Lab : Network Security

Lab : Network Security

<p> Telecommunications Program, SIS, University of Pittsburgh</p><p>Student Name : ______</p><p>Telecommunications Program</p><p>Management and Control Traffic Analysis in 802.11b Lab</p><p>Part I: Objective</p><p>With this lab you should be able to understand what management and control messages exist in 802.11b infrastructure networks and how they are exchanged.</p><p>Part II: Equipment List</p><p>Systems: One IBM Laptop Two external 802.11b wireless card (ORiNOCO and Cisco) Two access points already mounted in the SIS building (4th Floor)</p><p>Software: Wireless Client Manager for ORiNOCO AiroPeek NX wireless sniffer version 1.2</p><p>Part III: Introduction and Background This lab should allow you to understand the management and control schemes used in 802.11b wireless infrastructure networks. A short introduction to the standard is included in order for you to understand the foundations behind the management scheme. This lab manual will not cover in detail all the intricacies of the standard, but will give you the basis and the necessary pointers to more detailed information.</p><p>3.1 The 802.11 standard - generalities</p><p>The 802.11 standard was published in 1997 by the IEEE (Institute of Electrical and Electronic Engineers) in the “Information Technology – Telecommunications Information exchange between systems area”. The official denomination of the standard is “Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Telecommunications Program, SIS, University of Pittsburgh specifications”. IEEE Standards are available at no cost at http://ieeexplore.ieee.org when accessed via the university’s network.</p><p>The 802.11 standard describes the functions and services required to operate wireless devices in adhoc and infrastructure networks. It also details the management and control functions to allow mobility of the devices inside these networks. Additionally, it details the MAC and PHY layer operating specifications as well as authentication and privacy particularities. In this lab exercise you will familiarize yourself with the basic authentication, control and management schemes implemented in the standard.</p><p>This lab manual contains introductory information on the 802.11 and 802.11b standard, you are encouraged to read the relevant sections of the IEEE standard to obtain more details. Nevertheless, since standards are usually very extensive and due to the complex terminology they employ, they could be difficult to grasp, therefore you may find useful going through the following references (available through the ieeexplore site).</p><p>[1] Prasad, N. R., IEEE 802.11 System Design, ICPWC 2000, pg. 490-494. [2] Bing, B., Measured Performance of the IEEE 802.11 Wireless LAN, Conference on Local Computer Networks, 1999, pg 34-42.</p><p>Note: Do not print out the 802.11 or 802.11b standards using the SIS printers, both are very lengthy documents. You will be given pointers to specific sections and chapters in order to answer questions about the operation of wireless networks. Please view these documents online only.</p><p>3.2 802.11 Architecture</p><p>802.11 wireless networks are built around the Basic Service Set (BSS) concept. The BSS represents coverage areas in which stations (STA) communicate. The following figure shows two BSSs with two stations each.</p><p>BSS1</p><p>STA1 STA2 BSS2</p><p>STA8 STA9</p><p>Stations are the mobile (the ones that access the network while moving) or portable devices that communicate inside the BSS. Examples of STAs are laptops, PDAs or fixed computers with a wireless card. Outside the coverage area of a BSS, stations lose connectivity with the network. Since stations are either portable or mobile, the</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 2of 16 Telecommunications Program, SIS, University of Pittsburgh association of a station with a BSS is dynamic. This association is done through a distribution system service (DSS).</p><p>BSSs can also be grouped together to form more complex networks. The component in the architecture used to join BSSs is the Distribution System (DS). The following figure illustrates this concept.</p><p>BSS1</p><p>STA1 STA2 AP</p><p>BSS2 AP STA8 DS STA9</p><p>Although in the figure the DS appears to be directly related to a physical component of a network, it is important to point out that it is a service that could be implemented in different locations as you will see in this lab.</p><p>In the last figure the device labeled AP (access point) is a STA that provides the other stations in the BSS access to the DS. The DS, AP and BSS concepts allow the construction of large networks called ESS (Extended Service Set). The standard allows a station to operate in an ESS as if it would be operating in a single independent BSS, this means that stations may move between BSSs in a transparent way to the LLC (Logical Link Control) sublayer. </p><p>Notice that in this lab and in accordance to what is being installed in the SIS building you will only be working with infrastructure networks. In these networks STAs communicate among themselves or with fixed stations via the AP. The APs also include what is called in the standard “Portal functions”; this means that the APs also allow communications with fixed wireless networks.