SharkFest 18 Europe. Troubleshooting WLANs (Part 2) Troubleshooting WLANs using Management & Control Frames. Rolf Leutert

Similar documents
Welcome! SharkFest 16 Europe. Troubleshooting WLANs (Part 2) Rolf Leutert

Troubleshooting WLANs (Part 2)

Troubleshooting WLANs (Part 1)

SharkFest 18 Europe. Troubleshooting WLANs (Part 1) Layer 1 & 2 Analysis Using Wireshark, Wi-Spy & Other Tools. Rolf Leutert

3.1. Introduction to WLAN IEEE

Author: Bill Buchanan. Wireless LAN. Unit 2: Wireless Fundamentals

Data and Computer Communications. Chapter 13 Wireless LANs

4.3 IEEE Physical Layer IEEE IEEE b IEEE a IEEE g IEEE n IEEE 802.

original standard a transmission at 5 GHz bit rate 54 Mbit/s b support for 5.5 and 11 Mbit/s e QoS

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

SEN366 (SEN374) (Introduction to) Computer Networks

Wireless LANs. ITS 413 Internet Technologies and Applications

Chapter 6 Medium Access Control Protocols and Local Area Networks

Wireless# Guide to Wireless Communications. Objectives

outline background & overview mac & phy wlan management security

Functions of physical layer:

CSC344 Wireless and Mobile Computing. Department of Computer Science COMSATS Institute of Information Technology

Hands-On Exercises: IEEE Standard

SharkFest 16 Europe. Troubleshooting with Monitoring Mode Finding Patterns in your pcaps

CWNP PW Certified Wireless Analysis Professional. Download Full Version :

WLAN The Wireless Local Area Network Consortium

IEEE MAC Sublayer (Based on IEEE )

Table of Contents 1 WLAN Service Configuration 1-1

Guide to Wireless Communications, Third Edition. Objectives

Wireless 300N Access Point 300 Mbps, MIMO, Bridge, Repeater, Multiple SSIDs and VLANs Part No.:

Wireless LAN -Architecture

C300RU. Version Mbps 11n Wireless USB adapter. Technical Specification Sheet

CHAPTER 11 WIRELESS LAN TECHNOLOGY AND THE IEEE WIRELESS LAN STANDARD

ICE 1332/0715 Mobile Computing (Summer, 2008)

Computer Networks. Wireless LANs

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

Add performance and security to your business' wireless network with the Intellinet High-Power Wireless AC1750 Dual-Band Gigabit PoE Access Point.

Institute of Electrical and Electronics Engineers (IEEE) IEEE standards

Mobile & Wireless Networking. Lecture 7: Wireless LAN

Multimedia Communication Services Traffic Modeling and Streaming

Wireless# Guide to Wireless Communications. Objectives

Laboratory of Nomadic Communication. Quick introduction to IEEE

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Wireless Communication and Networking CMPT 371

802.11n. Taking wireless to the next level. Carlo Terminiello Consulting SE Wireless & Mobility European Technology Marketing

Multiple Access in Cellular and Systems

Announcements : Wireless Networks Lecture 11: * Outline. Power Management. Page 1

USB Wi-Fi Adapter - AC600 - Dual-Band Nano Wireless Adapter

Overview : Computer Networking. Spectrum Use Comments. Spectrum Allocation in US Link layer challenges and WiFi WiFi

Wireless Networks. CSE 3461: Introduction to Computer Networking Reading: , Kurose and Ross

Wireless and Mobile Networks

Mobile Communications Chapter 7: Wireless LANs

Advanced Computer Networks WLAN

PW0-270_formatted. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.

