EC312 Security Exercise 15 Introduction to Wireless Signals and dBm _______________________________________________________________ In this wireless section of our course, we understand that there is a different way to send data from a transmitter to a receiver. The electromagnetic radiation all around us can travel through free space. If we encode some meaningful data onto these waves, we can communicate without being physically tethered to the medium. But how far away can we be? How close to the transmitter must we be in order to receive the message? Just like our human voice only travels so far when we shout, radio waves only travel so far from the transmitting station. At some point, you will just be out of range. Fortunately, we can measure the strength of the transmitter (how loud it can “shout”) and the sensitivity of a receiver (how quiet a sound it can still “hear”) When we put these measurements on a logarithmic decibel scale and compare their utility, we can figure out things like: • What is the optimal location for a transmitter? • Where is the best spot to get reception? • Which devices receive a better signal? These are things you probably do with your cell phone all the time. Today we will do an experiment and see if we can answer these questions scientifically. Set-up. Equipment required: □ Your issued Laptop □ Xirrus software: (Follow the link off the EC312 website) 1 Part 1: Measuring signal strength from your local WiFi □ On your laptop, check the wireless connections and you should see a list of devices. One of the devices is the wireless Access Point (AP) name cyber2_xx. The xx holds the place of your room number. If you do not see the specific AP for your room, tell your instructor. a b c d e □ Once you notice the cyber2 AP, start Xirrus Wi-Fi Inspector by double clicking the icon on your desktop. Let’s explore the Xirrus Graphical User Interface (GUI) above. You should identify each of the following alphabetic parts on the display above and then perform any specific instructions on your laptop. a) Start by clicking on settings and turning ‘Locate Sound’ to Off. Click OK. b) In the upper left is the “Radar Display.” This shows the relative signal strength of an AP. The stronger the AP, the closer it is to the middle. It doesn’t correlate with specific direction of the AP relative to you, but it will converge to the center as strength increases. c) In the center top is “Connections” which lists the details of the AP you are connected to. d) Below that is “Networks” which lists of all the AP’s you can observe with their respective data. e) “Signal History” is a time versus signal strength (dBm) graph of the AP you are trying to locate. Highlight the cyber2_xx node and then right click and then click on locate cyber2_xx and you should see it appear on the signal history plot. 2 Question1: For your cyber2_xx AP, write the following details down on the lower left corner of the map on the solution page. SSID( Service Set Identifier) - the wireless network name, BSSID ( Basic Service Set Identifier) - the MAC address of the wireless interface unit Channel - allows the carrier frequency to be separated into bands to keep from overlapping. Frequency - carrier frequency of the signal. □ Now that we have Xirrus running, we can take some measurements of the signal strength. Look at the Networks display list in the middle (d above), find your AP, highlight it and note the dBm. Question 2: Record the signal strength noted for your AP on the table on the last page of the lab under classroom. Question 3: Assume you record the signal strength of some other fictional access point when you are standing next to it as -30 dBm. Next, you walk some distance away from it and take another signal strength measurement and record it as -33 dBm. By what factor has the signal strength dropped from measurement one to measurement two? (Hint: convert each measurement to mW then divide measurement two by measurement one) Keep this realization in mind when answering the following questions. A SMALL CHANGE IN DECIBELS CAN MEAN A LARGE CHANGE IN POWER. Question 4: Staying highlighted on your assigned AP, move from point to point on the map and record the signal strength (dBm), allowing a period of time to let the value settle. Note if the dBm falls much below -90 it may drop from your list. You can locate it again by returning closer to the classroom. Simply record -90 if your AP is lost at a point. Question 5: Convert your dBm measurements to mW and finish filling in the table. Recall that 𝑃𝑃(𝑚𝑚𝑚𝑚) = 10 𝑃𝑃(𝑑𝑑𝐵𝐵𝐵𝐵) 10 Question 6: Observations: a) b) c) d) At what locations did you receive the strongest signal? The weakest signal? Would you expect to stay connected to this AP in Maury Hall? Why or why not? Have an instructor check your results. 3 Part 2: The Hunt □ Understanding how Xirrus reads signal strength, we will now try to locate an unknown AP using the program. This AP is not located in your classroom, but you should be able to pick up the signal in your hallway. a) Try to find the AP with SSID Bad_Egg_xx ( again with xx indicating your class room). b) Turn On the ‘Locate Sound’ in Settings and change the polling time to 1 second. Right click on Bad_Egg_xx in the Networks list and select locate. This will create a ping. The closer the pings are together the stronger the AP’s signal. c) Begin walking through the lab deck following your ping, dBm and Radar in a direction that makes the signal stronger. Question 7: Where is the AP located? What is written on the AP? Question 8: Consider the following scenarios. a) Emissions controls in the military, refers to controlling your Radio Frequency Emissions. Keeping “The Hunt” from above in mind, why might it be important to maintain radio silence at certain times in Navy and Marine Corps? b) The military often uses physically isolated data networks; that is, they are not connected to the internet. However, these same networks often have wireless components. Are they still vulnerable to cyber exploitation or attack? How? Captain Ryan Whitty, USMC 4 EC312 Security Exercise 15 Name: Questions 1/2/4/5: Question 3: ______________________________________________________________________________ Question 6: a) b) c) d) _________________________ Instructor/Lab Tech Signature ______________________________________________________________________________ Question 7: ______________________________________________________________________________ Question 8: a) b) ______________________________________________________________________________ 5