Presentation is loading. Please wait.

Presentation is loading. Please wait.

Written by Yu-Chung Cheng, John Bellardo, Peter Benko, Alex C. Snoeren, Geoffrey M. Voelker and Stefan Savage Written by Yu-Chung Cheng, John Bellardo,

Published byMeghan Carroll Modified over 8 years ago

Similar presentations

Presentation on theme: "Written by Yu-Chung Cheng, John Bellardo, Peter Benko, Alex C. Snoeren, Geoffrey M. Voelker and Stefan Savage Written by Yu-Chung Cheng, John Bellardo,"— Presentation transcript:

1 Written by Yu-Chung Cheng, John Bellardo, Peter Benko, Alex C. Snoeren, Geoffrey M. Voelker and Stefan Savage Written by Yu-Chung Cheng, John Bellardo, Peter Benko, Alex C. Snoeren, Geoffrey M. Voelker and Stefan Savage Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Analysis by Carlos Troncoso CS388 Wireless Security Analysis by Carlos Troncoso CS388 Wireless Security

2 February 28, 2008 Common problems in production Wireless Networks  Conflicts with nearby wireless devices  Bad AP channel assignments  Microwave ovens interference  Bad interaction between TCP and 802.11  Rogue access points interference  Poor choice of APs (weak signal)  Incompatible user software/hardware  Conflicts with nearby wireless devices  Bad AP channel assignments  Microwave ovens interference  Bad interaction between TCP and 802.11  Rogue access points interference  Poor choice of APs (weak signal)  Incompatible user software/hardware

3 February 28, 2008 Sounds Familiar? Helpdesk receives a phone call…  User: “…my Internet connection is flaky… ”  Support: “What happened?…”  User: “Well Internet got disconnected and now it is very slow…”  Support:“OK, let me check here…”  User: “Wait!..wait…it’s working now….” Helpdesk receives a phone call…  User: “…my Internet connection is flaky… ”  Support: “What happened?…”  User: “Well Internet got disconnected and now it is very slow…”  Support:“OK, let me check here…”  User: “Wait!..wait…it’s working now….”

4 February 28, 2008 Goal of Jigsaw To develop a deeper understanding of the dynamics and interactions in production wireless networks by reconstructing their behavior in its entirety.

5 February 28, 2008 Jigsaw Provides a single, unified view of all physical, link, network, and transport-layer activity on a 802.11 production network.

6 February 28, 2008 Wireless traffic measure challenges:  Ambient environmental interference  Sender’s transmit power  Distance to the receiver  Strength of any simultaneous transmissions on nearby channels heard by the same receiver  MAC (Media Access Control) protocol  Traffic is based on TCP protocol that carries a set of complex dynamics  Ambient environmental interference  Sender’s transmit power  Distance to the receiver  Strength of any simultaneous transmissions on nearby channels heard by the same receiver  MAC (Media Access Control) protocol  Traffic is based on TCP protocol that carries a set of complex dynamics

7 February 28, 2008 Methodology  Large-scale monitoring infrastructure deploying hundreds of radio monitors to gather traffic activity over the Wireless network (covering around 1million cubic feet)  These monitors feed the centralized system Jigsaw to produce a precise global picture of the network activity.  Large-scale monitoring infrastructure deploying hundreds of radio monitors to gather traffic activity over the Wireless network (covering around 1million cubic feet)  These monitors feed the centralized system Jigsaw to produce a precise global picture of the network activity.

8 February 28, 2008 Methodology (continued)  Large-scale Synchronization: achieved through a passive algorithm that synchronizes the hundreds of simultaneous traces  Frame Unification: achieved by combining and merging duplicate traces to construct a single trace  Multi-Layer Reconstruction: achieved by reconstructing raw frame data into a complete trace with all link and transport-layer conversations.  Large-scale Synchronization: achieved through a passive algorithm that synchronizes the hundreds of simultaneous traces  Frame Unification: achieved by combining and merging duplicate traces to construct a single trace  Multi-Layer Reconstruction: achieved by reconstructing raw frame data into a complete trace with all link and transport-layer conversations.

9 February 28, 2008 Media Access Control  802.11 protocol uses the CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) to schedule and retry transmissions  CSMA/CA has the hidden node problem  802.11 protocol uses the CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) to schedule and retry transmissions  CSMA/CA has the hidden node problem

10 February 28, 2008 Hidden Node problem  Creates co-channel interference from other transmitters  Finding:  CSMA/CA uses special RTS/CTS (Request to Send/Clear to Send) frames to handle this problem  Hidden nodes are handled by Jigsaw (with exceptions)  Creates co-channel interference from other transmitters  Finding:  CSMA/CA uses special RTS/CTS (Request to Send/Clear to Send) frames to handle this problem  Hidden nodes are handled by Jigsaw (with exceptions) A Laptop B A sends data and Laptop sends an ACK Hidden Node: A sends data, Laptop‘s reception is interfered by B ?

11 February 28, 2008 Previous Related Work  Researches measured traffic using less monitoring nodes  Previous efforts focused on separate channels, or focused on small number of traces  The Jigsaw approach focuses on large-scale online monitoring and complete multi-layer reconstruction.  Researches measured traffic using less monitoring nodes  Previous efforts focused on separate channels, or focused on small number of traces  The Jigsaw approach focuses on large-scale online monitoring and complete multi-layer reconstruction.

12 February 28, 2008 Data Collection  Environment  Hardware  Software  Environment  Hardware  Software Department of Computer Science and Engineering University of California, San Diego

13 February 28, 2008 Environment  Study was done at the University’s CS building  4 story building  500 users with 10 to 100 active client connections  Study was done at the University’s CS building  4 story building  500 users with 10 to 100 active client connections

14 February 28, 2008 Hardware  2.8 GHz Pentium Server with 2 TB of Storage  40 sensor pods used for wireless infrastructure  4 radios in each sensor pod to capture all channels, timestamp, errors, etc.  2.8 GHz Pentium Server with 2 TB of Storage  40 sensor pods used for wireless infrastructure  4 radios in each sensor pod to capture all channels, timestamp, errors, etc.

15 February 28, 2008 Software  Pebble Linux and MadWifi driver for each monitor  Driver modified to capture even corrupted frames and physical errors  Jigdump application to manage data capture  Pebble Linux and MadWifi driver for each monitor  Driver modified to capture even corrupted frames and physical errors  Jigdump application to manage data capture

16 February 28, 2008 Trace Merging Trace merging is necessary to produce a coherent description of combined traces.

17 February 28, 2008 Trace Merging Requirements  Synchronization: monitors timestamps by properly synchronizing all frames to a common reference time  Unification: minimizes duplicate traces  Efficiency: trace merging executes faster than real time radios  Synchronization: monitors timestamps by properly synchronizing all frames to a common reference time  Unification: minimizes duplicate traces  Efficiency: trace merging executes faster than real time radios

18 February 28, 2008 Bootstrap synchronization  Method finds set of reference points to synchronize the radios  All clocks run at the same rate and Jigsaw system places each frame into a universal time by adjusting its timestamp  Methodology allows frames on one channel to be related to timestamps on another  Method finds set of reference points to synchronize the radios  All clocks run at the same rate and Jigsaw system places each frame into a universal time by adjusting its timestamp  Methodology allows frames on one channel to be related to timestamps on another

19 February 28, 2008 Unification After bootstrap synchronization, Jigsaw processes traces by time and unifies duplicate frames (instances) into single data structures called jframes

20 February 28, 2008 Jigsaw trace: jframe Monitors Time Received frames Received, with error Corrupted data Traces synchronized

21 February 28, 2008 Unification (continued)  Basic unification: a linear scan is performed to group instances with the same timestamp  Clock adjustment: because radio clock’s skew over time, jigsaw takes advantage of the unification method and resynchronizes each trace  Managing skew and drift: if sensors do not detect frames in common, then jigsaw relies in the local clock of the radio sensor to assign a timestamp  Basic unification: a linear scan is performed to group instances with the same timestamp  Clock adjustment: because radio clock’s skew over time, jigsaw takes advantage of the unification method and resynchronizes each trace  Managing skew and drift: if sensors do not detect frames in common, then jigsaw relies in the local clock of the radio sensor to assign a timestamp

22 February 28, 2008 Link and transport reconstruction After constructing a global view of the physical events, the next step is to reconstruct the link and transport layer traffic.

23 February 28, 2008 Link-Layer inference L2  Jigsaw identifies each transmission attempt from the sender and records subsequent responses  MAC address are used to group frames to check whether transmission requests are being delivered successfully or not  Jigsaw uses frame sequence number to reference groups of frames, but also deduces the presence of missing frames based on subsequent behavior of sender and receiver  Jigsaw identifies each transmission attempt from the sender and records subsequent responses  MAC address are used to group frames to check whether transmission requests are being delivered successfully or not  Jigsaw uses frame sequence number to reference groups of frames, but also deduces the presence of missing frames based on subsequent behavior of sender and receiver

24 February 28, 2008 Transport inference L4  The transport analysis takes frame exchanges as input and reconstructs TCP flows based on the packet headers  By capturing TCP ACKs, Jigsaw can record even the omitted frames shown in the packet  The transport analysis takes frame exchanges as input and reconstructs TCP flows based on the packet headers  By capturing TCP ACKs, Jigsaw can record even the omitted frames shown in the packet

25 February 28, 2008 Coverage  Obtaining effective coverage for all transmissions is an evident challenge  Monitors need to be precisely placed and properly configured to capture ALL data  97% of traffic was covered in this Jigsaw implementation  Obtaining effective coverage for all transmissions is an evident challenge  Monitors need to be precisely placed and properly configured to capture ALL data  97% of traffic was covered in this Jigsaw implementation

26 February 28, 2008 Analysis Global perspective provided by the distributed monitors  Trace summary  Interference  802.11g protection mode  TCP loss rate inference Global perspective provided by the distributed monitors  Trace summary  Interference  802.11g protection mode  TCP loss rate inference

27 February 28, 2008 Trace Summary  High level characteristics of trace by collecting traffic from active APs  Average of three observations made for every frame in the network  Finding: management traffic (beacon, ARP) consumes 10% of the channel at a given time  High level characteristics of trace by collecting traffic from active APs  Average of three observations made for every frame in the network  Finding: management traffic (beacon, ARP) consumes 10% of the channel at a given time

28 February 28, 2008 Interference Simultaneous transmission that causes frame loss Red color shows an example of physical interference caused by a Microwave oven Instantly detects and tags interference

29 February 28, 2008 802.11g Protection mode  Protection policy is extremely conservative  Reduces performance  Should only be used when 802.11b is present  Protection policy is extremely conservative  Reduces performance  Should only be used when 802.11b is present

30 February 28, 2008 TCP loss rate inference  The TCP reconstruction algorithm is used to assemble all flows that complete a handshake.  TCP loss is dominant over physical traffic  The TCP reconstruction algorithm is used to assemble all flows that complete a handshake.  TCP loss is dominant over physical traffic

31 February 28, 2008 Present  Jigsaw is an attempt to attain a high level of detailed analysis  Jigsaw unifies traces from multiple passive wireless monitors to reconstruct a global view of network activity  Jigsaw is only the building block to answer the questions  Why is the network malfunctioning?  How do I fix it?  Jigsaw is an attempt to attain a high level of detailed analysis  Jigsaw unifies traces from multiple passive wireless monitors to reconstruct a global view of network activity  Jigsaw is only the building block to answer the questions  Why is the network malfunctioning?  How do I fix it?

32 February 28, 2008 Future  Real-time system for automated detection and evaluation of poor network performance  Identifies problem flows and isolates potential causes of poor performance  Real-time system for automated detection and evaluation of poor network performance  Identifies problem flows and isolates potential causes of poor performance

33 February 28, 2008 Questions?

Download ppt "Written by Yu-Chung Cheng, John Bellardo, Peter Benko, Alex C. Snoeren, Geoffrey M. Voelker and Stefan Savage Written by Yu-Chung Cheng, John Bellardo,"

Similar presentations

* Distributed Algorithms in Multi-channel Wireless Ad Hoc Networks under the SINR Model Dongxiao Yu Department of Computer Science The University of Hong.

* Distributed Algorithms in Multi-channel Wireless Ad Hoc Networks under the SINR Model Dongxiao Yu Department of Computer Science The University of Hong.
Hidden Terminal Problem and Exposed Terminal Problem in Wireless MAC Protocols.

Hidden Terminal Problem and Exposed Terminal Problem in Wireless MAC Protocols.
Chapter 7: Transport Layer

Chapter 7: Transport Layer
© Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS591 – Wireless & Network Security.

© Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS591 – Wireless & Network Security.
1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.

1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.
Department of Computer Engineering University of California at Santa Cruz Networking Systems (1) Hai Tao.

Department of Computer Engineering University of California at Santa Cruz Networking Systems (1) Hai Tao.
Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.

Networking Theory (Part 1). Introduction Overview of the basic concepts of networking Also discusses essential topics of networking theory.
OSI Model.

OSI Model.
Ethernet: CSMA/CD (Carrier Sense Multiple Access with Collision Detection) Access method: method of controlling how network nodes access communications.

Ethernet: CSMA/CD (Carrier Sense Multiple Access with Collision Detection) Access method: method of controlling how network nodes access communications.
20 – Collision Avoidance, 802.11 6: Wireless and Mobile Networks6-1.

20 – Collision Avoidance, : Wireless and Mobile Networks6-1.
11 Diagnosing and improving 802.11 Wireless Networks Patrick Verkaik Mikhail Afanasyev Yuvraj Agarwal Yu-Chung Cheng Stefan Savage Alex C. Snoeren Geoffrey.

11 Diagnosing and improving Wireless Networks Patrick Verkaik Mikhail Afanasyev Yuvraj Agarwal Yu-Chung Cheng Stefan Savage Alex C. Snoeren Geoffrey.
CMPE 80N - Introduction to Networks and the Internet 1 CMPE 80N Winter 2004 Lecture 9 Introduction to Networks and the Internet.

CMPE 80N - Introduction to Networks and the Internet 1 CMPE 80N Winter 2004 Lecture 9 Introduction to Networks and the Internet.
6: Wireless and Mobile Networks6-1 Chapter 6: Wireless and Mobile Networks Background: r # wireless (mobile) phone subscribers now exceeds # wired phone.

6: Wireless and Mobile Networks6-1 Chapter 6: Wireless and Mobile Networks Background: r # wireless (mobile) phone subscribers now exceeds # wired phone.
1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may be stationary (non- mobile) or.

1 Elements of a wireless network network infrastructure wireless hosts r laptop, PDA, IP phone r run applications r may be stationary (non- mobile) or.
11 Automating Cross-Layer Diagnosis of Enterprise 802.11 Wireless Networks Yu-Chung Cheng Mikhail Afanasyev Patrick Verkaik Jennifer Chiang Alex C. Snoeren.

11 Automating Cross-Layer Diagnosis of Enterprise Wireless Networks Yu-Chung Cheng Mikhail Afanasyev Patrick Verkaik Jennifer Chiang Alex C. Snoeren.
1. 2 Enterprise WLAN setting 2 Vivek Shrivastava Wireless controller Access Point Clients Internet NSDI 2011.

1. 2 Enterprise WLAN setting 2 Vivek Shrivastava Wireless controller Access Point Clients Internet NSDI 2011.
802.11 MAC Protocol By Ervin Kulenica & Chien Pham.

MAC Protocol By Ervin Kulenica & Chien Pham.
5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.

5-1 Data Link Layer r What is Data Link Layer? r Wireless Networks m Wi-Fi (Wireless LAN) r Comparison with Ethernet.
Jigsaw: Solving the Puzzle of Enterprise 802.11 Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.

Jigsaw: Solving the Puzzle of Enterprise Analysis Yu-Chung Cheng John Bellardo, Peter Benko, Alex C. Snoeren, Geoff Voelker, Stefan Savage.
1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.

1 Computer Networks Course: CIS 3003 Fundamental of Information Technology.

Similar presentations

Ads by Google