1 / 34

Ch. 2 – 802.11 and NICs Part 2 – 802.11 MAC

Ch. 2 – 802.11 and NICs Part 2 – 802.11 MAC. This presentation was originally developed by Prof. Rick Graziani, and modified by Prof Yousif. 802.11 Overview and MAC Layer. Part 1 – 802.11 MAC and Cisco Client Adapters (Separate Presentation) 2.1 Online Curriculum 802.11 Standards

sezja
Download Presentation

Ch. 2 – 802.11 and NICs Part 2 – 802.11 MAC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ch. 2 – 802.11 and NICsPart 2 – 802.11 MAC This presentation was originally developed by Prof. Rick Graziani, and modified by Prof Yousif

  2. 802.11 Overview and MAC Layer Part 1 – 802.11 MAC and Cisco Client Adapters • (Separate Presentation) • 2.1 Online Curriculum • 802.11 Standards • Overview of WLAN Topologies • IBSS • BSS • ESS • Access Points • 802.11 Medium Access Mechanisms • DCF Operations • Hidden Node Problem • RTS/CTS • Frame Fragmentation • 2.4 – 2.6 Online Curriculum • Client Adapters • Aironet Client Utility (ACU) • ACU Monitoring and Troubleshooting Tools Part 2 – 802.11 MAC • 802.11 Data Frames and Addressing • 802.11 MAC Layer Operations • Station Connectivity • Power Save Operations • 802.11 Frame Formats • Non-standard devices (Brief)

  3. Recommended Reading and Sources for this Presentation • To understand WLANs it is important to understand the 802.11 protocols and their operations. • These two books do an excellent job in presenting this information and is used throughout this and other presentations. Pejman Roshan Jonathan Leary ISBN: 1587050773 Matthew S. Gast ISBN: 0596001835

  4. Acknowledgements • Thanks to Pejman Roshan and Jonathan Leary at Cisco Systems, authors of 802.11 Wireless LAN Fundamentals for allowing me to use their graphics and examples for this presentation. • Also thanks to Matthew Gast for author of 802.11 Wireless Networks, The Definitive Guide for allowing me to use their graphics and examples for this presentation.

  5. 802.11 Frames – This isn’t Ethernet! 802.11 Frames • Data Frames (most are PCF) • Data • Null data • Data+CF+Ack • Data+CF+Poll • Data+CF+Ac+CF+Poll • CF-Ack • CF-Poll • CF-Cak+CF-Poll • Control Frames • RTS • CTS • ACK • CF-End • CF-End+CF-Ack • Management Frames • Beacon • Probe Request • Probe Response • Authentication • Deauthentication • Association Request • Association Response • Reassociation Request • Reassociation Response • Disassociation • Announcement Traffic Indication

  6. 802.11 Data Frames and Addressing

  7. 802.11 MAC Addressing • Let’s look at these options: • Host A to Host B • Host A to Host X • Host X to Host A • Frames to and from a BSS must go via the access point. • The access point is a layer 2 bridge (translation bridge) between the 802.11 network and the 802.3 network. X xxx Y Distribution System (DS) 111 Access Point 1 Access Point 2 C A B D aaa bbb aaa bbb 111 Pseudo MAC address of hosts and AP1

  8. X 802.11 MAC Addressing xxx Y Distribution System (DS) • Each BSS is assigned a BSSID. • Not to be confused with SSID or ESSID. • BSSID – 48 bit identifier which distinguishes it from other BSSs in the network. • Some BSSs may overlap and the APs need to know which AP the frame is for. • In a BSS, the BSSID is the MAC address of the wireless interface, I.e. the MAC address of the AP - wireless (translating) bridge. • Remember, normal switches (bridges) may have MAC addresses, but these addresses are only used for management purposes and not for layer 2 frame forwarding (addressing). 111 The BSSID Access Point 1 Access Point 2 C A B D bbb aaa General 802.11 Frame

  9. X 802.11 MAC Addressing xxx Y Distribution System (DS) • Address 1 – Receiver address • Address 2 – Transmitter address • Address 3 – Ethernet SA, Ethernet DA, or BSSID • Transmitter: Sends a frame on to the wireless medium, but doesn’t necessarily create the frame. • Receiver: Receives a frame on the wireless medium, but may not be the destination, i.e. may be the access point. 111 Host A to Host B Access Point 1 Access Point 2 C A B D bbb aaa General 802.11 Frame

