Kevin Tolly: Introducing the brave new world of WLAN analyzers

As wireless LAN use has surged in corporations, it is no surprise that WLAN analyzers have sprung up all around us. What is surprising, though, is how radically different some of them can be from their wired brethren – and from each other.

One could argue that the term “wireless LAN analyzer” is being used today to refer to products so fundamentally different that they shouldn’t be compared at all.

As is so often the case, it is not an issue of better or worse but just of different products, with different heritages, designed for different jobs.

Most familiar will be the new wireless versions of well-known wireline LAN analyzers such as those from Finisar Corp. and Sniffer Technologies Inc.

Thanks to the network transport independence of the network driver interface specification used as the basic, low-level network application interface with all recent Microsoft Corp. operating systems, many wired Ethernet analyzers can become “wireless” with relative ease.

Because ultimately the WLAN delivers protocols and packets recognized by upper-layer decode and monitoring engines of existing analyzers, there is a huge amount of reusable code. In fact, most network analyzers were (correctly) built in a layered fashion so that new network interfaces could be introduced without causing redevelopment of the core analyzer functions.

Thus, one typically can find a wireless version of one’s favorite wired LAN analyzer and start picking up “the air” quite rapidly. The formula: standard analyzer plus wireless network interface card plus additional 802.11 decodes equal a WLAN analyzer.

Other vendors, for example, an Agilent Technologies or an AirMagnet, take a different approach. While the formula has similar elements, the “mix” is different, and thus the resultant product is also different.

With them, the formula is deliberately skewed to understanding and unraveling the characteristics, behavior and potential problems inherent to radio frequency transmission and the IEEE 802.11b/a/g wireless protocols in particular. Around this core, traditional LAN analyzer functions (such as decodes and statistics) are built.

While the two product classes overlap in some areas, the latter, by design, offers significantly more wireless-specific information.

For starters, “expert analysis” of WLAN events is of particular value. Few of us “mainstream” TCP/IP, Ethernet data networking types have had the time (or inclination) to learn the arcane details of the 802.11b protocol. Yes, it is “like” Ethernet but it is not Ethernet.

So just getting decodes referencing “associations” and “beacon” frames doesn’t help most of us. We need to know what it means to be seeing said frames. Some of the wireless-centric analyzers offer up this type of expert advice.

Perhaps it will be superfluous three years hence, but for now it is very valuable.

Monitoring performance thresholds and detecting trends related to weak signals, transmissions errors or low-rate associations and alerting the network staff to the presence of such conditions is a virtual necessity, given the way wireless networks can change on a daily, if not hourly, basis.

These types of functions are those that you’d want from either flavour of WLAN analyzer.

Add to this some WLAN analyzers that even claim intrusion-detection system capabilities and one thing is clear: with WLANs we’ve entered a brave new world of net analysis.

Tolly is president of The Tolly Group, a strategic consulting and independent testing company in Manasquan, N.J. He can be reached at