LM005 WiFi b/g/n Adapter 300Mbps Host Controller Interface (HCI) via USB Interface

Wireless Communications

802.11n and g Performance Comparison in Office Size for FTP Transmission

Overview of Wireless LANs

Wireless and Mobile Networks 7-2

EAP1200H a/b/g/n/ac Dual Radio Concurrent Ceiling Mount AP

4Gon Tel: +44 (0) Fax: +44 (0)

IEEE WLANs (WiFi) Part II/III System Overview and MAC Layer

Mobile Communications Chapter 7: Wireless LANs

Lecture 16: QoS and "

Multiple Access Links and Protocols

ZAC Product Specification

WNC-0300USB. 11g Wireless USB Adapter USER MANUAL

ECE442 Communications Lecture 3. Wireless Local Area Networks

Introduction. Giuseppe Bianchi, Ilenia Tinnirello

802.11a/n Long Range Wireless Outdoor CB/A P

Wireless networking with three times the speed and five times the flexibility.

Configure n on the WLC

MSIT 413: Wireless Technologies Week 8

DG-WM5307IAC. Dual Band Indoor Wireless Access Point with Built in Antenna DG-WM5307IAC

EnGenius EAP-9550 Indoor Access Point

Basic processes in IEEE networks

Introduction to IEEE

CWAP-402.exam. Number: CWAP-402 Passing Score: 800 Time Limit: 120 min File Version: CWAP-402

I N D E X Numerics 100 Mbps WLANs, WLANs, 88

Student Workbook. Presentation Graphics Notes Areas Glossary. Presenter Keith R. Parsons, CWNE #3

SDIO PRODUCT SPECIFICATION

02/21/08 TDC Branch Offices. Headquarters SOHO. Hot Spots. Home. Wireless LAN. Customer Sites. Convention Centers. Hotel

SharkFest'17 US. Basic workshop of. IEEE packet dissection. Megumi Takeshita

Chapter 7: Wireless LANs

Wireless Local Area Networks (WLANs)) and Wireless Sensor Networks (WSNs) Computer Networks: Wireless Networks 1

PRODUCT OVERVIEW. Learn more about EnGenius Solutions at

Data Communications. Data Link Layer Protocols Wireless LANs

Chapter 7: Wireless LANs

EOC1650. Wireless Access Point / Client Bridge / Client Router PRODUCT DESCRIPTION. 2.4GHz 54Mbps b/g Superior Performance

Dual Band Wireless AC1750 Managed Indoor Access Point

Day 1: Wi-Fi Technology Overview

Lecture (08) Wireless Traffic Flow and AP Discovery

Data and Computer Communications

Introduction to Wireless Networking CS 490WN/ECE 401WN Winter 2007

Local Area Networks NETW 901

Mohammad Hossein Manshaei 1393

EOC-2610 Long Range Wireless Access Point / Client Bridge

04/11/2011. Wireless LANs. CSE 3213 Fall November Overview

SharkFest '17 Europe

Mobile Communications Chapter 7: Wireless LANs

ECB N Multi-Function Client Bridge

a/b/g Radio Card

Wireless Router at Home

IEEE Technical Tutorial. Introduction. IEEE Architecture

Wireless Intro : Computer Networking. Wireless Challenges. Overview. TCP on wireless links Wireless MAC Assigned reading.

Transcription:

SharkFest 18 Europe Troubleshooting WLANs (Part 2) Troubleshooting WLANs using 802.11 Management & Control Frames Rolf Leutert Leutert NetServices Switzerland www.netsniffing.ch

Introduction 2 Rolf Leutert, El. Ing. HTL Leutert NetServices Zürich-Airport, Switzerland Network Analysis & Troubleshooting Protocol Trainings TCP/IP, WLAN, VoIP, IPv6 Wireshark Certified Network Analyst 2010 Wireshark Instructor since 2006 Sniffer certified Instructor since 1990 leutert@netsniffing.ch www.netsniffing.ch

Session Objectives 3 Learn why analyzing WiFi layer 2 is a demanding task Learn that WiFi frames looks very different from Ethernet Learn why WiFi frames have one to four address fields Learn how critical processes e.g. Joining, Roaming works Learn how to read Wireshark files to isolate WiFi problems Licensed by istockphoto.com Troubleshooting WiFi requires a full understanding of all 802.11 Management & Control frames and its associated processes!

