Welcome! SharkFest 16 Europe. Troubleshooting WLANs (Part 2) Rolf Leutert

Similar documents
SharkFest 18 Europe. Troubleshooting WLANs (Part 2) Troubleshooting WLANs using Management & Control Frames. Rolf Leutert

Troubleshooting WLANs (Part 2)

Troubleshooting WLANs (Part 1)

SharkFest 18 Europe. Troubleshooting WLANs (Part 1) Layer 1 & 2 Analysis Using Wireshark, Wi-Spy & Other Tools. Rolf Leutert

Functions of physical layer:

SEN366 (SEN374) (Introduction to) Computer Networks

Add performance and security to your business' wireless network with the Intellinet High-Power Wireless AC1750 Dual-Band Gigabit PoE Access Point.

outline background & overview mac & phy wlan management security

Author: Bill Buchanan. Wireless LAN. Unit 2: Wireless Fundamentals

3.1. Introduction to WLAN IEEE

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

original standard a transmission at 5 GHz bit rate 54 Mbit/s b support for 5.5 and 11 Mbit/s e QoS

4.3 IEEE Physical Layer IEEE IEEE b IEEE a IEEE g IEEE n IEEE 802.

Hands-On Exercises: IEEE Standard

Institute of Electrical and Electronics Engineers (IEEE) IEEE standards

CSNT 180 Wireless Networking. Chapter 7 WLAN Terminology and Technology

Wireless# Guide to Wireless Communications. Objectives

Wireless 300N Access Point 300 Mbps, MIMO, Bridge, Repeater, Multiple SSIDs and VLANs Part No.:

ICE 1332/0715 Mobile Computing (Summer, 2008)

WLAN The Wireless Local Area Network Consortium

Chapter 6 Medium Access Control Protocols and Local Area Networks

CSC344 Wireless and Mobile Computing. Department of Computer Science COMSATS Institute of Information Technology

Wireless LANs. ITS 413 Internet Technologies and Applications

CWNP PW Certified Wireless Analysis Professional. Download Full Version :

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

CHAPTER 11 WIRELESS LAN TECHNOLOGY AND THE IEEE WIRELESS LAN STANDARD

IEEE MAC Sublayer (Based on IEEE )

ECE442 Communications Lecture 3. Wireless Local Area Networks

Advanced Computer Networks WLAN

Laboratory of Nomadic Communication. Quick introduction to IEEE

Overview of Wireless LANs

Wireless networking with three times the speed and five times the flexibility.

Guide to Wireless Communications, Third Edition. Objectives

EnGenius EAP-9550 Indoor Access Point

I N D E X Numerics 100 Mbps WLANs, WLANs, 88

Data and Computer Communications. Chapter 13 Wireless LANs

Introduction. Giuseppe Bianchi, Ilenia Tinnirello

Mobile & Wireless Networking. Lecture 7: Wireless LAN

Computer Networks. Wireless LANs

Multimedia Communication Services Traffic Modeling and Streaming

SharkFest 16 Europe. Troubleshooting with Monitoring Mode Finding Patterns in your pcaps

MSIT 413: Wireless Technologies Week 8

Analysis of IEEE e for QoS Support in Wireless LANs

Wireless# Guide to Wireless Communications. Objectives

C300RU. Version Mbps 11n Wireless USB adapter. Technical Specification Sheet

Announcements : Wireless Networks Lecture 11: * Outline. Power Management. Page 1

Day 1: Wi-Fi Technology Overview

Wireless Networks. CSE 3461: Introduction to Computer Networking Reading: , Kurose and Ross

Basic processes in IEEE networks

Table of Contents 1 WLAN Service Configuration 1-1

EAP1200H a/b/g/n/ac Dual Radio Concurrent Ceiling Mount AP

Wireless LAN -Architecture

Data and Computer Communications

Wireless and Mobile Networks

ECB N Multi-Function Client Bridge

Mobile Communications Chapter 7: Wireless LANs

Multiple Access Links and Protocols

IEEE WLANs (WiFi) Part II/III System Overview and MAC Layer

WIRELESS USB 2.0 ADAPTER. Manual (DN & DN )

Chapter 7: Wireless LANs

Chapter 7: Wireless LANs

Dual Band Wireless AC1750 Managed Indoor Access Point

SDIO PRODUCT SPECIFICATION

Introduction to Wireless Networking CS 490WN/ECE 401WN Winter 2007

802.11a/n Long Range Wireless Outdoor CB/A P

Wireless High power Multi-function AP

"Charting the Course... Implementing Cisco Unified Wireless Networking Essentials v2.0 (IUWNE) Course Summary

Wireless Communications

WNC-0300USB. 11g Wireless USB Adapter USER MANUAL

USB Wi-Fi Adapter - AC600 - Dual-Band Nano Wireless Adapter

PW0-270_formatted. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.