</p><p>The IEEE 802.11 standard does not constrain the DS to be either data link or network layer based or either centralized or distributed in nature. This results in not having specifics about the implementation of the DS in the standard, but only having definition of services. In general, services can usually be associated with different components of the architecture. </p><p>3.2.1 Categories of the IEEE 802.11 services (both are used by the IEEE 802.11 MAC layer)</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 3of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p> Station Service (SS) : those provided by stations  Distribution System Service (DSS): those provided by the DS </p><p>The following set of Station Services is provided in every STA or AP (APs have also STA functionalities):  Authentication  Deauthentication  Privacy  MSDU (MAC service data unit) delivery </p><p>The following set of Distribution System Services is provided in every AP.</p><p> Association  Disassociation  Distribution  Integration (not reviewed here but used by AP’s “portal” functionalities)  Reassociation</p><p>Each of the DSS or SS services is supported via different MAC frame types. Some of the services relate to MAC management messages while others relate to MAC data messages. All messages gain access to the wireless medium via the MAC sublayer medium access method (based on CSMA/CA) described in the standard but outside this lab’s scope. (The IEEE 802.11 MAC sublayer uses three types of messages: data, management, control messages).</p><p>3.2.2 Delivery of messages in an ESS</p><p>AP1 DS AP2</p><p>STA1 STA4</p><p>The previous figure helps in illustrating how messages are delivered in an ESS. If a data message is sent from STA1 inside BSS1 to STA4 inside BSS2 then the message is first sent to the output STA, AP1. Then AP1 gives the message to the distribution service of the DS. This service is in charge of delivering the information to the adequate output station, AP2. Finally the AP2 delivers the message to STA4. How the message is distributed within the DS is not specified in the 802.11 standard. Only the necessary information for the service to determine the correct output port is specified by the standard. This necessary information is provided to the DS via three association related services (association, reassociation y disassociation).</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 4of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p>A station needs to be associated to the BSS before being able to receive any messages. Association is necessary in order to support mobility. The following mobility types are defined in the standard.  Stations may move inside their original BSS (called no-transition mobility).  Between BSS but inside their original ESS (called BSS transition).  Outside their original ESS (called ESS transition; nevertheless connection of upper layers like IP or TCP is not guaranteed by 802.11 specifications and disruption of service is likely).</p><p>Association, reassociation and disassociation</p><p>The concept of association allows the distribution service to know which AP to access to reach a specific STA. Once association occurs a STA can experience no- transition mobility inside the BSS and maintain connectivity (at any given instant a STA can be associated to no more than one AP). However, association is necessary but not sufficient to support BSS transition. </p><p>A STA learns about the presence of APs in a given area by scanning all the 802.11 channels.</p><p>Handover</p><p>When a station determines that it must migrate from one AP to another (for example because of signal power measurements) it invokes the reassociation service. The reassociation service is also used to change attributes of an already established association.</p><p>When either an AP or a STA wants to terminate an association, they invoke the disassociation service. The disassociation service is a notification, not a request; therefore it cannot be refused by any party. You will see in this lab that the actual MAC protocol implementation does not make use of this service and that disassociation messages cannot be generated with the equipment that you will be using.</p><p>Control services</p><p>In order to provide functionalities similar to those of wired networks the IEEE 802.11 standard incorporates the access and the confidentiality control services. These two services provide a limited similarity to wired networks in the sense that a wireless network could appear to be physically separated from other wireless networks. Authentication replaces the wired medium connection, while privacy is obtained by providing confidentiality of the data transmitted on the network.