Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Lab 7 - comp

advertisement 
COMP416 Lab (7)
IEEE 802.11
Daoyuan
Content
Investigate 802.11 wireless network protocol.




Beacon Frames
Data Transfer
Association/Disassociation
Learn to use appropriate Wireshark display filter to
analyze the protocol.

2
General Frame format and Control field
General Frame format

3
General Frame format and Control field
General Frame format


Frame Control field
0
1
2
3
4
5
6
7
7
6
5
4
3
2
1
0
4
One byte in Wireshark (0xC0)
General Frame format and Control field
General Frame format


Frame Control field

5
Table in next slide
Valid Type and SubType combinations
6
Beacon Frame
7
Wireshark_802_11.pcap
This trace was collected using AirPcap and Wireshark




8
We’ll see frames captured on channel 6.
Since the host and AP that we are interested in are not the
only devices using channel 6, we’ll see a lot of others frames
that are not used for this lab, such as the beacon frames
advertised by a neighbor’s AP also operating on channel 6.
http://www4.comp.polyu.edu.hk/~appsec/ta/Wireshark_802_1
1.pcap
The Wireless Host Activities in Trace file
Begins: Host associated with the 30 Munroe St AP
At t=24.82: Host makes an HTTP request to



http://gaia.cs.umass.edu/wireshark-labs/alice.txt

IP address of gaia.cs.umass.edu: 128.119.245.12
At t=32.82: Host makes an HTTP request to


http://www.cs.umass.edu

IP: 128.119.240.19
At t=49.58: Host disconnects from 30 AP,


and attempts to connect to the linksys_ses_24086 AP.
At t=63.00: Host gives up trying to associate with the 24086
AP, and associates again with the 30 AP.

9
30 AP: 30 Munroe St AP
24086 AP: linksys_ses_24086 AP
Load Trace into Wireshark

Y:\Win32\WiresharkPortable
10
Questions (1) - Beacon Frames

Look at details of the “IEEE 802.11” frame and subfields in the
middle Wireshark window.
a.
b.
c.
d.
11
(2 marks) What are the SSIDs of the two access points that are
issuing most of the beacon frames in this trace?
(3 marks) What are the intervals of time between transmission of
the beacon frames from 30 AP? How about 24086 AP?
(2 marks) What (in hexadecimal notation) is the destination MAC
address and BSS id in the beacon frame from 30 AP?
(3 marks) The beacon frames from 30 AP advertise that it can
support four data rates and eight additional “extended supported
rates.” What are these rates?
Questions (2) - Data Transfer

Find 802.11 frame containing SYN TCP segment for this first TCP
connection (that downloads alice.txt).
(3 marks) What are the three MAC address fields in the 802.11 frame?
And what does the destination MAC address corresponds to?
(2 marks) What is the IP address of the wireless host sending this TCP
segment? What does the destination IP corresponds to?
a.
b.

Find 802.11 frame containing SYN/ACK segment for this TCP
connection.
(3 marks) What are the three MAC address fields in the 802.11 frame?
And what does the destination MAC address corresponds to?
(2 marks) Does the sender MAC address in the frame correspond to
the source IP address within this datagram? Explain your answer.
c.
d.
12
Questions (3) – Association/Disassociation
(3 marks) What are the two actions taken (i.e., frames are sent)
by host just after t=49 to end the association with 30 AP? Explain
Type and Subtype for 802.11-layer action.
(3 marks) Set the Wireshark display filter to display only
AUTHENTICATION messages sent from host to 24086 AP
(whose MAC is Cisco_Li_f5:ba:bb). Write down your filter
setting , and answer how many those messages?
a.
b.

c.
d.
13
Hint: the first AUTHENTICATION is started at around t=49.
(2 marks) Does the host want authentication to require a key or
be open? Explain it using a field in the management frame.
(2 marks) Do you see a reply AUTHENTICATION from 24086
AP in the trace? If not, explain why not.
Questions (4) – Association/Disassociation

Consider what happens as host gives up associating with 24086 AP
and now tries to associate with 30 AP.
(3 marks) At what time is the first AUTHENTICATION frame from
host to 30 AP, and when for reply AUTHENTICATION frame?
a.

An ASSOCIATE REQUEST from host to AP, and a corresponding
ASSOCIATE RESPONSE frame from AP to host are used for host
to associated with an AP.
(5 marks) At what time is there an ASSOCIATE REQUEST from host to
30 AP? When is the corresponding ASSOCIATE REPLY sent? And write
down your Wireshark display filter setting.
(2 marks) What transmission rates are the host willing to use? 30 AP?
b.
c.
14
Resources

802.11 Frame formats



Computer Networking: A Top-down Approach, 5th edition


Section 7 in http://gaia.cs.umass.edu/wireshark-labs/802.11-1999.pdf
Quite useful!!!
Section 6.3
Wireshark protocol hints.
15
Related documents
Quiz-Input/Output/Processing
Quiz-Input/Output/Processing
Example Biological Level of Analysis Test
Example Biological Level of Analysis Test
I ) Match the following words with their correct meanings :
I ) Match the following words with their correct meanings :
Business Portfolio Assignment
Business Portfolio Assignment
Unit 1: Square Root – PRETEST
Unit 1: Square Root – PRETEST
Explain how human activities on a floodplain can increase the
Explain how human activities on a floodplain can increase the
Linear system culminating
Linear system culminating
Chapter 9 – Solution Chemistry
Chapter 9 – Solution Chemistry
Drawing a Cubist portrait in coloured pencil
Drawing a Cubist portrait in coloured pencil
Download
advertisement