1 / 62

WiFi Profiler: Cooperative Diagnosis in Wireless LAN

WiFi Profiler: Cooperative Diagnosis in Wireless LAN. Ayah Zirikly. Authors. Presented at MobiSys 2006 by Ranveer Chandra Venkata N.Padmanabhan Ming Zhang . Microsoft Research. What this paper is presenting:.

doctor
Download Presentation

WiFi Profiler: Cooperative Diagnosis in Wireless LAN

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WiFi Profiler: Cooperative Diagnosis in Wireless LAN Ayah Zirikly

  2. Authors Presented at MobiSys 2006 by • Ranveer Chandra • VenkataN.Padmanabhan • Ming Zhang Microsoft Research

  3. What this paper is presenting: • A system in which wireless hosts cooperate to diagnose and resolve network problem in an automated manner. WiFi Profiler

  4. Key observation behind the paper • If the host is disconnected, it is often in the range of other wireless nodes and is able to communicate with them peer-to-peer, to get access to the information gathered.

  5. Goal of the paper • Creating a shared information plane that enables wireless hosts to exchange a range of information about their network settings. • By aggregating such information across multiple wireless hosts WiFiProfilerinfer the likely cause of the problem.

  6. Differences between WiFiProfiler and previous tools • Previous tools like the one we saw in the last paper is not automated as it still needs the network administrator to figure out the problem. • Do not depend on any special vulnerabilities/characteristics in 802.11

  7. Wireless LAN Architecture • Wireless Security: • MAC filtering: rejecting packets that their MAC address does not belong to a predefined list. • WEP: key setting configured manually at the AP and the wireless clients. • WPA: key setting configured • Automatically using 802.1X • Manually (user enter passphrase). • DHCP: • In addition to giving the client IP address, it provides other configuration information like the IP address of the gateway and LDNS server. • Firewall: • Port blocking. • Others… • Application-level proxies.

  8. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  9. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  10. No AP detected The client is not receiving the broadcasted beacons. Reasons: • Out of Range. • Channel noise. • HW/SW incompatibility.

  11. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  12. No association with the AP • AP is malfunctioning • Client does not have a good consistent signal. • Inappropriate MAC Address (MAC filtering). • Software Incompatibilities (outdated driver). • Hardware Incompatibilities (wireless cards). • Wrong WEP Key, or WPA authentication. • Other security related issues.

  13. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  14. Inability to obtain an IP address • Client side • Wrong key (WEP/WPA) • Wrong MAC. • Configuration problem. • AP side • Wired interface is malfunctioning or disconnected. • DHCP side • IP address pool exhausted. • Server being down.

  15. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  16. End-to-End communication failure • DNS resolution failure: • Incorrect local DNS server settings. • Failure in the DNS infrastructure. • Firewall might selectively block communication. • Common FW ports not open • The use of application proxies. • Proxy Server down • Inappropriate client proxy settings • Disconnected wireless LAN • Equipment Malfunction • Equipment Failure

  17. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  18. Poor performance • Lossy wireless link due to: • Weak signal. • Noise. • Network Congestion(wireless medium or WAN) • Too many legitimate users consuming network resources. • Misbehaved users. • Combination of both…

  19. Examples of the shared information Plane • Having or not the ability to be connected to a certain wireless network or AP. • The ability or not to obtain IP address. • Experiencing poor performance.

  20. Sensing Communication Diagnosis Architecture of WiFi Profiler • Components of WiFi Profiler:

  21. Design and Implementation of WiFiProfiler • Sensing : Make local observations of network configurations and health at the individual wireless clients. • Communication: Enable peer-to-peer communication among wireless hosts within range • Diagnosis: Infer the likely causes of the problems experienced by clients and possible steps for resolution

  22. Sensing Mission: Make passive observations of the network health and network configuration information at the individual wireless clients.

  23. Sensing • Wireless layer Wireless (HW/SW) configuration information (Static Information): • NIC model. • NIC name. • Driver version.

