4. Rogue Hunting

One of my favorite games was find the AP. Doing this provided a great example of using AirMagnet's "drill down" capability and also provided some insight into how effective AirMagnet could be in physically tracking down an unauthorized AP.

The Start screen (Figure 1) shows two Access Points (AP). Tapping on the AP icon switches you to the AP List screen (Figure 2). I'm interested in the AP that has a client associated (indicated by the "+"), so just Tap-and-hold on that AP to bring up a selection of Tools that I can use.

Figure 1: Handheld Start screen

Figure 2: AP List screen

Selecting Find brings up that tool (Figure 3) and takes AirMagnet out of the all-channel scan and selects only Channel 11 - where my AP of interest is located.

All I then have to do is wander around watching the signal trend graph and real-time Signal and Noise meters. You can see in Figure 3 that I approached the AP of interest from a distance (from the Trend graph) and was pretty much right on top of it when I snapped the screenshot (from both the Trend and Signal and Noise meters). You can even enable a Geiger-counter like sound, to give an audible indicator of colder / warmer - handy for walking-into-walls-avoidance!

The main problem I found during my hunts was the omni-directional nature of the Compact Flash radio card that I was using. This limited my ability to exactly pinpoint the AP or STA that I was seeking. (In one particular hunt, I swore that the AP was inside a wall...)

Figure 3: Find tool

For serious rogue AP-hunting, you'd need to either rig up some sort of directional reflector, or spring for the Cisco card that takes external antennas. The latter solution requires a PocketPC that accepts a PC card, however, which are a vanishing breed. It could also put a crimp in your ability to be inconspicuous, unless maybe you mounted a high-gain directional panel antenna under your jacket! Another solution might be to somehow reduce the sensitivity of the wireless adapter's receiver, so that antenna orientation would be more effective.

Just to give you a flavor for what the AirMagnet Laptop Start screen looks like, Figure 4 shows the same two-AP network.

Figure 4: Laptop Start screen
(click the image for a larger view)

This little network doesn't make good use of Laptop's larger screen, but you can get a feel for the different display approaches. Since most items in Handheld are clickable, I was disappointed to find that the pie chart wasn't. (The chart changes according to what's selected in the pane above it.) This wouldn't have been helpful for some items - like the Frame Address Type shown - but could be for Security or Performance alarms.

I also found that although data in the table in the right-hand pane could be sorted by any of the table columns, I couldn't move or hide columns in order to avoid the horizontal scrolling required even with the window expanded to the full size of my notebook's 1026 X 768 display. I couldn't change the size of any of the panes in the window, either.

By the way, right-clicking on the desired AP in the table and selecting Find using AirMagnet Laptop opens a separate smaller, tabbed, fixed-size window.