</p><p>Since the network boundaries of a wireless network are not predefined and any user could eventually connect to it, the authentication service in 802.11 provides a mean to ‘logically’ separate the network. All stations use this service (a station service) to establish their identity in the network. There is no authentication scheme mandated by</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 5of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p> the standard, therefore several schemes are available. In this lab you will study a basic scheme that provides a limited authentication. This authentication takes place at the link level (there is no end-to-end or user to server authentication in the standard); this authentication is basically used to configure the wireless links according to the network configuration. </p><p>A deauthentication service is also provided in the standard; nevertheless, as you will see in the lab actual MAC layer implementations do not make use of this service. The deauthentication service generates a notification (not a request) that results in a disassociation of a STA from a BSS.</p><p>Since any STA inside a BSS is capable of listening to all network traffic, the 802.11 standard provides a non-mandatory privacy service based on the WEP (wireless equivalent privacy) mechanism. This mechanism is not implemented in the network that you will be using. WEP has been shown to be easily broken and other mechanisms have been proposed.</p><p>Depending upon the state of a particular STA certain data, control or management frames can be sent. Usually a station will proceed to authenticate itself and then get associated with the AP that radiates the strongest signal (usually, but not necessarily, the closest one).</p><p>Remember that the services are implemented by the exchange of messages sent in 802.11 frames. The following table indicates the types of frames that are sent/received by STA or AP’s depending on the state in which a STA is in a BSS.</p><p>State1 State 2 State 3 Unauthenticated Authenticated Authenticated and and and Unassociated Unassociated Associated Control frames Request to send (RTS) X X X Clear to send (CTS) X X X Acknowledgement X X X (ACK) Contention Free (CF) X X X CF-End X X X PS-Poll X Management frames Probe request/response X X X Beacon X X X Authentication X X X Deauthentication X X X Announcement Traffic X X X Indication Message (ATIM) Association X X request/response Reassociation X X request/response Disassociation X X Data frames With control bits “from X X X</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 6of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p>DS” and “to DS” set to false With either “from DS” or X “to DS” bits set to true (For more information refer to section 5.5 of the 802.11 standard for specifics about transitions and conditions between states)</p><p>Part IV: Procedure</p><p>4.1 Description of the experiments you will be performing</p><p>With the wireless sniffer (the Airopeek NX software version 2.0.1) you will be able to analyze the contents of 802.11 MAC frames. 802.11 MAC frames are appended a header by a physical sublayer before these are transmitted through the air. This header includes a preamble and the header itself (these are appended by a sublayer called PLCP). The software you will be using does not allow the capture of these PLCP header and PLCP preamble but only of the MAC part of the frame transmitted through the air. </p><p>With the sniffer you will be capturing different types of frames that will allow you to observe how a STA (a laptop) authenticates, associates and reassociates in the SIS network. You will also be observing and analyzing how other management frames are used.</p><p>For example through the lab you will see that when the authentication service is invoked by a station it will send a message containing the following information (you should be able to verify this information when you capture traffic with the sniffer).</p><p>Association request message Message type Management Message subtype Association request Information items IEEE address of the STA initiating the association IEEE address of the AP with which the STA will associate ESS ID (direction of message from STA to AP)</p><p>The Association response message will have a similar structure but will include in the information items a field to indicate if the association was ‘successful’ or ‘unsuccessful’. If an association is successful an association ID will also be included in the response.</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 7of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p>4.1.2 MAC frame formats</p><p>The 802.11 frames have the following structure</p><p>MAC header Variable length body Frame Check Sequence(FCS) Contains: frame control, Contains: information that Contains: an IEEE 32 bit duration, address and varies according to the CRC sequence control frame type information</p><p>With the wireless sniffer you will analyze the structure of several frame types. </p><p>4.1.3 MAC sublayer management</p><p>The standard specifies management functions at both the PHY and MAC sublayers.