1 / 16

Refocusing in 802.11 Wireless Measurement

ISTS. Refocusing in 802.11 Wireless Measurement. Udayan Deshpande (ISTS*, Dartmouth College) Chris McDonald (The University of Western Australia) David Kotz (ISTS*, Dartmouth College) *Institute of Security Technology Studies. Wireless LANs becoming the dominant transport

keefe-cooley
Download Presentation

Refocusing in 802.11 Wireless Measurement

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISTS Refocusing in 802.11 Wireless Measurement Udayan Deshpande (ISTS*, Dartmouth College) Chris McDonald (The University of Western Australia) David Kotz (ISTS*, Dartmouth College) *Institute of Security Technology Studies

  2. Wireless LANs becoming the dominant transport Global equipment market $4b by 2010 (Infonetics07) Mission-critical, voice/video over wireless - VoWLAN $15b by 2012 (Juniper07) Fast moving area; new device and packet technologies - 802.11i, 802.11n, 802.11e, 802.16 Security Denial of Service (DoS) attacks, Reduction of Quality (RoQ) attacks, consuming excessive bandwidth, disrupting VoIP and video protocols Rogue APs Management Automated diagnosis of network problems, live network trace. 802.11 monitoring needed ISTS

  3. Sniffer Sniffer Sniffer Sniffer Sniffer Sniffer Locating a 802.11 Node Ch 1,2 Ch 3,4 In an ideal world, densely deployed sniffers capture every transmission Every channel is monitored at every location Ch 5,6 Channel 6 Ch 7,8 Ch 9,10 Ch 11 ISTS

  4. Sniffer A More Realistic Scenario Most deployments have very few dedicated sniffers collecting a very small sample Holes in coverage on most channels at most locations Channel 6 Ch 1,2 ISTS

  5. Many 802.11 Channels 1 2 3 4 5 6 7 8 9 10 11 12 13 14 802.11b/g • Possible 78 channels to monitor - (including 802.11n) • Full capture would require 78 radios at each location 36 40 44 48 52 56 60 64 68 100 104 108 112 116 120 802.11a 124 128 132 136 140 149 153 157 161 165 1 1 2 2 3 3 4 5 6 7 8 9 10 11 12 13 14 14 36 36 40 40 44 44 48 52 56 60 64 68 100 104 108 112 116 120 802.11n 124 128 132 136 140 149 153 157 161 165 165 ISTS

  6. Sniffer Our Sampling Architecture Controller Deploy sniffers that sample frames and forward them to downstream consumer What is the sampling strategy? Sniffer Sniffer frames Merger frames Analysis ISTS

  7. 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 5 6 7 8 Equal 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 5 6 7 8 Proportional Equal Sampling • Each interface spends time on a set of channels • Each channel is equally important ISTS

  8. 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 5 6 7 8 Equal 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 5 6 7 8 Proportional Proportional Sampling • Spend time on each channel proportional to its importance • What is important? • Higher volume of traffic • Greater number or clients Each channel has its own counter (e.g. # frames) Time spent on each channel proportional to the value of thecounter ISTS

  9. Channel Importance is Variable • Subjective • Up to the downstream consumer • Changes with time • Ideal world • Every frame is available instantaneously ISTS

  10. Sniffer Bridging the Gap Between Full Capture and Sampling Controller • The consumer tells the monitoring system what is important • The monitoring system modifies its behavior quickly (changes focus) Sniffer Sniffer frames Merger Refocus request frames ISTS Analysis

  11. Sniffer Refocusing Requests are Predicates Controller Sniffer frames Merger "src == 00:16:cb:b7:18:82 && dst == a0:12:bd:b7:14:23" frames Analysis ISTS

  12. 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 5 6 7 8 Equal 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 5 6 7 8 Proportional Predicate Proportional Sampling • The current predicate is the “focus” • The monitoring system quickly changes focus as per the needs of the consumer • Each channel has its own counter • (# frames that match the predicate) • Time spent on each channel proportional to the value of the counter ISTS

  13. Refocusing Experiment Setup Carried a transmitting client around the building Without refocusing and with refocusing enabled “dst == 22:22:22:22:22:22” ISTS

  14. Better Capture for Matching Frames ISTS

  15. Baseline is Unaffected ISTS

  16. ISTS Summary • Full-capture is not possible in wireless monitoring, hence sampling • The focus of a wireless monitoring system changes from time to time • It is dependant on the consumer of the sampled traffic • Our technique enables quick change of focus as per the requests of the consumer MAP http://www.cs.dartmouth.edu/~map Supported by award NBCH2050002 from HSARPA, DHS Science and Technology Directorate ISTS

More Related