4 IEEE 802.11 Linux Wireless LAN card PC (Bridge) NAT (Network
Address Translation) Access Point (AP) PC (WEP) Access Point
Slide 5
5 Linux OS 2.6 Public IP address
Slide 6
6 Outline WLAN WEP NAT iptables DHCP Bridge
Slide 7
7 -WLAN Stimulated by availability of unlicensed spectrum U.S.
Industrial, Scientific, Medical (ISM) bands 902-928 MHz,
2.400-2.4835 GHz, 5.725-5.850 GHz IEEE 802 Family Tree
Slide 8
8 -WLAN IEEE 802.11 Standards
Slide 9
9 -WLAN Nomenclature Distribution System: a logical component
of 802.11 used to forward frames to their destinations Access
Points: perform the wireless-to-wired bridging function Wireless
Medium Stations
Slide 10
10 -WLAN Basic Service Set (BSS) Group of stations that
coordinate their access using a given instance of MAC Located in a
Basic Service Area (BSA) Stations in BSS can communicate with each
other Distinct collocated BSSs can coexist
Slide 11
11 -WLAN Types of Networks Independent networks (indep. basic
service set, IBSS), also known as ad hoc networks. Infrastructure
networks
Slide 12
12 -WLAN Infrastructure BSS Two advantages for infrastructure
networks The mobile stations need not to maintain neighbor
relationships. Access points assist with stations attempting to
save power In an infrastructure network, stations must associate
with an AP to obtain network services. (equivalent to plug in the
network cable)
Slide 13
13 -WLAN Extended Service Set An extended service set (ESS) is
created by chaining BSSs together with a backbone network (or
distribution System, DS) All the access points in an ESS are given
the same service set identifier (SSID), which serves as a network
"name" for the users
Slide 14
14 -WLAN
Slide 15
15 -WLAN For stations in an ESS to communicate with each other,
the wireless medium must act like a single layer 2 connection.
Access points act as bridges, so direct communication between
stations in an ESS requires that the backbone network also look
like a layer 2 connection
Slide 16
16 -WLAN Distribution System The distribution system is
responsible for tracking where a station is physically located and
delivering frames appropriately. The backbone Ethernet is the
distribution system medium, but it is not the entire distribution
system.
Slide 17
17 -WLAN The distribution system is composed of the bridging
engine plus the wired backbone network Every frame sent by a mobile
station in an infrastructure network must use the distribution
system.
Slide 18
18 -WLAN Overlapping Network Types
Slide 19
19 -WLAN 802.11 Network Operations 802.11 is sometimes referred
to as "wireless Ethernet Stations are identified by 48-bit IEEE 802
MAC addresses. Conceptually, frames are delivered based on the MAC
address. Frame delivery is unreliable, though 802.11 incorporates
some basic reliability mechanisms to overcome the inherently poor
qualities of the radio channels it uses
Slide 20
20 -WLAN Physical Carrier Sensing Analyze all detected frames
Monitor relative signal strength from other sources Virtual Carrier
Sensing at MAC sublayer Source stations informs other stations of
transmission time (in msec) for an MPDU (MAC PDU) Carried in
Duration field of RTS & CTS & DATA Stations adjust Network
Allocation Vector to indicate when channel will become idle Channel
busy if either sensing is busy
Slide 21
21 -WLAN Distributed Coordination Function (DCF) provides basic
access service Asynchronous best-effort data transfer All stations
contend for access to medium CSMA-CA Ready stations wait for
completion of transmission All stations must wait Interframe Space
(IFS) DIFS PIFS SIFS Contention window Next frame Defer access Wait
for reattempt time Time Busy medium
Slide 22
22 -WLAN Frame Structure MAC Header: 30 bytes Frame Body:
0-2312 bytes CRC: CCITT-32 4 bytes CRC over MAC header & frame
body Address 2 Frame Control Duration/ ID Address 1 Address 3
Sequence control Address 4 Frame body CRC 22666260-23124 MAC header
(bytes)
Slide 23
23 -WLAN Frame Control (1) Protocol version = 0 Type:
Management (00), Control (01), Data (10) Subtype within frame type
Type=00, subtype=association; Type=01, subtype=ACK MoreFrag=1 if
another fragment of MSDU to follow Address 2 Frame Control
Duration/ ID Address 1 Address 3 Sequence control Address 4 Frame
body CRC Protocol version TypeSubtype To DS From DS More frag Retry
Pwr mgt More data WEPRsvd 22666260-23124 2 2 MAC header (bytes)
411111111
Slide 24
24 -WLAN Frame Control (2) Retry=1 if mgmt/control frame is a
retransmission Power Management to put station in/out of sleep mode
More Data =1 to tell station in power-save mode more data buffered
for it at AP WEP=1 if frame body encrypted Address 2 Frame Control
Duration/ ID Address 1 Address 3 Sequence control Address 4 Frame
body CRC Protocol version TypeSubtype To DS From DS More frag Retry
Pwr mgt More data WEPRsvd 22666260-23124 2 2 MAC header (bytes)
411111111
Slide 25
25 Outline WLAN WEP NAT iptables DHCP Bridge
Slide 26
26 -WEP WEP: Wired Equivalent Privacy WEP requires the use of
the RC4 cipher (stream cipher) Generic Stream Cipher Operation
Slide 27
27 -WEP Most stream ciphers operate by taking a relatively
short secret key and expanding it into a pseudorandom keystream the
same length as the message. The pseudorandom random number
generator (PRNG) is a set of rules used to expand the key into a
keystream.
Slide 28
28 -WEP WEP Data Processing
Slide 29
29 -WEP WEP Framing IV header: 24-bit IV pad =0 key id
identifies the default key that was used to encrypt the frame. up
to 4 default keys ICV: a 32-bit CRC of the data frame.
Slide 30
30 -WEP Key Distribution The WEP key must be distributed to all
stations. Typically you type keys into your device drivers or AP by
hand. Key cannot be considered secret If keys are accessible to
user, then all keys must be changed whenever staff members leave
the organization. Publish the key In Aug. 2001, S Fluhrer, I.
Mantin, & A. Shamir describe a theoretical attack on WEP.
Slide 31
31 Outline WLAN WEP NAT iptables DHCP Bridge
Slide 32
32 -NAT Class A, B, and C addresses have been set aside for use
within private internets Packets with private (unregistered)
addresses are discarded by routers in the global Internet NAT (RFC
1631): method for mapping packets from hosts in private internets
into packets that can traverse the Internet A device (computer,
router, firewall) acts as an agent between a private network and a
public network A number of hosts can share a limited number of
registered IP addresses Static/Dynamic NAT: map unregistered
addresses to registered addresses Overloading: maps multiple
unregistered addresses into a single registered address (e.g. Home
LAN)
Slide 33
33 -NAT Hosts inside private networks generate packets with
private IP address & TCP/UDP port #s NAT maps each private IP
address & port # into shared global IP address & available
port # Translation table allows packets to be routed unambiguously
NAT Device Private Network Public Network 192.168.0.13;w
192.168.0.10;x Address Translation Table: 192.168.0.10; x
128.100.10.15; y 192.168.0.13; w 128.100.10.15; z 128.100.10.15;y
128.100.10.15; z
37 Options -t Iptables mangle nat filter Ip6tables nat Mangle
nat NAT IP filter -A A (Add) D (Delete) -i 1 -s IP 2 IP -d IP 3 IP
-j Target j Jump Target --oif Oif Outgoing Interface ROUTE
Target
Slide 38
38 Outline WLAN WEP NAT iptables DHCP Bridge
Slide 39
39 -DHCP Dynamic Host Configuration Protocol (RFC 2131) BOOTP
(RFC 951, 1542) allows a diskless workstation to be remotely booted
up in a network UDP port 67 (server) & port 68 (client) DHCP
builds on BOOTP to allow servers to deliver configuration
information to a host Used extensively to assign temporary IP
addresses to hosts Allows ISP to maximize usage of their limited IP
addresses
Slide 40
40 -DHCP DHCP Operation Host broadcasts DHCP Discover message
on its physical network Server replies with Offer message (IP
address + configuration information) Host selects one offer and
broadcasts DHCP Request message Server allocates IP address for
lease time T Sends DHCP ACK message with T, and threshold times T1
(=1/2 T) and T2 (=.875T) At T1, host attempts to renew lease by
sending DHCP Request message to original server If no reply by T2,
host broadcasts DHCP Request to any server
43 -Bridge Operation at data link level must deal with
Difference in MAC formats Difference in data rates; buffering;
timers Difference in maximum frame length PHY MAC LLC Network PHY
MAC LLC 802.3 802.11 802.3 802.11 CSMA/CD CSMA/CA
Slide 44
44 -Bridge Bridge/switch vs. router both store-and-forward
devices routers: network layer devices (examine network layer
headers) switches are link layer devices routers maintain routing
tables, implement routing algorithms switches maintain switch
tables, implement filtering, learning algorithms