WLAN 802.11 Management, Control and Data Frames 4 802.11Frame Types Overview Management Frames: Beacon Probe Request & Response Authentication & Deauthentication Association & Disassociation Reassociation Request & Response Action Control Frames: Request to Send (RTS) Clear to Send (CTS) Acknowledge / Block Acknowledge Request / Block Acknowledge Power Save Poll Data Null Function Data Frames: +

The IEEE 802.11 Frame Formats 5 Four different frame formats are used FC Dur. RA FC Acknowledge, Clear to Send FC Dur. RA TA FC Request to Send FC Dur. RA TA DA/SA Seq. PDU Data Frame, Beacon, Probe Request, Probe Response, Authentication, Deauthentication, Association, Reassociation, Disassociation FC Dur. RA TA DA Seq. SA PDU Data Frame through repeater Field names: FC = Frame Control, Dur. = Duration, RA = Receiver MAC Address, TA = Transmitter MAC Address; DA = Destination MAC Address, SA = Source MAC Address, Seq. = Sequence, PDU = Protocol Data Unit, FC = Frame Check Sequence

WiFi Data Transmission 6 WiFi data frames have three MAC address field Sta2 AP FC Dur. RA TA DA MAC AP MAC Sta1 MAC Sta2 Seq. PDU Sta1 To Distribution System DA SA Type MAC Sta2 MAC Sta1 PDU Ethernet Frame DA SA Type MAC Sta1 MAC Sta2 Ethernet Frame Sta2 AP PDU From Distribution System RA TA SA FC Dur. MAC Sta1 MAC AP MAC Sta2 Seq. PDU Sta1

WiFi Data Transmission 7 Frames are marked with a direction bit (To or From Distribution System) Only Data frames are marked (not management and control frames) +

WiFi Data Transmission & Retransmission 8 WiFi data frames are acknowledged or retransmitted Sta2 AP FC Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU Sta1 Data Frame FC Dur. MAC Sta1 FCS Acknowledgement

WiFi Data Transmission 9 In non-aggregation mode each packet is acknowledged individually The acknowledge frame follows immediately after each data frame The (single) acknowledge has no source address field

WiFi Data Transmission & Retransmission 10 WiFi data frames are acknowledged or retransmitted Sta2 AP FC Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU Sta1 Data Frame FC Dur. MAC Sta1 FCS Acknowledgement All retransmitted frames are marked with the Retry Bit Sta2 AP FC Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU Sta1 R Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU R Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU Data Frames FC Dur. MAC Sta1 FCS Acknowledgement

WiFi Data Transmission & Retransmission 11 All retransmitted frames are marked with the Retry Bit

WiFi Data Transmission & Retransmission 12 During retransmissions the transmit speed is reduced by the sender The reason for these retransmissions is the high noise level

Overview WiFi 802.11 Standards 13 Rate Modulation Description 1 2 Barker/DBPSK Barker/DBPSK 802.11 DSSS Long Preamble 5.5 11 CCK/DQPSK CCK/DQPSK 802.11b High Rate (HR) with Short Preamble Rate Modulation Description 6, 9 12, 18 24, 36 48, 54 OFDM/BPSK OFDM/QPSK OFDM/16-QAM OFDM/64-QAM 802.11g Extended Rate PHY (ERP) 6, 9 12, 18 24, 36 48, 54 OFDM/BPSK OFDM/QPSK OFDM/16-QAM OFDM/64-QAM 802.11a From 6.5 up to 600* OFDM/16-QAM OFDM/64-QAM 802.11n High Throughput (HT) Extensions From 6.5 up to 600* OFDM/16-QAM OFDM/64-QAM 802.11n HT Extensions 2.4 GHz Band CCK = Complementary Code Keying DBPSK = Differential Binary Phase-Shift Keying DQPSK = Differential Quadrature Phase-Shift Keying OFDM = Orthogonal Frequency Division Multiplexing BPSK = Binary Phase-Shift Keying QPSK = Quadrature Phase-Shift Keying QAM = Quadrature Amplitude Modulation From 86 up to 6930** OFDM/16-QAM OFDM/64-QAM OFDM/256-QAM 5 GHz Band * With up to 2 Channels and up to 4 Streams **With up to 8 Channels and up to 8 Streams 802.11ac Very High Throughput (VHT)

Management Frame: Beacon 14 Beacon tags contain information about supported and required features Standard 802.11a rates HT (High Throughput) 802.11n supported Robust Security Network contains info about type of authentication & encryption VHT (Very High Throughput) Standard 802.11ac supported

Management Frames: Probe Request & Response 15 A client sends Probe Requests to scan the channels for Access Points Capturing with multiple AirPcaps shows the scanning process

Management Frames: Probe Request & Response 16 Probe Request contains client features and specific or broadcast SSID Access Points reply with Probe Response, containing same fields as Beacon Client supports 802.11a/n/ac

Management Frames: Authentication & Association 17 The client selects an Access Point and sends Authenticate & Associate requests Both processes must be successful in order to join the Access Point

Decrypting WEP, WPA & WPA2 PSK 18 Wireshark can decrypt WEP, WPA & WPA2 PSK if the key is available To decrypt WPA & WPA2 the key negotiation process must be captured

Client joining problem 19 A client needs up to a minute duration to join an Access Point Analyzing the trace file discloses the reason: Access Point, Media or Client?

Analyzing the WiFi roaming process 20 A client is roaming from channel 1 to 11 because the SNR of the new AP is better Capturing the roaming process requires multi-channel equipment

Client roaming problem 21 User is complaining about sporadic hangers in bar code scanners, up to minutes Vendors of mobile clients and access points are finger pointing, since month. Problem could be assigned to bar code vendor by analyzing trace files.

Client roaming problem 22 Using IO Graph to show signal strength of different sources AP a9:3b:c0 CH A40 Client fb:c4:57 AP a9:3c:60 CH A36 Graph 2 Color Filter: wlan.sa == 00:1b:2b:a9:3b:c0 Graph 4 Color Filter: wlan.sa == 00:1b:2b:a9:3c:60 Graph 5 Color Filter: wlan.sa == 00:15:70:fb:c4:57

Control Frames: Request to Send / Clear to Send 23 A WLAN node can reserve airtime and refrain all other stations from sending RTS/CTS reservation is used in busy cells, Hidden Node situations or in mixed mode A short form, so-called CTS-to-Self is often used in cells with B-Only clients present

Overview WiFi 802.11n/ac Raw Rates 24 +

WLAN Layer 2 capturing with AirPcap 25 Key features: WiFi radios can use multiple 20 MHz channels (n/ac) to increase throughput Each radio cell is a shared media and is controlled by an Access Point (AP) A mobile client can be associated with only one AP at the time Radio cell access is controlled by managements and control frames Wireshark with AirPcap can capture and analyze these frames Understanding of these frames is crucial for WLAN troubleshooting AirPcap Nx 802.11a/b/g/n USB - adapter works with Wireshark and captures WiFi packets in both 2.4 GHz and 5 GHz bands. +

WLAN Layer 2 capturing with WaveXpert 26 Softing IT Networks introduces the new WaveXpert Includes 4 wireless adapter with 16 integrated antennas Supports 4x4 MIMO up to IEEE 802.11ac Wave 2 USB-C type plug for data and power 2.4 GHz or 5 GHz versions available 4 x 4 : 4 up to 4 Channels bonded (1 730 Mbps) 2 x 2 : 2 up to 8 Channels bonded (1 730 Mbps) Creates pcapng files incl. Radiotap header Retail price: EUR 1 950 Availability: planned for 1 st Qu. 2019 Multi-Channel WLAN Sniffer Requirements: LINUX notebook and USB-C (Thunderbolt 3) Supporting most Linux s and Mac OS Joint development of: Softing IT Networks GmbH 85540 Haar, Germany and GHMT AG 66450 Bexbach, Germany +

