Presentation is loading. Please wait.

Presentation is loading. Please wait.

WiFi Profiler: Cooperative Diagnosis in Wireless LAN Ayah Zirikly.

Published byBryan Sullivan Modified over 9 years ago

Similar presentations

Presentation on theme: "WiFi Profiler: Cooperative Diagnosis in Wireless LAN Ayah Zirikly."— Presentation transcript:

1 WiFi Profiler: Cooperative Diagnosis in Wireless LAN Ayah Zirikly

2 Authors Presented at MobiSys 2006 by Ranveer Chandra Venkata N.Padmanabhan Ming Zhang Microsoft Research

3 What this paper is presenting: A system in which wireless hosts cooperate to diagnose and resolve network problem in an automated manner. WiFi Profiler

4 Key observation behind the paper peer-to-peerIf the host is disconnected, it is often in the range of other wireless nodes and is able to communicate with them peer-to-peer, to get access to the information gathered.

5 Goal of the paper  Creating a shared information plane that enables wireless hosts to exchange a range of information about their network settings.  By aggregating such information across multiple wireless hosts WiFiProfiler infer the likely cause of the problem.

6 Differences between WiFiProfiler and previous tools Previous tools like the one we saw in the last paper is not automated as it still needs the network administrator to figure out the problem. Do not depend on any special vulnerabilities/characteristics in 802.11

7 Wireless LAN Architecture Wireless Security: ▫MAC filtering: rejecting packets that their MAC address does not belong to a predefined list. ▫WEP: key setting configured manually at the AP and the wireless clients. ▫WPA: key setting configured ▫Automatically using 802.1X ▫Manually (user enter passphrase). DHCP: ▫In addition to giving the client IP address, it provides other configuration information like the IP address of the gateway and LDNS server. Firewall : ▫Port blocking. ▫Others… Application-level proxies.

8 Causes of Network Problems No AP detected Location/distance HW or SW config. No association Authentication No IP address DHCP server E2E failure Firewall/proxy config. WAN disconnection Poor performance Wireless congestion WAN congestion

9 No AP detected Location/distance HW or SW config. No association Authentication No IP address DHCP server E2E failure Firewall/proxy config. WAN disconnection Poor performance Wireless congestion WAN congestion Causes of Network Problems

10 No AP detected The client is not receiving the broadcasted beacons. Reasons:  Out of Range.  Channel noise.  HW/SW incompatibility.

11 No AP detected Location/distance HW or SW config. No association Authentication No IP address DHCP server E2E failure Firewall/proxy config. WAN disconnection Poor performance Wireless congestion WAN congestion Causes of Network Problems

12 No association with the AP AP is malfunctioning Client does not have a good consistent signal. Inappropriate MAC Address (MAC filtering). Software Incompatibilities (outdated driver). Hardware Incompatibilities (wireless cards). Wrong WEP Key, or WPA authentication. Other security related issues.

13 No AP detected Location/distance HW or SW config. No association Authentication No IP address DHCP server E2E failure Firewall/proxy config. WAN disconnection Poor performance Wireless congestion WAN congestion Causes of Network Problems

14 Inability to obtain an IP address Client side ▫Wrong key (WEP/WPA) ▫Wrong MAC. ▫Configuration problem. AP side ▫Wired interface is malfunctioning or disconnected. DHCP side ▫IP address pool exhausted. ▫Server being down.

15 No AP detected Location/distance HW or SW config. No association Authentication No IP address DHCP server E2E failure Firewall/proxy config. WAN disconnection Poor performance Wireless congestion WAN congestion Causes of Network Problems

16 End-to-End communication failure DNS resolution failure:  Incorrect local DNS server settings.  Failure in the DNS infrastructure. Firewall might selectively block communication.  Common FW ports not open The use of application proxies.  Proxy Server down  Inappropriate client proxy settings Disconnected wireless LAN  Equipment Malfunction  Equipment Failure

17 No AP detected Location/distance HW or SW config. No association Authentication No IP address DHCP server E2E failure Firewall/proxy config. WAN disconnection Poor performance Wireless congestion WAN congestion Causes of Network Problems

18 Poor performance Lossy wireless link due to:  Weak signal.  Noise. Network Congestion(wireless medium or WAN)  Too many legitimate users consuming network resources.  Misbehaved users.  Combination of both…

19 Examples of the shared information Plane  Having or not the ability to be connected to a certain wireless network or AP.  The ability or not to obtain IP address.  Experiencing poor performance.

20 Architecture of WiFi Profiler Components of WiFi Profiler: Sensing Communication Diagnosis

21 Design and Implementation of WiFiProfiler Sensing : Make local observations of network configurations and health at the individual wireless clients. Communication: Enable peer-to-peer communication among wireless hosts within range Diagnosis: Infer the likely causes of the problems experienced by clients and possible steps for resolution

22 Sensing Mission: Make passive observations of the network health and network configuration information at the individual wireless clients.

23 Sensing Wireless layer Wireless (HW/SW) configuration information (Static Information):  NIC model.  NIC name.  Driver version.

24 ▫Information about Wireless network in the vicinity:  BSSID list: (Basic Service set Identifiers) The list of BSSIDs corresponding to the APs from whom beacons have been heard.  SSID list: (Service Set Identity) Name identifies the network. SSID may have multiple BSSIDs that a client can be associated with.  RSSI list: Received signal of the BSSID. Average RSSI reported. Sensing Wireless Layer

25 Security settings information:  Security protocol:  WEP/WPA key used for authentication or/and encryption.  To avoid exposing the key, only one–way hashing of this information is shared. Sensing Wireless Layer

26 Information about the state of the wireless channel:  Beacon loss rate:  Based on the number of beacon frames that are not received at a client.  Loss rate of client broadcast UDP beacons (since some drivers do not compute BLR ).  Interface queue length:  Sampling the packet queue length at the wireless interface on a continual basis.  Indicator of the wireless congestion.

27 Sensing Network layer: Dynamic Information concerns:  IP address/subnet/mask: the IP address, subnet, and netmask corresponding to the wireless interface.  IP mode: whether the client’s IP address is assigned statically or obtained dynamically using DHCP.  DHCP information: the IP address of the DHCP server that lease the address and when the lease happened.  LDNS information: the IP address(es) of the local DNS server(s).

28 Transport layer: Learn about the E2E network connectivity over the wide-area network that can be affected by firewalls, congestion/disconnection of the WAN link. Information obtained (Dynamic Information):  Failed connection attempts: Number of connection and failed attempts.  Packet retransmission: Number of retransmitted TCP segments.  Server port numbers with successful TCP connections: Successful connection on a certain server port numbers (if not, firewall might blocking access). Sensing

29 Protocol state example: Sensing Start Establ ished Time -wait Successful Connection Start SYN- SEN T Establ ished Time -wait Connection failed Start SYN- SEN T Establ ished Time -wait time- out SYN-ACK Port blocking

30 Application layer: Configuration information related to the wireless communication.  Web proxy setting: HTTP proxy has been used??  Host name.  Port number. Sensing

31 Summarizing Sensing Information: Needed to reduce the overhead of sharing with peers. ▫Configuration information (NIC type, …etc):  Values from the recent snapshots. ▫Dynamic information:  Compute aggregate (average or threshold) metric over: ▫60 seconds for wireless-related information. ▫300 seconds for TCP-related information.  BSSID list, SSID list: ▫Union of the distinct values of the sets. Sensing

32 Enables wireless client having problems “requester” to obtain information from its peers “responders”. Challenges observed: ▫Requester and responders are not in the same network. ▫Requester is disconnected. Requires responder to disconnect from its current network. WiFiProfiler framework enables exchanging information without the need of disconnecting the responder from its network. Key observation: ▫Disconnected node can initiate AH network with the responders. ▫Responder can connect to the requester’s AH without disconnecting from its network. Communication Can be accomplished using two NICs or virtualWiFi

33 Each client using WiFiProfiler has two adapters: ▫Primary adapter:  Used for its normal communication. ▫Helper adapter:  Used to exchange information with peers. Communication

34 Communication protocol Communication Initialize Requester: The client activates the helper network adapter

35 Communication protocol Communication Start AH Network: Started over the helper network adapter, with the appropriate SSID and IP address.

36 Communication protocol Communication Initialize Responder: Parses the SSID field to see if it corresponds to a requester. If so, it activates its helper adapter.

37 Communication protocol Communication Join Network, Send Response: Sets up a socket connection with the corresponding IP address and Port# Then, start sending information to the requester.

38 Communication protocol Communication Stop Responder: After sending responses Closes socket connection. Stops the helper adapter.

39 Communication protocol Communication Stop Requester: After sufficient number of responses Shuts down socket. Stops the helper adapter.

40 Communication protocol steps using VirtualWiFi: ▫Requester activates its helper adapter and configures it with the help SSID. ▫The responder after detecting “Help” request, it activates its helper adapter. ▫VirtualWiFi switches the physical card across the primary and helper adapter. ▫Responder stops VirtualWiFi (unbind helper adapter after sending responses). ▫Requester activates its primary adapter to stop the AH network. Complete within a few milliseconds. Communication

41 Communication protocol steps using two NICs: ▫WiFiProfiler assigns static IP address to the helper adapter. ▫Requester activates its helper adapter. ▫Primary adapter scans the channels for the requester’s beacons. ▫Responder activates its helper adapter when detecting a requester. ▫The helper adapter scans the channels to locate the requester’s network. ▫Responder joins AH network.. ▫The responder disables its helper adapter after sending responses. Communication

42 Optimization to keep the overhead on the responder low: ▫Summarizing the sensing information in 1200bytes to fit into a single packet (keep the protocol as simple as possible). ▫Using UDP for the responses giving the responder the ability to send single packet and then leave the AH network. ▫Limit the responding rate for help to provide protection from malicious users. ▫Responders wait for a random time before joining the AH network and responding (useful in the case of large number of potential responders). ▫Responders can cache recently sent responses to send it to current requesters. Communication

43 Based on the information gathered from the peer nodes. Inability to detect an AP: Reasons: No AP in its vicinity. Beacons are not detected at the current location. HW/SW incompatibility between the client and AP. Client wireless NIC is not working. Diagnosis

44 Diagnosing steps:  If the client does not hear from any peers it is because: No WiFiProfiler-enabled in its vicinity. NIC is not working.  If a peer with the same NIC type and driver version is able to receive beacons client current location is the cause.  If all the peers has the same NIC type but different driver version NIC driver version or client current location is the cause.  If all the peers have different NIC types. client NIC type, NIC driver version, or current location is the cause. Resolution of the problem: User action: changing NICs, installing a new driver, or changing location. Diagnosis Inability to detect AP

45 Inability to associate with AP: Reasons: AP uses security mechanisms like MAC filtering, WEP, WPA. Weak wireless link at the client’s current location. Incompatibility between the NIC type or driver and the AP hardware. AP malfunction. Diagnosis

46 Diagnosing steps:  Client authentication configurations does not match the successfully associated peers (incorrect key) configuration information missing/wrong.  Client has higher BLR/has lower RSSI than its successfully associated peers weak link due to client current location.  If a peer with the same NIC type and driver version is able to associate MAC filtering is applied at the AP. Resolution of the problem: User action: changing authentication key/passphrase, location, NICs, or installing a new driver. Operator action: adding NIC MAC address to the MAC filter list. Diagnosis Inability to associate with AP

47 Inability to obtain IP address: Reasons: Incorrect WEP key that prevents communication with AP. AP hardware malfunctioning or disconnections that prevents the AP from communicating with DHCP server. DHCP is down or out of addresses and is not responding to the requests. Diagnosis

48 Diagnosing steps:  Client WEP encryption key does not match its successfully associated peers configuration information missing/wrong.  One or more peer is successfully associated but did not obtain IP address DHCP server or general connectivity problems.  If at least one peer established successful wide-are communication. Failure or address exhaustion at the DHCP. Resolution of the problem: User action: changing authentication key/passphrase, location, NICs, or installing a new driver. Operator action: resolve DHCP server problem or hardware disconnection problem. Diagnosis Inability to obtain IP address

49 End-to-End Communication Failure: Reasons:  DNS resolution failure:  Incorrect local DNS server setting.  LDNS server is down or unreachable.  General problem with DNS that is not specific to local wireless network.  E2E connectivity problems.  Incorrect application proxy setting.  Application proxy is down or disconnected.  Firewall blocking access.  Connectivity problem between the wireless LAN and the wide- area network. Diagnosis

50 DNS resolution Failure: Diagnosing steps:  If a peer with a different LDNS setting reports a high success rate while no peer with the same LDNS setting reports it. incorrect LDNS server setting  All peers report a high failure rate for DNS resolution, with no response from the server. LDNS server is down or unreachable.  Otherwise, general DNS problem. Misconfiguration or WAN connectivity issues. Resolution of the problem: User action: changing the client’s LDNS setting. Otherwise, operator intervention needed. Diagnosis E2E communication failure

51 E2E connectivity problem: Diagnosing steps:  If the client and its peers have failure communication on certain ports and successful on others. firewall blocking communication (port-based).  If one peer has successful communication on a problematic port of the server. unreachable remote host or firewall blocking based on other criteria.  No peer reports successful E2E communication. connectivity problem between WLAN and wide-are network. Resolution of the problem: User action: changing proxy setting. Otherwise, operator intervention needed. Diagnosis E2E communication failure

52 Poor performance: Reasons:  Client’s weak wireless link.  Wireless medium is congested.  WAN problem (congestion or routing problem). Diagnosis

53 Diagnosing steps:  If the client’s number of beacons is a lot lower than the highest value reported. weak wireless link to the client.  If more than one peer reports persistent queuing but weak wireless network. wireless medium is congested Resolution of the problem: User action: changing location or switching to a less congested AP or network. Otherwise, operator intervention needed. Diagnosis poor performance

54 Problems can evolve Possibility of conflicting information. For example, two peers with identical NIC type and driver version. One report association success and the other failure. These two will be ruled out by the requester.

55 Evaluation Evaluation of sensing Sensing the quality of the wireless link: ▫Examine the relationship between RSSI and BLR:  Place a client at 6 different locations at increasing distance from AP.  Notice that BLR exceeds 5% when the RSSI is less than -80dBm. - 80 dBm can be a threshold for the lossiness of the wireless link

56 Evaluation Evaluation of sensing Sensing the quality of the wireless link: ▫TCP throughput:  Throughput drops when the BLR exceeds 5%  Consistent with the threshold concluded that indicates the lossy of the wireless link.

57 Evaluation Evaluation of sensing Overhead of sensing: ▫Sensing is ongoing process on WiFiProfiler (to reduce diagnosis latency). So, low overhead (in terms of CPU and network performance) is critical.  WiFiProfiler sensing component uses under 1% of the CPU even on 1.33 GHz).  No measurable network performance.

58 Evaluation Evaluation of communication Impact of Providing Help on the Responder: ▫Case Study: Responder is in the middle of downloading something (worst case). How does providing help affect the time of downloading? Studying the impact in three different cases:  Responder uses two NICs (downloaded time unaffected).  Responder uses virtualWiFi and the AP implements 802.11 PSM, to ensure no packet loss when switching (longer delay).  Responder uses virtualWiFi but AP does not implement PSM(longest delay). The delay on the download time:  500 ms for small downloads.  2-3 seconds for large downloads.

59 Evaluation Evaluation of communication End-to-End latency of the Comm. Protocol: Time taken at each of the protocol steps:  Initializing and stopping the requester requires enabling and disabling the helper adapter (few seconds).  Time responder takes to detect the requester AH network (18 seconds).  Time responder takes to enable its helper adapter(5seconds).  Time taken by helper adapter to scan the requester AH network, by the responder to join the AH, and by responder and requester to initialize their network stacks (32 seconds).

60 Evaluation Evaluation of communication Best results (less time taken), when both requester and responder use VirtualWiFi. Still the biggest overhead is the time to receive data.

61 Evaluation Evaluation of diagnosing The faults and how WiFiProfiler was able to diagnose them. Faults:  No beacon.  MAC filtering.  Incorrect WEP key for authentication/encryption.  DHCP problem.  Port blocking.  Wireless congestion. They claim that WiFiProfiler is effective in giving the right diagnosis in less than 40 seconds. Even in the situation of multiple simultaneous problems.

62 Security Issues DoS attacks: By clients pretending to be in trouble: ▫Limiting the frequency a client will help its peers. By clients misleading their peers by reporting fake information: ▫Reporting diagnosis based on information collected by large number of peers. Leaking sensitive information: ▫One-way hash of the key to protect against revealing WEP key. ▫future work: try to share the bare minimum information needed.

Download ppt "WiFi Profiler: Cooperative Diagnosis in Wireless LAN Ayah Zirikly."

Similar presentations

IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE 802.11 Networks Using a Single Wireless Card.

IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE Networks Using a Single Wireless Card.
Introduction to TCP/IP

Introduction to TCP/IP
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
“All your layer are belong to us” Rogue 802.11 APs, DHCP/DNS Servers, and Fake Service Traps.

“All your layer are belong to us” Rogue APs, DHCP/DNS Servers, and Fake Service Traps.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.

LANs and WANs. 2 Chapter Contents Section A: Network Building Blocks Section B: Wired Networks Section C: Wireless Networks Section D: Using LANs Section.
Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 5 Network Security.
Subnetting.

Subnetting.
5-1 Data Link Layer r Today, we will study the data link layer… r This is the last layer in the network protocol stack we will study in this class…

5-1 Data Link Layer r Today, we will study the data link layer… r This is the last layer in the network protocol stack we will study in this class…
CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino

CCNA Exploration Semester 3 Modified by Profs. Ward and Cappellino
Www.planet.com.tw Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design 2006.9.28 Copyright © PLANET Technology.

Mesh Network Technical Guide for the Mesh AP Topic 2 Installation Knowledge / Network Design Copyright © PLANET Technology.
1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.

1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.
Andrew Fuqua 3/4/2015 LTEC 4550. A network HUB is a device that is used to link multiple devices over a network. The HUB is not a great choice when shopping.

Andrew Fuqua 3/4/2015 LTEC A network HUB is a device that is used to link multiple devices over a network. The HUB is not a great choice when shopping.
Www.ciscopress.com Copyright 2003 CCNA 1 Chapter 7 TCP/IP Protocol Suite and IP Addressing By Your Name.

Copyright 2003 CCNA 1 Chapter 7 TCP/IP Protocol Suite and IP Addressing By Your Name.
1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.

1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.
 An electrical device that sends or receives radio or television signals through electromagnetic waves.

 An electrical device that sends or receives radio or television signals through electromagnetic waves.
195Eg Ethernet Wired LAN 195Eg. Wireless Ethernet Setting IP Address Using Utility Programs Begin Programming Definition Selection Programming Modes of.

195Eg Ethernet Wired LAN 195Eg. Wireless Ethernet Setting IP Address Using Utility Programs Begin Programming Definition Selection Programming Modes of.
Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.

Network Services Lesson 6. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Setting up common networking services Understanding.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Similar presentations

Ads by Google