  24. SensingWireless Layer • Information about Wireless network in the vicinity: • BSSID list: (Basic Service set Identifiers) • The list of BSSIDs corresponding to the APs from whom beacons have been heard . • SSID list: (Service Set Identity) • Name identifies the network. • SSID may have multiple BSSIDs that a client can be associated with. • RSSI list: • Received signal of the BSSID. • Average RSSI reported.

  25. SensingWireless Layer Security settings information: • Security protocol: • WEP/WPA key used for authentication or/and encryption. • To avoid exposing the key, only one–way hashing of this information is shared.

  26. SensingWireless Layer • Information about the state of the wireless channel: • Beacon loss rate: • Based on the number of beacon frames that are not received at a client. • Loss rate of client broadcast UDP beacons (since some drivers do not compute BLR ). • Interface queue length: • Sampling the packet queue length at the wireless interface on a continual basis. • Indicator of the wireless congestion.

  27. Sensing • Network layer: Dynamic Information concerns: • IP address/subnet/mask: the IP address, subnet, and netmask corresponding to the wireless interface. • IP mode: whether the client’s IP address is assigned statically or obtained dynamically using DHCP. • DHCP information: the IP address of the DHCP server that lease the address and when the lease happened. • LDNS information: the IP address(es) of the local DNS server(s).

  28. Sensing • Transport layer: Learn about the E2E network connectivity over the wide-area network that can be affected by firewalls, congestion/disconnection of the WAN link. Information obtained (Dynamic Information): • Failed connection attempts: Number of connection and failed attempts. • Packet retransmission: Number of retransmitted TCP segments. • Server port numbers with successful TCP connections: Successful connection on a certain server port numbers (if not, firewall might blocking access).

  29. Sensing Successful Connection • Protocol state example: Established Time-wait Start SYN-SENT Established Time-wait Established Time-wait Start Connection failed Port blocking SYN-SENT Start SYN-ACK time- out

  30. Sensing • Application layer: Configuration information related to the wireless communication. • Web proxy setting: HTTP proxy has been used?? • Host name. • Port number.

  31. Sensing • Summarizing Sensing Information: Needed to reduce the overhead of sharing with peers. • Configuration information (NIC type, …etc): • Values from the recent snapshots. • Dynamic information: • Compute aggregate (average or threshold) metric over: • 60 seconds for wireless-related information. • 300 seconds for TCP-related information. • BSSID list, SSID list: • Union of the distinct values of the sets.

  32. Communication • Enables wireless client having problems “requester” to obtain information from its peers “responders”. • Challenges observed: • Requester and responders are not in the same network. • Requester is disconnected. • Requires responder to disconnect from its current network. • WiFiProfiler framework enables exchanging information without the need of disconnecting the responder from its network. • Key observation: • Disconnected node can initiate AH network with the responders. • Responder can connect to the requester’s AH without disconnecting from its network. Can be accomplished using two NICs or virtualWiFi

  33. Communication • Each client using WiFiProfiler has two adapters: • Primary adapter: • Used for its normal communication. • Helper adapter: • Used to exchange information with peers.

  34. Communication • Communication protocol Initialize Requester: The client activates the helper network adapter

  35. Communication • Communication protocol Start AH Network: Started over the helper network adapter, with the appropriate SSID and IP address.

  36. Communication • Communication protocol Initialize Responder: Parses the SSID field to see if it corresponds to a requester. If so, it activates its helper adapter.

  37. Communication • Communication protocol Join Network, Send Response: Sets up a socket connection with the corresponding IP address and Port# Then, start sending information to the requester.

  38. Communication • Communication protocol • Stop Responder: • After sending responses • Closes socket connection. • Stops the helper adapter.

  39. Communication • Communication protocol • Stop Requester: • After sufficient number of responses • Shuts down socket. • Stops the helper adapter.

  40. Communication Communication protocol steps using VirtualWiFi: • Requester activates its helper adapter and configures it with the help SSID. • The responder after detecting “Help” request, it activates its helper adapter. • VirtualWiFi switches the physical card across the primary and helper adapter. • Responder stops VirtualWiFi (unbind helper adapter after sending responses). • Requester activates its primary adapter to stop the AH network. Complete within a few milliseconds.

  41. Communication Communication protocol steps using two NICs: • WiFiProfiler assigns static IP address to the helper adapter. • Requester activates its helper adapter. • Primary adapter scans the channels for the requester’s beacons. • Responder activates its helper adapter when detecting a requester. • The helper adapter scans the channels to locate the requester’s network. • Responder joins AH network.. • The responder disables its helper adapter after sending responses.

  42. Communication • Optimization to keep the overhead on the responder low: • Summarizing the sensing information in 1200bytes to fit into a single packet (keep the protocol as simple as possible). • Using UDP for the responses giving the responder the ability to send single packet and then leave the AH network. • Limit the responding rate for help to provide protection from malicious users. • Responders wait for a random time before joining the AH network and responding (useful in the case of large number of potential responders). • Responders can cache recently sent responses to send it to current requesters.

  43. Diagnosis • Based on the information gathered from the peer nodes. Inability to detect an AP: Reasons: • No AP in its vicinity. • Beacons are not detected at the current location. • HW/SW incompatibility between the client and AP. • Client wireless NIC is not working.

  44. Diagnosis Inability to detect AP Diagnosing steps: • If the client does not hear from any peers it is because: • No WiFiProfiler-enabled in its vicinity. • NIC is not working. • If a peer with the same NIC type and driver version is able to receive beacons client current location is the cause. • If all the peers has the same NIC type but different driver version NIC driver version or client current location is the cause. • If all the peers have different NIC types. client NIC type, NIC driver version, or current location is the cause. Resolution of the problem: User action: changing NICs, installing a new driver, or changing location.

  45. Diagnosis Inability to associate with AP: Reasons: • AP uses security mechanisms like MAC filtering, WEP, WPA. • Weak wireless link at the client’s current location. • Incompatibility between the NIC type or driver and the AP hardware. • AP malfunction.

  46. Diagnosis Inability to associate with AP Diagnosing steps: • Client authentication configurations does not match the successfully associated peers (incorrect key) configuration information missing/wrong. • Client has higher BLR/has lower RSSI than its successfully associated peers weak link due to client current location. • If a peer with the same NIC type and driver version is able to associate MAC filtering is applied at the AP. Resolution of the problem: User action: changing authentication key/passphrase, location, NICs, or installing a new driver. Operator action: adding NIC MAC address to the MAC filter list.

  47. Diagnosis Inability to obtain IP address: Reasons: • Incorrect WEP key that prevents communication with AP. • AP hardware malfunctioning or disconnections that prevents the AP from communicating with DHCP server. • DHCP is down or out of addresses and is not responding to the requests.

  48. Diagnosis Inability to obtain IP address Diagnosing steps: • Client WEP encryption key does not match its successfully associated peers configuration information missing/wrong. • One or more peer is successfully associated but did not obtain IP address DHCP server or general connectivity problems. • If at least one peer established successful wide-are communication. Failure or address exhaustion at the DHCP. Resolution of the problem: User action: changing authentication key/passphrase, location, NICs, or installing a new driver. Operator action: resolve DHCP server problem or hardware disconnection problem.

  49. Diagnosis End-to-End Communication Failure: Reasons: • DNS resolution failure: • Incorrect local DNS server setting. • LDNS server is down or unreachable. • General problem with DNS that is not specific to local wireless network. • E2E connectivity problems. • Incorrect application proxy setting. • Application proxy is down or disconnected. • Firewall blocking access. • Connectivity problem between the wireless LAN and the wide-area network.

  50. Diagnosis E2E communication failure DNS resolution Failure: Diagnosing steps: • If a peer with a different LDNS setting reports a high success rate while no peer with the same LDNS setting reports it. incorrect LDNS server setting • All peers report a high failure rate for DNS resolution, with no response from the server. LDNS server is down or unreachable. • Otherwise, general DNS problem. Misconfiguration or WAN connectivity issues. Resolution of the problem: User action: changing the client’s LDNS setting. Otherwise, operator intervention needed.

More Related