WLAN Layer 2 capturing with WaveXpert 27 Softing IT Networks introduces the new WaveXpert Includes 4 wireless adapter with 16 integrated antennas Supports 4x4 MIMO up to IEEE 802.11ac Wave 2 USB-C type plug for data and power 2.4 GHz or 5 GHz versions available 4 x 4 : 4 up to 4 Channels bonded (1 730 Mbps) 2 x 2 : 2 up to 8 Channels bonded (1 730 Mbps) Creates pcapng files incl. Radiotap header Retail price: EUR 1 950 Availability: planned for 1 st Qu. 2019 Multi-Channel WLAN Sniffer Requirements: LINUX notebook and USB-C (Thunderbolt 3) Supporting most Linux s and Mac OS Joint development of: Softing IT Networks GmbH 85540 Haar, Germany and GHMT AG 66450 Bexbach, Germany +

Supported maximum capture rates 28 * * AirPcap Nx supports Legacy, HT20 or HT40 mode (no SGI & Greenfield mode) ** ** ** Softing WaveXpert supports up to 8 channels per WLAN adapter +

WLAN Layer 2 capturing with WaveXpert 29 WaveXpert configuration menu allows to select up to four adapters for capturing Each adapter supports Bandwidth up to 80MHz (four 20MHz channels bonded) Long Term stores packets directly to files, without starting Wireshark Creates an individual pcapng file per WLAN adapter Creates a new file per adapter every 5 minutes Packet size (Snaplen) is set to 500 Bytes +

WLAN Layer 2 capturing with WaveXpert 30 The WaveXpert adapters and configurations will be imported to Wireshark for capturing

WLAN Layer 2 capturing with WaveXpert 31 Simultaneous capturing in channels 36, 40, 44 & 48

802.11n/ac Frame Aggregation A-MSDU 32 Aggregate-MAC Service Data Unit (A-MSDU) wraps multiple Ethernet frames into one 802.11 frame up to 8KB size If frame has FCS error, the whole frame has to be retransmitted Not suitable for noisy environment Multiple Ethernet Frames Preamble EN Header Data Preamble EN Header Data Preamble EN Header Data Radio 802.11n A-MSDU 1 A-MSDU 2 A-MSDU last 802.11 Preamble Header MAC Header EN Header Data EN Header Data EN Header Data FCS Aggregated MAC Service Data Units

802.11n/ac Frame Aggregation A-MSDU 33

802.11n/ac Frame Aggregation A-MPDU 34 Aggregate-MAC Protocol Data Unit (A-MPDU) allows bursting up to 64 802.11 frames Reduced Interframe Space keeps receiver synchronized New Block ACK allows to confirm up to 64 frames individually Only bad frames need to be retransmitted Radio 802.11n Preamble Header MAC Header Data A-MPDU 1 1 802.11 FC S A-MPDU 2 1 Aggregated MAC Protocol Data Units A-MPDU last 0 More Bit RIFS More Bit RIFS More Bit (Reduced Interframe Space: 2µs)

802.11n/ac Frame Aggregation A-MPDU 35

802.11n/ac Frame Aggregation A-MPDU Block-Ack 36 A-MPDUs Block ACK Sequence # 1 2 3 4 61 62 63 64 Bitmap (64 bits) Start Sequence # 1 + 1111 1111. 1111 1111= 65 lost frame A-MPDUs Sequence # 65 66 67 68 125 126 127 128 Start Sequence # 65 + Block ACK Bitmap (64 bits) 1111 1111. 1111 1011= 129 A-MPDUs retransmitted frame Block ACK Sequence # 126 129 130 131 188 189 190 191 Bitmap (64 bits) Start Sequence # 128 + 1111 1111. 1111 1111= 192

802.11n/ac Frame Aggregation A-MPDU Block-Ack 37

SharkFest 18 Europe Hope you learned something useful! SeaPics.com Rolf Leutert, Leutert NetServices, www.netsniffing.ch WLAN Trainings with Wireshark & WaveXpert available in Germany and Switzerland

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback