complete training for this package.

All in all, I am very pleased with the AiroPeek product from WildPackets. I still sit back and wonder why Network Associates charges so much money for a product that really does not perform much better if at all.

Given a bit more time and with release 2.0, I would bet it would surpass NA's product. Let's face it; the actual sniffing of the packets is really not the primary reason for most of us to purchase of the product. Locating Access Points within the infrastructure and seeing if encryption is being used is.

The number one problem with wireless systems is the lack of security. Any IT person in charge of their network cringes at the thought of a free open access to their network from outside their walls. Anyone can go down and purchase an access point and plug it into the network. But the question is. Do you want your financial or personal information leaking outside your building? Using a product like AiroPeek then becomes a necessity.

This barely scratches the surface of all the capabilities of this product. As 802.11 wireless continues the explosion, wireless sniffers will become more needed. I highly recommend AiroPeek for those who have or are going to implement wireless 802.11 networking. For a first release, WildPackets has done good.

Mark Wilson
Sr. Network Analyst
Communications and Technology Services (CATS)
UC Santa Cruz - Santa Cruz, Ca. 95064