EOC1650. Wireless Access Point / Client Bridge / Client Router PRODUCT DESCRIPTION. 2.4GHz 54Mbps b/g Superior Performance

Wireless Communication and Networking CMPT 371

Investigation of WLAN

ECB N Multi-Function Gigabit Client Bridge

EAP Wireless Access Point. 2.4 GHz b/g 54 Mbps

EAP9550 is a powerful and multi-functioned 11n Access Point

Dumps4PDF. Latest dumps pdf, dumps free Valid IT Exam Braindumps

Lecture (08) Wireless Traffic Flow and AP Discovery

DG-WM5307IAC. Dual Band Indoor Wireless Access Point with Built in Antenna DG-WM5307IAC

CWNA-107.exam.45q. Number: CWNA-107 Passing Score: 800 Time Limit: 120 min File Version: 1. CWNA-107

2.4GHz / 5GHz 54Mbps a/b/g Flexible Application

EOC-2610 Long Range Wireless Access Point / Client Bridge

HOW WI-FI WORKS AND WHY IT BREAKS WI-FI MECHANICS

PRODUCT OVERVIEW. Learn more about EnGenius Solutions at

ZAC Product Specification

11N Wall Mount Access Point / WDS AP / Universal Repeater. Features. Fully compatible with IEEE b/g/n devices

Introduction to IEEE

Lecture 16: QoS and "

Wireless technology Principles of Security

Mohammad Hossein Manshaei 1393

Mobile Communications Chapter 7: Wireless LANs

CWAP-402.exam. Number: CWAP-402 Passing Score: 800 Time Limit: 120 min File Version: CWAP-402

This course provides students with the knowledge and skills to successfully survey, install, and administer enterprise Wi-Fi networks.

WLAN Technology: LAN: a review WLAN: applications & key parameters. protocol architectures

PRODUCT DESCRIPTION. Learn more about EnGenius Solutions at

Wireless 450N Dual-Band Gigabit Router 450 Mbps Wireless a/b/g/n, GHz, 3T3R MIMO, QoS, 4-Port Gigabit LAN Switch Part No.

IEEE Wireless LANs

EOC2611P. Long Range Wireless Access Point / Client Bridge PRODUCT DESCRIPTION. 2.4GHz 108Mbps b/g/super G MSSID, WDS

Key Features EnGenius Outdoor Access Points, High Sensitivity and Strong Reliability Solutions under Harsh Environment

Transcription:

SharkFest 16 Europe Troubleshooting WLANs (Part 2) Troubleshooting WLANs using 802.11 Management & Control Frames 19. October 2016 Welcome! #sf16eu Rolf Leutert Leutert NetServices Switzerland www.netsniffing.ch

Introduction 2 Rolf Leutert, El. Ing. HTL Leutert NetServices Zürich-Airport, Switzerland Network Analysis & Troubleshooting Protocol Trainings TCP/IP, WLAN, VoIP, IPv6 Wireshark Certified Network Analyst 2010 Wireshark Instructor since 2006 Sniffer certified Instructor since 1990 leutert@netsniffing.ch www.netsniffing.ch

Session Objectives 3 Learn why analyzing WiFi layer 2 is a demanding task Learn that WiFi frames looks very different from Ethernet Learn why WiFi frames have one to four address fields Learn how critical processes e.g. Joining, Roaming works Learn how to read Wireshark files to isolate WiFi problems Licensed by istockphoto.com Troubleshooting WiFi requires a full understanding of all 802.11 Management & Control frames and its associated processes!

WLAN 802.11 Management, Control and Data Frames 4 802.11Frame Types Overview Management Frames: Beacon Probe Request & Response Authentication & Deauthentication Association & Disassociation Reassociation Request & Response Action Control Frames: Request to Send (RTS) Clear to Send (CTS) Acknowledge / Block Acknowledge Request / Block Acknowledge Power Save Poll Data Null Function Data Frames:

The IEEE 802.11 Frame Formats 5 Four different frame formats are used FC Dur. RA FC Acknowledge, Clear to Send FC Dur. RA TA FC Request to Send FC Dur. RA TA DA/SA Seq. PDU Data Frame, Beacon, Probe Request, Probe Response, Authentication, Deauthentication, Association, Reassociation, Disassociation FC Dur. RA TA DA Seq. SA PDU Data Frame through repeater Field names: FC = Frame Control, Dur. = Duration, RA = Receiver MAC Address, TA = Transmitter MAC Address; DA = Destination MAC Address, SA = Source MAC Address, Seq. = Sequence, PDU = Protocol Data Unit, FC = Frame Check Sequence

WiFi Data Transmission 6 WiFi data frames have three MAC address field Sta2 AP FC Dur. RA TA DA MAC AP MAC Sta1 MAC Sta2 Seq. PDU Sta1 To Distribution System DA SA Type MAC Sta2 MAC Sta1 PDU Ethernet Frame DA SA Type MAC Sta1 MAC Sta2 Ethernet Frame Sta2 AP PDU From Distribution System RA TA SA FC Dur. MAC Sta1 MAC AP MAC Sta2 Seq. PDU Sta1