</p><p>Among the management functions implemented at the MAC sublayer level is synchronization. A timer synchronization function (TSF) is implemented in order to keep all STA inside a BSS synchronized. All STAs maintain a local TSF timer. In infrastructure networks (like the one in the SIS building) the TSF is managed by the APs. Each AP maintains independent TSFs and periodically broadcast a special frame called beacon. The beacon contains information that the stations use to adjust their own TSF timers.</p><p>Beacons serve several purposes. Since all APs independently broadcast them all the time, these are analyzed by STA during the scanning process in order to determine with which AP to start the authentication and association procedures (this is just one way of doing it). When scanning the available channels an STA will look for beacons containing the SSID of the ESS it is supposed to look for. </p><p>The SSID value is usually manually entered during the configuration of the wireless card driver. For the SIS building the SSID is “sis01”. </p><p>Up to this point we have only reviewed the 802.11 standard. In 1999 IEEE published an extension to the original standard, known as IEEE 802.11b. This extension is formally known as “Higher Speed Physical Layer Extension in the 2.4 GHz Band”. This extension allows the transmission of data at 5.5 and 11Mbps. The original standard allowed transmission at 1 or 2 Mbps. 802.11b networks are backwards compatible with 802.11 ones. </p><p>4.2 The WildPacket AiroPeek NX software tool</p><p>You will be using the AiroPeek NX software to capture traffic. First, you will need to collect some configuration information for the software to function adequately.</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 8of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p>4.2.1 Obtaining the MAC address and the channel numbers</p><p>You will be analyzing traffic coming from two access points on the 4th floor of the SIS buildings and from the IBM laptop. The figure on the next page will help you in locating the two access points. The access point located at location A is right side of corridors from the wireless lab, while B is in the other side of corridors. In order to properly identify the STAs and APs that you will be using for this lab you will need the MAC addresses of these devices. Therefore you will need to obtain three MAC addresses.</p><p>For obtaining the MAC address of the AP located inside the wireless lab.</p><p>1- Turn on the laptop and wait until Windows XP boots up. 2- Ask the GSR in charge of the lab for the username and password for this lab if these need 3- Locate Access Point A as shown in figure below. 4- Walk near the access point with your IBM Laptop Double click on the green icon on the windows toolbar (the Client Manager icon</p><p>. When the icon is green it means that the ORiNOCO wireless card is associated to a valid wireless network.</p><p>If you DO NOT see the Client Manager icon turning green you might need to disable and enable the internal network card. To do this click on Start -> Settings -> Network Connections and right click on the Wireless Network Connection for the ORiNOCO Wireless LAN PC card icon. Select Disable. Wait a few seconds and right click on the same icon again and select Enable.</p><p>5- After double clicking on the green icon, select Advanced then Site Monitor (the Site Monitor screen will allow you to identify the strongest signal; you should stand right next to the AP in order to be sure you identify the correct signal) 6- Standing right next to the AP in the lab, record the MAC address and the Channel of the strongest signal in Table-1 (these should appear on the Site Monitor tab, the pull down menus will allow you to select MAC address, Channel and SNR. The AP with strongest SNR is the one you are interested in)</p><p>B A</p><p>Wireless Lab 7- Walk to Access Point B and repeat the process.</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 9of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p>8- With the Site Monitor record the MAC address and the Channel of the strongest signal in Table-1 9- Select Advance > card diagnostic in order to obtain MAC address of ORiNOCO wireless card or type ipconfig/all in DOS command prompt. You can do it by following. 10- Click on Start -> Run … 11- Type “command”, this will open a Command Line Interface 12- In the command window type “ipconfig /all” 13- Record the MAC address of ORiNOCO wireless card.</p><p>Now that you have collected the MAC addresses and channel number information you will start capturing packets with the WildPackets Airo Peek NX software.</p><p>Note: DO NOT TOUCH the CISCO wireless card. Do not connect the CISCO wireless card to any network.</p><p>4.2.2 Starting the Airo Peek NX program</p><p>1- Click on the Start button of the windows taskbar 2- Go to the Programs item of the menu 3- Look for the WildPackets Airo Peek NX and select it to start the program 4- You will need to tell the program that it should capture frames using the external Cisco card. As soon as you start the program for the first time the “Monitor Options” window appears. Select the Wireless Network connection that corresponds to the Cisco card. You can know which connection is the appropriate one by looking at the Properties description located in the bottom of the Monitor Options window. 5- After selecting the appropriate card click on the OK button. </p><p>Capturing Frames:</p><p>The first traffic you are interesting in analyzing is the beacons broadcast by the APs.</p><p>Remember Beacons are signals that are broadcast from an Access Point once every 100 ms. A STA can use the beacons to calculate the signal strength of the neighboring Access Points. In this lab you will capture beacons near both APs and visualize how the reported signal power varies.</p><p>4.2.3 Observing the Beacons </p><p>1- Start WildPacket AiroPeek NX (if you have not done so already) 2- Click File then New 3- Select CAPTURE > CAPTURE OPTION 4- Rename the capture title to “<your initials>_beacons” then click OK </p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 10of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p>5- Click on the 802.11 tab of the Capture Options window 6- Select TOOL > OPTIONS 7- On the options window click on 802.11 tab then click the Scan button 8- Next click on Scan radio button and then on the Edit Scanning Options button. 9- When the Channel Scanning Options window appears, enable only the two channels that you recorded in Table-1. 10- Click on the duration times and change them to 1000 msecs for both channels then click Ok (the software allows you to listen to one channel at a time; you are configuring it to listen to a different channel every other 1000 msecs). 11- Click Ok to close the Capture Options window 12- A new capture window should appear 13- Click on the Filter tab on the bottom right of the capture screen. 14- Go to Edit on the menu bar and click on Insert. This will enable you to create your own filter. 15- Rename the filter “<your initials>_beacon_samples_apa”. This filter will be used to listen to traffic coming only from access point A. 16- Place a check mark in the address filter box 17- Change the type to Physical 18- Type the MAC address of your Access Point A (from Table-1) in address 1 19- Click on the box below and change the selection so that it reads address 1 to 2 20- Address 2 should be set to Any address 21- Place a check mark in the Protocol Filter 22- Click the Protocol Filter button 23- Double click on IEEE802.11 to drop down the menu 24- Double click on 802.11 management button 25- Highlight Beacon and click Ok 26- Click Ok on the edit filter menu 27- The filter that you just created should be listed in alphabetical order. 28- Place a check mark in the box next to it to activate it. 29- Right click on that filter and click Duplicate. 30- The filter will be listed under “Copy of <your initials>_beacon samples”. Double click it. 31- Change the name to “<your initials>_beacon_samples_apb”. This filter will only capture traffic coming from access point B. 32- Change the address to the Mac address of Access Point B in Table 1. 33- Click OK 34- Place a check mark in the box next to it. 35- You should now have only two filters with check markers highlighted 36- Click on the Packets tab on the far left of the capture screen 37- Click on the Start capture button on the upper right hand corner of the window. 38- Proceed to walk from Access point A to Access point B 39- Press Stop capture when you are done (next to AP B). View the captured data and notice how the signal column indicates how the power of the signal coming from AP A decreased as you moved. In the same way the power of the signal coming from AP B has increased. This information is used by the station to determine when to handover from one AP to another.</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 11of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p>40- Walk back to the wireless lab. 41- You do not need to save the capture traffic. 4.2.4 Observing a Handover After recording the beacons you are going to analyze the authentication -> association -> reassociation message exchange traffic. This process is called handover or handoff.</p><p>How to identify Authentication, Associations and Re-associations.</p><p>1- Click File and New 2- Name the capture title to “<your initials>_management” then click OK 3- Select the 802.11 tab then click on Number 4- Change the number of the channel to the number of the channel used by the Access Point A, inside the lab. 5- Click OK 6- Click on the Filters tab on the lower right of the capture window 7- Click on Edit and Insert 8- Type in “<your initials>_management” in the filter box. This filter will be used to filter out all traffic except management traffic. 9- Place a check mark in the Address filter box 10- Change the Type to Physical if it is not already done 11- The box below the Type should read Both Directions 12- Insert the Mac address of the Toshiba laptop internal wireless card from Table 1 13- Click on Any address in the address 2 box 14- Place a check on the Protocol Filter 15- Click the Protocol Filter 16- Double click on IEEE 802.11. There should be a sub menu that falls down 17- Click on 802.11 Management. 18- Click OK (802.11 Management should appear next to the Protocol button) 19- Click Ok on the edit filter menu 20- The filter that you just created should be listed in alphabetical order. Place a check mark in the box next to it (make sure this is the only active filter) 21- In order to capture all necessary frames you will need to disable the internal wireless card before start capturing traffic. This is done in order to be able to capture the association messages generated when the card is enabled again. Go to Start -> Settings -> Network Connections, Right Click on Wireless Network Connection ORiNOCO Wireless LAN pc card and select Disable 22- Click Start capture. Notice that since you only have one filter active there should be no traffic being captured. 23- Now to see the initial exchange of messagees you have to enable the Toshiba internal wireless card again. Go to Start -> Settings -> Network Connections, Right Click on Wireless Network Connection ORiNOCO Wireless LAN pc card and select Enable. 24- As soon as you enable the card you should see the program started to capture traffic. Observe and write down what kinds of frames were the first ones</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 12of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p> exchanged after you activated the card, you will need to notice just the frame types in order to answer a question at the end of the lab. 25- Walk all the way around the 4th floor and come back to the lab. 26- When you come back to the Wireless lab click Stop Capture. 27- Observe the protocol column on the Capture screen. 28- You should see the two Auth (authentication) messages (first few lines of the capture), an Assoc Req (association request), Assoc Rsp (association response) and a Reassoc (reassociation) messages. 29- If you don’t you will need to start a new capture (and disabling the internal wireless card first) and walk around the 4th floor again. 30- Double click on an authentication, association request and association response messages and fill out Table-2,3 and 4. (In order to go back from the packet window to the capture window, close the adequate window, be sure to close the packet window and not the Airopeek NX software one) 31- Open the second Auth message and notice the type of response (Successful or not). 32- Close all windows and delete the filters you created by highlighting them and hitting the Delete (Del) key.</p><p>How to identify Disassociations The MAC implementation varies by vendor and with the equipment you have you cannot force it to generate dissociation messages. If you want to observe disassociation messages you may want to capture traffic and look only for management frames. But you are not required to do so in this lab.</p><p>Table 1 – Mac address and channels </p><p>Mac Address Channel Number</p><p>Access Point A</p><p>Access Point B </p><p>Toshiba laptop</p><p>Table 2 – Authentication</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 13of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p>Data rate</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 14of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p>Channel Channel frequency Signal level MAC Header type MAC header Subtype Duration Destination Source BSSID Auth Algorithm</p><p>Table 3 –Association</p><p>Data rate Channel Channel frequency Signal level MAC Header type MAC header Subtype Duration field Destination Source BSSID SSID</p><p>Table 4- Association Response</p><p>Data rate Channel Channel frequency Signal level MAC Header type MAC header Subtype Duration field Destination Source BSSID Status code Association ID Part V: Questions</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 15of 16 Telecommunications Program, SIS, University of Pittsburgh</p><p>In order to answer the following questions you may want to read the first two references cited in this lab manual. When referring to the 802.11 standard you will be assigned to read specific sections. Give brief answers to the following questions (limit each answer to less than 100 words)</p><p>1. When you examined the auth frames you noticed a close/open system field. What is an open or closed 802.11 system? 2. What is the meaning of the duration field in the authentication frame? </p><p>3. Why is the data rate reported in some frames 2Mbps instead of 11Mbps?</p><p>4. What is the sublayering structure of the physical layer in 802.11? (Hint: there are two sublayers, just name them)</p><p>5. Remember you were asked to observe frame types before authentication. What frames types did you observe? What are the types of scanning implemented in the standard? How do they work? Based on your answer, what type of scanning is being used? </p><p>6. During the lab you observed the implementation of a very limited authentication scheme. Why is it limited? Briefly describe the Radius and Shared Key via WEP authentication schemes.</p><p>(Turn in only Tables 1,2,3,4 and the answers to the questions. DO NOT turn in any file or captured data).</p><p>Version 2 (11/01/06) Mgmt and Control Traffic Analysis in 802.11b Lab 16of 16</p>

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    16 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us