  10. X 802.11 MAC Addressing xxx Y Distribution System (DS) • Address 1 – Receiver address • Address 2 – Transmitter address • Address 3 – Ethernet SA, Ethernet DA, or BSSID 111 Host A to Host B Access Point 1 Access Point 2 C A B D bbb aaa Host A to AP 1 Rec. Trans. DA 111 aaa bbb 0 0 Rec. Trans. SA AP1 to Host B bbb 111 aaa 0 0

  11. X 802.11 MAC Addressing xxx Y Distribution System (DS) 111 Host A to Host X Access Point 1 Access Point 2 C A B D aaa bbb Host A to AP 1 Rec. Trans. DA 802.11 Frame 111 aaa xxx 1 0 copied Host A to AP 1 xxx aaa • The Ethernet DA and SA are the source and destination addresses just like on traditional Ethernet networks. • Destination Address – Host X • Source Address – Host A

  12. X 802.11 MAC Addressing xxx Y Distribution System (DS) 111 Host A to Host X Access Point 1 Access Point 2 C A B D aaa bbb Host A to AP 1 Rec. Trans. DA 802.11 Frame 111 aaa xxx copied 1 0 xxx aaa Host A to AP 1 • The AP (bridge) knows which MAC address on on its wireless interface and maintains a table with those MAC addresses. (from the Association process – later) • When the AP receives an 802.11 frame, it examines the Address 3 address. • If Address 3 is not in its table of wireless MACs it knows it needs to translate the frame to an Ethernet frame. • The AP copies the Address 3 address to the Ethernet Destination Address, and Address 2 (Transmitter address) is copied to the Ethernet Source Address.

  13. 802.11 MAC Addressing Host X to Host A X xxx Y Distribution System (DS) 111 Access Point 1 Access Point 2 C A B D bbb aaa

  14. X 802.11 MAC Addressing xxx Y Distribution System (DS) 111 Host X to Host A Access Point 1 Access Point 2 C A B D bbb aaa Host X to AP 1 aaa xxx Destination Address – Host X Source Address – Host A copied AP 1 to Host A Rec. Trans. SA 802.11 Frame aaa 111 xxx 0 1

  15. 802.11 MAC Layer Operations Station Connectivity Power Save Operations

  16. Station Connectivity • Earlier we stated, at a minimum a client station and the access point must be configured to be using the same SSID. • How does the client find these APs? • Before connecting to any network, you must find it. • Ethernet, the cable does that for you, but of course there is no cable with wireless. • There are various applications and utilities that will do it, but what is actually happening in the 802.11 MAC operations? • Let’s take a look…

  17. Station Connectivity Successful Authentication Successful Association • Station connectivity is an explanation of how 802.11 stations select and communicate with APs. State 1 Unauthenticated Unassociated State 2 Authenticated Unassociated State 3 Authenticated Associated Deauthentication Disassociation

  18. Station Connectivity • We will look at three processes: • Probe Process (or scanning) • The Authentication Process • The Association Process • Only after a station has both authenticated and associated with the access point can it use the Distribution System (DS) services and communicate with devices beyond the access point. Probe process Authentication process Association process Successful Authentication Successful Association State 1 Unauthenticated Unassociated State 2 Authenticated Unassociated State 3 Authenticated Associated Deauthentication Disassociation

  19. Station Connectivity – Probe Process • The Probe Process (Scanning) done by the wireless station • Passive - Beacons • Active – Probe Requests • Depends on device drive of wireless adapter or the software utility you are using. • Cisco adapters do active scanning when associating, but use passive scanning for some tests. • In either case, beacons are still received and used by the wireless stations for other things besides scanning (coming).

  20. Station Connectivity – Passive Scanning • Passive Scanning • Saves battery power • Station moves to each channel and waits for Beacon frames from the AP. • Records any beacons received. • Beacon frames allow a station to find out every thing it needs to begin communications with the AP including: • SSID • Supported Rates • Kismet/KisMAC uses passive scanning

  21. Station Connectivity – Passive Scanning

  22. Station Connectivity – Passive Scanning Note: Most of these beacons are received via normal operations and not through passive scanning.