WiFi Data Transmission & Retransmission 7 WiFi data frames are acknowledged or retransmitted Sta2 AP FC Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU Sta1 Data Frame FC Dur. MAC Sta1 FCS Acknowledgement All retransmitted frames are marked with the Retry Bit Sta2 AP FC Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU Sta1 R Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU R Dur. MAC AP MAC Sta1 MAC Sta2 Seq. PDU Data Frames FC Dur. MAC Sta1 FCS Acknowledgement

WiFi Data Transmission & Retransmission 8 All retransmitted frames are marked with the Retry Bit

WiFi Data Transmission 9 In non-aggregation mode each packet is acknowledged individually The acknowledge frame follows immediately after each data frame The (single) acknowledge has no source address field

WiFi Data Transmission 10 802.11n introduced aggregation mode with a Block Acknowledge (BA) In A-MPDU mode up to 64 frames can be acknowledged with one BA

Management Frame: Beacon 11 Beacon tags contain information about supported and required features Standard 802.11a rates HT (High Throughput) 802.11n supported Robust Security Network contains info about type of authentication & encryption VHT (Very High Throughput) Standard 802.11ac supported

Management Frames: Probe Request & Response 12 A client sends Probe Requests to scan the channels for Access Points Capturing with multiple AirPcaps shows the scanning process

Management Frames: Probe Request & Response 13 Probe Request contains client features and specific or broadcast SSID Access Points reply with Probe Response, containing same fields as Beacon Client supports 802.11a/n/ac

Management Frames: Authentication & Association 14 The client selects an Access Point and sends Authenticate & Associate requests Both processes must be successful in order to join the Access Point

Decrypting WEP, WPA & WPA2 PSK 15 Wireshark can decrypt WEP, WPA & WPA2 PSK if the key is available To decrypt WPA & WPA2 the key negotiation process must be captured

Client joining problem (case one) 16 A client needs up to a minute duration to join an Access Point Analyzing the trace file discloses the reason

Client joining problem (case two) 17 A client is not able to join an Access Point and finally deauthenticates from AP Analyzing the trace file discloses the reason

Analyzing the WiFi roaming process 18 A client is roaming from channel 1 to 11 because the SNR of the new AP is better Following the client with two AirPcaps allows to capture the roaming process

Client roaming problem (case three) 19 User is complaining about sporadic hangers in bar code scanners, up to minutes Vendors of mobile clients and access points are finger pointing, since month. Problem could be assigned to bar code vendor by analyzing trace files.

Overview WiFi 802.11 Standards 20 Rate Modulation Description 1 2 Barker/DBPSK Barker/DBPSK 802.11 DSSS Long Preamble 5.5 11 CCK/DQPSK CCK/DQPSK 802.11b High Rate (HR) with Short Preamble Rate Modulation Description 6, 9 12, 18 24, 36 48, 54 OFDM/BPSK OFDM/QPSK OFDM/16-QAM OFDM/64-QAM 802.11g Extended Rate PHY (ERP) 6, 9 12, 18 24, 36 48, 54 OFDM/BPSK OFDM/QPSK OFDM/16-QAM OFDM/64-QAM 802.11a From 6.5 up to 600* OFDM/16-QAM OFDM/64-QAM 802.11n High Throughput (HT) Extensions From 6.5 up to 600* OFDM/16-QAM OFDM/64-QAM 802.11n HT Extensions 2.4 GHz Band CCK = Complementary Code Keying DBPSK = Differential Binary Phase-Shift Keying DQPSK = Differential Quadrature Phase-Shift Keying OFDM = Orthogonal Frequency Division Multiplexing BPSK = Binary Phase-Shift Keying QPSK = Quadrature Phase-Shift Keying QAM = Quadrature Amplitude Modulation From 86 up to 6930** OFDM/16-QAM OFDM/64-QAM OFDM/256-QAM 5 GHz Band * With up to 2 Channels and up to 4 Streams **With up to 8 Channels and up to 8 Streams 802.11ac Very High Throughput (VHT)

Control Frames: Request to Send / Clear to Send 21 A WLAN node can reserve airtime and refrain all other stations from sending RTS/CTS reservation is used in busy cells, Hidden Node situations or in mixed mode A short form, so-called CTS-to-Self is often used in cells with B-Only clients present

Overview WiFi 802.11n/ac Raw Rates 22 * AirPcap Nx supports 802.11n with up to two Spatial Streams (2x2:2) in Legacy, HT20 or HT40 mode (no SGI & Greenfield mode) +

Thank you for your attention 23 Hope you learned something useful! SeaPics.com Rolf Leutert, Leutert NetServices, www.netsniffing.ch

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback