wifi profiler cooperative diagnosis in wireless lan n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
WiFi Profiler: Cooperative Diagnosis in Wireless LAN PowerPoint Presentation
Download Presentation
WiFi Profiler: Cooperative Diagnosis in Wireless LAN

Loading in 2 Seconds...

play fullscreen
1 / 62
doctor

WiFi Profiler: Cooperative Diagnosis in Wireless LAN - PowerPoint PPT Presentation

121 Views
Download Presentation
WiFi Profiler: Cooperative Diagnosis in Wireless LAN
An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. WiFi Profiler: Cooperative Diagnosis in Wireless LAN Ayah Zirikly

  2. Authors Presented at MobiSys 2006 by • Ranveer Chandra • VenkataN.Padmanabhan • Ming Zhang Microsoft Research

  3. What this paper is presenting: • A system in which wireless hosts cooperate to diagnose and resolve network problem in an automated manner. WiFi Profiler

  4. Key observation behind the paper • If the host is disconnected, it is often in the range of other wireless nodes and is able to communicate with them peer-to-peer, to get access to the information gathered.

  5. Goal of the paper • Creating a shared information plane that enables wireless hosts to exchange a range of information about their network settings. • By aggregating such information across multiple wireless hosts WiFiProfilerinfer the likely cause of the problem.

  6. Differences between WiFiProfiler and previous tools • Previous tools like the one we saw in the last paper is not automated as it still needs the network administrator to figure out the problem. • Do not depend on any special vulnerabilities/characteristics in 802.11

  7. Wireless LAN Architecture • Wireless Security: • MAC filtering: rejecting packets that their MAC address does not belong to a predefined list. • WEP: key setting configured manually at the AP and the wireless clients. • WPA: key setting configured • Automatically using 802.1X • Manually (user enter passphrase). • DHCP: • In addition to giving the client IP address, it provides other configuration information like the IP address of the gateway and LDNS server. • Firewall: • Port blocking. • Others… • Application-level proxies.

  8. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  9. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  10. No AP detected The client is not receiving the broadcasted beacons. Reasons: • Out of Range. • Channel noise. • HW/SW incompatibility.

  11. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  12. No association with the AP • AP is malfunctioning • Client does not have a good consistent signal. • Inappropriate MAC Address (MAC filtering). • Software Incompatibilities (outdated driver). • Hardware Incompatibilities (wireless cards). • Wrong WEP Key, or WPA authentication. • Other security related issues.

  13. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  14. Inability to obtain an IP address • Client side • Wrong key (WEP/WPA) • Wrong MAC. • Configuration problem. • AP side • Wired interface is malfunctioning or disconnected. • DHCP side • IP address pool exhausted. • Server being down.

  15. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  16. End-to-End communication failure • DNS resolution failure: • Incorrect local DNS server settings. • Failure in the DNS infrastructure. • Firewall might selectively block communication. • Common FW ports not open • The use of application proxies. • Proxy Server down • Inappropriate client proxy settings • Disconnected wireless LAN • Equipment Malfunction • Equipment Failure

  17. Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion

  18. Poor performance • Lossy wireless link due to: • Weak signal. • Noise. • Network Congestion(wireless medium or WAN) • Too many legitimate users consuming network resources. • Misbehaved users. • Combination of both…

  19. Examples of the shared information Plane • Having or not the ability to be connected to a certain wireless network or AP. • The ability or not to obtain IP address. • Experiencing poor performance.

  20. Sensing Communication Diagnosis Architecture of WiFi Profiler • Components of WiFi Profiler:

  21. Design and Implementation of WiFiProfiler • Sensing : Make local observations of network configurations and health at the individual wireless clients. • Communication: Enable peer-to-peer communication among wireless hosts within range • Diagnosis: Infer the likely causes of the problems experienced by clients and possible steps for resolution

  22. Sensing Mission: Make passive observations of the network health and network configuration information at the individual wireless clients.

  23. Sensing • Wireless layer Wireless (HW/SW) configuration information (Static Information): • NIC model. • NIC name. • Driver version.

  24. SensingWireless Layer • Information about Wireless network in the vicinity: • BSSID list: (Basic Service set Identifiers) • The list of BSSIDs corresponding to the APs from whom beacons have been heard . • SSID list: (Service Set Identity) • Name identifies the network. • SSID may have multiple BSSIDs that a client can be associated with. • RSSI list: • Received signal of the BSSID. • Average RSSI reported.

  25. SensingWireless Layer Security settings information: • Security protocol: • WEP/WPA key used for authentication or/and encryption. • To avoid exposing the key, only one–way hashing of this information is shared.

  26. SensingWireless Layer • Information about the state of the wireless channel: • Beacon loss rate: • Based on the number of beacon frames that are not received at a client. • Loss rate of client broadcast UDP beacons (since some drivers do not compute BLR ). • Interface queue length: • Sampling the packet queue length at the wireless interface on a continual basis. • Indicator of the wireless congestion.

  27. Sensing • Network layer: Dynamic Information concerns: • IP address/subnet/mask: the IP address, subnet, and netmask corresponding to the wireless interface. • IP mode: whether the client’s IP address is assigned statically or obtained dynamically using DHCP. • DHCP information: the IP address of the DHCP server that lease the address and when the lease happened. • LDNS information: the IP address(es) of the local DNS server(s).

  28. Sensing • Transport layer: Learn about the E2E network connectivity over the wide-area network that can be affected by firewalls, congestion/disconnection of the WAN link. Information obtained (Dynamic Information): • Failed connection attempts: Number of connection and failed attempts. • Packet retransmission: Number of retransmitted TCP segments. • Server port numbers with successful TCP connections: Successful connection on a certain server port numbers (if not, firewall might blocking access).

  29. Sensing Successful Connection • Protocol state example: Established Time-wait Start SYN-SENT Established Time-wait Established Time-wait Start Connection failed Port blocking SYN-SENT Start SYN-ACK time- out

  30. Sensing • Application layer: Configuration information related to the wireless communication. • Web proxy setting: HTTP proxy has been used?? • Host name. • Port number.

  31. Sensing • Summarizing Sensing Information: Needed to reduce the overhead of sharing with peers. • Configuration information (NIC type, …etc): • Values from the recent snapshots. • Dynamic information: • Compute aggregate (average or threshold) metric over: • 60 seconds for wireless-related information. • 300 seconds for TCP-related information. • BSSID list, SSID list: • Union of the distinct values of the sets.

  32. Communication • Enables wireless client having problems “requester” to obtain information from its peers “responders”. • Challenges observed: • Requester and responders are not in the same network. • Requester is disconnected. • Requires responder to disconnect from its current network. • WiFiProfiler framework enables exchanging information without the need of disconnecting the responder from its network. • Key observation: • Disconnected node can initiate AH network with the responders. • Responder can connect to the requester’s AH without disconnecting from its network. Can be accomplished using two NICs or virtualWiFi

  33. Communication • Each client using WiFiProfiler has two adapters: • Primary adapter: • Used for its normal communication. • Helper adapter: • Used to exchange information with peers.

  34. Communication • Communication protocol Initialize Requester: The client activates the helper network adapter

  35. Communication • Communication protocol Start AH Network: Started over the helper network adapter, with the appropriate SSID and IP address.

  36. Communication • Communication protocol Initialize Responder: Parses the SSID field to see if it corresponds to a requester. If so, it activates its helper adapter.

  37. Communication • Communication protocol Join Network, Send Response: Sets up a socket connection with the corresponding IP address and Port# Then, start sending information to the requester.

  38. Communication • Communication protocol • Stop Responder: • After sending responses • Closes socket connection. • Stops the helper adapter.

  39. Communication • Communication protocol • Stop Requester: • After sufficient number of responses • Shuts down socket. • Stops the helper adapter.

  40. Communication Communication protocol steps using VirtualWiFi: • Requester activates its helper adapter and configures it with the help SSID. • The responder after detecting “Help” request, it activates its helper adapter. • VirtualWiFi switches the physical card across the primary and helper adapter. • Responder stops VirtualWiFi (unbind helper adapter after sending responses). • Requester activates its primary adapter to stop the AH network. Complete within a few milliseconds.

  41. Communication Communication protocol steps using two NICs: • WiFiProfiler assigns static IP address to the helper adapter. • Requester activates its helper adapter. • Primary adapter scans the channels for the requester’s beacons. • Responder activates its helper adapter when detecting a requester. • The helper adapter scans the channels to locate the requester’s network. • Responder joins AH network.. • The responder disables its helper adapter after sending responses.

  42. Communication • Optimization to keep the overhead on the responder low: • Summarizing the sensing information in 1200bytes to fit into a single packet (keep the protocol as simple as possible). • Using UDP for the responses giving the responder the ability to send single packet and then leave the AH network. • Limit the responding rate for help to provide protection from malicious users. • Responders wait for a random time before joining the AH network and responding (useful in the case of large number of potential responders). • Responders can cache recently sent responses to send it to current requesters.

  43. Diagnosis • Based on the information gathered from the peer nodes. Inability to detect an AP: Reasons: • No AP in its vicinity. • Beacons are not detected at the current location. • HW/SW incompatibility between the client and AP. • Client wireless NIC is not working.

  44. Diagnosis Inability to detect AP Diagnosing steps: • If the client does not hear from any peers it is because: • No WiFiProfiler-enabled in its vicinity. • NIC is not working. • If a peer with the same NIC type and driver version is able to receive beacons client current location is the cause. • If all the peers has the same NIC type but different driver version NIC driver version or client current location is the cause. • If all the peers have different NIC types. client NIC type, NIC driver version, or current location is the cause. Resolution of the problem: User action: changing NICs, installing a new driver, or changing location.

  45. Diagnosis Inability to associate with AP: Reasons: • AP uses security mechanisms like MAC filtering, WEP, WPA. • Weak wireless link at the client’s current location. • Incompatibility between the NIC type or driver and the AP hardware. • AP malfunction.

  46. Diagnosis Inability to associate with AP Diagnosing steps: • Client authentication configurations does not match the successfully associated peers (incorrect key) configuration information missing/wrong. • Client has higher BLR/has lower RSSI than its successfully associated peers weak link due to client current location. • If a peer with the same NIC type and driver version is able to associate MAC filtering is applied at the AP. Resolution of the problem: User action: changing authentication key/passphrase, location, NICs, or installing a new driver. Operator action: adding NIC MAC address to the MAC filter list.

  47. Diagnosis Inability to obtain IP address: Reasons: • Incorrect WEP key that prevents communication with AP. • AP hardware malfunctioning or disconnections that prevents the AP from communicating with DHCP server. • DHCP is down or out of addresses and is not responding to the requests.

  48. Diagnosis Inability to obtain IP address Diagnosing steps: • Client WEP encryption key does not match its successfully associated peers configuration information missing/wrong. • One or more peer is successfully associated but did not obtain IP address DHCP server or general connectivity problems. • If at least one peer established successful wide-are communication. Failure or address exhaustion at the DHCP. Resolution of the problem: User action: changing authentication key/passphrase, location, NICs, or installing a new driver. Operator action: resolve DHCP server problem or hardware disconnection problem.

  49. Diagnosis End-to-End Communication Failure: Reasons: • DNS resolution failure: • Incorrect local DNS server setting. • LDNS server is down or unreachable. • General problem with DNS that is not specific to local wireless network. • E2E connectivity problems. • Incorrect application proxy setting. • Application proxy is down or disconnected. • Firewall blocking access. • Connectivity problem between the wireless LAN and the wide-area network.

  50. Diagnosis E2E communication failure DNS resolution Failure: Diagnosing steps: • If a peer with a different LDNS setting reports a high success rate while no peer with the same LDNS setting reports it. incorrect LDNS server setting • All peers report a high failure rate for DNS resolution, with no response from the server. LDNS server is down or unreachable. • Otherwise, general DNS problem. Misconfiguration or WAN connectivity issues. Resolution of the problem: User action: changing the client’s LDNS setting. Otherwise, operator intervention needed.