  23. Station Connectivity – Passive Scanning • Passive scans, carried out by listening to Beacons from APs, are not usually displayed by a network analyzer (Ethereal, Airopeek, etc.) but can be. • Microsecond – millionth of a second • Millisecond – thousandth of a second • A common beacon interval is 100 time units. • Beacon interval is the number of time units between beacon transmissions. • One unit of time is 1 millisecond. • A beacon interval of 100 is equivalent to 100 milliseconds or 0.1 seconds. • That would be 10 beacons per second.

  24. Station Connectivity – Passive Scanning • AP features (options) • The SSID can be “hidden” or “cloaked” in the beacon frame (can be done on Cisco APs) • From some mailing lists: • “SSID cloaking and beacon hiding isn't necessarily a bad thing, but too many places use it as the only protection because it leads to a false sense of security.” • “Obscurity != security. Too many companies blindly trust that no beaconing or hiding their SSID means they're automatically safe.”

  25. Station Connectivity – Active Scanning • Active Scanning: Probe Request • A Probe Request frame is sent out on every channel (1 – 11) by the client. • APs that receive Probe Requests must reply with a Probe Response frame if: • SSID matches or • Probe Request had a broadcast SSID (0 byte SSID) • NetStumbler uses active scanning From the client

  26. Station Connectivity – Active Scanning • Active Scanning: Probe Response • On BSSs the AP is responsible for replying to Probe Requests withProbe Responses. • Probe Responses are unicast frames. • Probe Responses must be ACKnowledged by the receiver (client). • Like a beacon, Probe Response frames allow a station to find out every thing it needs to begin communications with the AP including: • SSID • Supported Rates 1 3 2 From the AP

  27. Station Connectivity Hey, I didn’t do anything and I am on the Internet! • Access Points can be configured whether or not to allow clients with broadcast SSIDs to continue the connectivity process. • If there is no authentication on the AP, then the client will most likely “associate” and be on their network! • Cisco APs use a default SSID of tsunami known as the “guest mode”SSID. (coming) • Unless this feature is disabled or authentication is enabled, anyone can easily associate with your AP and access your network (or the Internet). No SSID Probe Request Broadcast (no) SSID Probe Response SSID = tsunami ACK

  28. Authentication Process • On a wired network, authentication is implicitly provided by the physical cable from the PC to the switch. • Authentication is the process to ensure that stations attempting to associate with the network (AP) are allowed to do so. • 802.11 specifies two types of authentication: • Open-system • Shared-key (makes use of WEP)

  29. Authentication Process – Open-System • Open-system authentication really “no authentication”.

  30. Authentication Process – Shared-Key • Shared-key authentication uses WEP (Wired Equivalent Privacy) and can only be used on products that support WEP. • WEP is a Layer 2 encryption algorithm bsed on the RC4 algorithm. • 802.11 requires any stations that support WEP to also support shared-key authentication. • WEP will be examined more closely when we discuss security. • For now both the client and the AP must have a shared-key, password.

  31. Authentication Process • We’ll look at the configuration of the client and AP later! • Example of open-system authentication. • Note: On “some” systems you can configure authentication (WEP) and WEP encryption separately. On the ACU you can have open-system authentication and also have WEP encryption. However, if you have Shared-key (WEP) authentication, you must use WEP encryption.

  32. Authentication Process • Authentication • Open-System • Shared-Key (WEP) • Encryption • None • WEP only or

  33. Association Process • The association process is logically equivalent to plugging into a wired network. • Once this process is completed, the wireless station can use the DS and connect to the network and beyond. • A wireless station can only associate with one AP (802.11 restriction) • During the 802.11 association process the AP maps a logical port known as the Association Identifier (AID) to the wireless station. • The AID is equivalent to a port on a switch and is used later in Power Save Options. • The association process allows the DS to keep track of frames destined for the wireless station, so they can be forwarded. 1. Association Request 2. Association Response

  34. Association Process • At this point the AP adds the source address of the wireless client to its Source Address Table. • This is how the AP knows to forward frames destined to the client out the wireless interface (802.11) and not the wired interface (802.3/Ethernet). • The AP usually learns the wireless client’s Source Address sooner, either in the Probe Request or Authentication Request frames, but this is where it “officially” adds the wireless client to it MAC table.

More Related