6. WLANs, WLANs everywhere ... (cont'd)

Once I found a busy WLAN, I'd switch to the alternative Start page AP view to see whether WEP (the red lock icon) or WPA (TK/Mic) was enabled. If the AP were unprotected, a tap-and-hold on its list entry brought up the Tool pick list (Figure 8) where I selected the DHCP tool (Figure 9).

Figure 8: Selecting an AP to join

Figure 9: Successfully associated

A tap on the Associate button would quickly tell me whether my knock on the WLAN's door would be answered and I'd be allowed in (Figure 9), or whether I'd get the dreaded "Rejected by AP" popup.

Folks more skilled than I might be able to use AirMagnet's Decode feature to crack a WEP key, but that's not really its intended use.

Figure 10: Filter and Decode Real-Time display

Figure 11: Detailed Packet Decode

AirMagnet says the feature is aimed more for finding protocol problems, and the tool provides an array of features that make for an impressive wireless protocol analyzer. Selecting the Decode tool while AirMagnet is running in its usual Live Capture mode shows the real-time display (Figure 10). This mode shows you the frames as they whiz by, but only their high-level descriptions. (I actually had to stop the tool so that an interesting looking packet sequence would be captured. The real live mode doesn't display the decoded frame information pane.)

You can pause the display, but taking a close look at the bits requires that you stop capture entirely. The display then changes to show the decoded data pane (Figure 11), where all of each frame's bits are translated and organized into human-readable form. Each of the frame parts can be expanded for closer inspection, and I also enabled the Hex decode (located in the Configure > General menu) feature for the lowest-level drill down.

But a PocketPC's display really starts to feel cramped when rummaging through lots of decoded data. Anyone using AirMagnet this way on a regular basis would be better served by the more spacious display served up by the Laptop version (Figure 12).

Figure 12: Detailed Packet Decode - AirMagnet Laptop
(click the image for a larger view)

My example uses this powerful feature in a pretty simple way. Rest assured that AirMagnet can filter and capture data in pretty much any way that you want. You can also save captured data in native, Ethereal and Sniffer formats for offline analysis, and load files saved in AirMagnet format for replay.

AirMagnet points out that because of frequent use of some sort of security / encryption in wireless LANs, i.e. WEP, 802.1x, etc., its packet decode capability covers only Layers 1 through 3 of the OSI model. Analysis beyond this level must be done by exporting the captured data and using other tools.