• Home

  • Documents

  • The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see...
16
IT Professional Wi-Fi Trek 2015 #wifitrek The Magic of Analysis Peter Mackenzie CWNE #33 @mackenziewifi

The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

  • Upload
    others

  • View
    5

  • Download
    0

Embed Size (px)

Citation preview

Page 1: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

IT Professional Wi-Fi Trek 2015

#wifitrek

The Magic of AnalysisPeter Mackenzie CWNE #33

@mackenziewifi

Page 2: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

01111000101000101100101010100011101010101010101010101101010101010101010110010101000101

10101000111001001110100011101110101100110100100010101000101010101000101111000101110011

10101010101010001010101010001011101010101010101010101100100100111011000101001011101011

Your Magic Wand

Used correctly, a protocol analyser is

your troubleshooting and analysis

magic wand

Page 3: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

Power and Limitation of a Protocol Analyser

The packets never lie!

Lets you see exactly what is happening on your network

You can only see the packets

If your problem is not manifested in the packets, you will not see it.

For Wi-Fi, a Spectrum Analyser is also a key troubleshooting tool

Sometimes the lack of packets can point you in the right direction

Page 4: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

POS Cross-Chatter – Who’s Talking To Who?

Page 5: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

When to Capture?

Troubleshooting

Protocol analysers shouldn’t only be used as a last resort

Performance Analysis

Baselining

What is normal

Understanding the 802.11 environment

Education

Finding out how things work

Page 6: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

Troubleshooting Methodology

Assume nothing

Talk to the end users experiencing the problem

Observe the problem

A bit like real detective work

Look for leads and then follow them

Page 7: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

Troubleshooting Methodology

Looking for leads

Suspicious protocols, nodes & conversations

Anything abnormal (Know what is normal)

Know your protocol

Baseline

Following leads

Filtering

Select-related

More captures

Page 8: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

Know Your Protocol Wireless and Wired

Page 9: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

Vendor Differences - Example Cisco – Beacon

WMM Parameter Element Motorola/Zebra– Beacon

WMM Information Element

Page 10: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

Performance Analysis

Beacons, Probe Request & Probe

Responses = 92.5% of Total

Retries

Per Channel

Per AP

Per Client

Page 11: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

Capture Before you Write

Can’t I just read the Standard?

Standard vs proprietary

Standard interpretation

Page 12: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

802.11 Power Save

Beacon ACK Data

(more =1)

ACK Data

(more =0)

Sleep PS-

Poll

ACK PS-

Poll

ACK

AP

Client

Page 13: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

Power Save – As Implemented

Page 14: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

Proprietary 802.11n Protection Mechanism

Intel(R) Centrino(R) Ultimate-N 6300 AGN – Power Save

Page 15: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

Win Arguments with Packets

Prove it with a capture

The packets never lie!

Page 16: The Magic of Analysis - Certified Wireless Network ... · The packets never lie! Lets you see exactly what is happening on your network You can only see the packets If your problem

#wifitrek

Questions


The Hive Think Tank: Lightning Network - Payment as Packets

The Hive Think Tank: Lightning Network - Payment as Packets

Technology
The Magic of Analysis · • The packets never lie! –Lets you see exactly what is happening on your network • You can only see the packets –If your problem is not manifested

The Magic of Analysis · • The packets never lie! –Lets you see exactly what is happening on your network • You can only see the packets –If your problem is not manifested

Documents
Technical Climb Webinar...• When enabled, IAPs will generate ARP packets on the wired network to contain wireless attacks using ARP poisoning of rogues. • Here we can see that,

Technical Climb Webinar...• When enabled, IAPs will generate ARP packets on the wired network to contain wireless attacks using ARP poisoning of rogues. • Here we can see that,

Documents
Embracing Wireless Interference : Analog Network Coding · Analog Network Coding Analog Network Coding Supports wireless interference. Nodes are allowed to transmit packets simultaneously

Embracing Wireless Interference : Analog Network Coding · Analog Network Coding Analog Network Coding Supports wireless interference. Nodes are allowed to transmit packets simultaneously

Documents
The Network Layer - Brooklyn Collegeziegler/CIS49.2/NetworkLayer.pdf · The network layer simply accepts packets from its user and attempts to deliver them as isolated units. Packets

The Network Layer - Brooklyn Collegeziegler/CIS49.2/NetworkLayer.pdf · The network layer simply accepts packets from its user and attempts to deliver them as isolated units. Packets

Documents
The SoftPHY Abstraction: from Packets to Symbols in ...wind.lcs.mit.edu/papers/jamieson-disn.pdf · The SoftPHY Abstraction: from Packets to Symbols in Wireless Network Design by

The SoftPHY Abstraction: from Packets to Symbols in ...wind.lcs.mit.edu/papers/jamieson-disn.pdf · The SoftPHY Abstraction: from Packets to Symbols in Wireless Network Design by

Documents
 · YCTP-BO USB 1. Ober: 61 Mó BHYTPeHHVlh (20070329) 1.0. Card ... Manual Not Configured Network Statistics - Total Packets Received Unicast Packets Received

 · YCTP-BO USB 1. Ober: 61 Mó BHYTPeHHVlh (20070329) 1.0. Card ... Manual Not Configured Network Statistics - Total Packets Received Unicast Packets Received

Documents
Millions of Little Minions: Using Packets for Low Latency ...dm/home/papers/jeyakumar:minions.pdf · Millions of Little Minions: Using Packets for Low Latency Network Programming

Millions of Little Minions: Using Packets for Low Latency ...dm/home/papers/jeyakumar:minions.pdf · Millions of Little Minions: Using Packets for Low Latency Network Programming

Documents
Packets Application Softwareliterature.cdn.keysight.com/litweb/pdf/5988-9860EN.pdf · Packets Application software can be used to send and measure traffic over the simulated network

Packets Application Softwareliterature.cdn.keysight.com/litweb/pdf/5988-9860EN.pdf · Packets Application software can be used to send and measure traffic over the simulated network

Documents
CCNA Exploration Network Fundamentals - … networks/Chapter6...CCNA Exploration Network Fundamentals Chapter 06 Addressing the Network –IPv4. 2 6.0.1 Introduction ... for packets

CCNA Exploration Network Fundamentals - … networks/Chapter6...CCNA Exploration Network Fundamentals Chapter 06 Addressing the Network –IPv4. 2 6.0.1 Introduction ... for packets

Documents
TestKingonline - EIUcastle.eiu.edu/~a_illia/MIS4600EH/312-50CEH_QA313.pdfSnort has been used to capture packets on the network. On studying the packets, the penetration tester finds

TestKingonline - EIUcastle.eiu.edu/~a_illia/MIS4600EH/312-50CEH_QA313.pdfSnort has been used to capture packets on the network. On studying the packets, the penetration tester finds

Documents
The SoftPHY Abstraction: from Packets to Symbols in ...inat.lcs.mit.edu/papers/jamieson-disn.pdfThe SoftPHY Abstraction: from Packets to Symbols in Wireless Network Design by Kyle

The SoftPHY Abstraction: from Packets to Symbols in ...inat.lcs.mit.edu/papers/jamieson-disn.pdfThe SoftPHY Abstraction: from Packets to Symbols in Wireless Network Design by Kyle

Documents
Transmitting and Tracking Packets of Data Through The TCP and UDP Network Protocols

Transmitting and Tracking Packets of Data Through The TCP and UDP Network Protocols

Documents
Next-gen Network Telemetry is Within Your Packets: In-band OAM

Next-gen Network Telemetry is Within Your Packets: In-band OAM

Internet
Analysis of Network Packets

Analysis of Network Packets

Documents
Point Protection 111. Check List AAA to the Network Devices Controlling Packets Destined to the Network Devices Config Audits

Point Protection 111. Check List AAA to the Network Devices Controlling Packets Destined to the Network Devices Config Audits

Documents
Analyzing 1.2 Million Network Packets per Second in Real-time

Analyzing 1.2 Million Network Packets per Second in Real-time

Technology
Investigation of DHCP Packets using Wireshark - …research.ijcaonline.org/volume63/number4/pxc3885155.pdf · Investigation of DHCP Packets using Wireshark ... # network 192.168.2.0

Investigation of DHCP Packets using Wireshark - …research.ijcaonline.org/volume63/number4/pxc3885155.pdf · Investigation of DHCP Packets using Wireshark ... # network 192.168.2.0

Documents
Efficient Network Reachability Analysis Using a Succinct ... · data plane, which in turn, is in charge of forwarding ac-tual packets (see Figure 1). The control plane, therefore,

Efficient Network Reachability Analysis Using a Succinct ... · data plane, which in turn, is in charge of forwarding ac-tual packets (see Figure 1). The control plane, therefore,

Documents
Forensic Carving of Network Packets and Associated Data ...old.dfrws.org/2011/proceedings/forensic-carving.pdf · Forensic Carving of Network Packets and Associated Data Structures

Forensic Carving of Network Packets and Associated Data ...old.dfrws.org/2011/proceedings/forensic-carving.pdf · Forensic Carving of Network Packets and Associated Data Structures

Documents
Section 3.1 Describe data packets Explain the role of network interface cards

Section 3.1 Describe data packets Explain the role of network interface cards

Documents
Network and Security: Introduction - KAISTyongdaek/courses/is511/Slides_2017/... · Packet Switching Packets . ... an approach of sending packets to a destination e.g., ... connection

Network and Security: Introduction - KAISTyongdaek/courses/is511/Slides_2017/... · Packet Switching Packets . ... an approach of sending packets to a destination e.g., ... connection

Documents
Network Forensics Networking Basics Collecting Network-Based Evidence (NBE) Collection of Packets using Tools Windows Intrusion UNIX Intrusion

Network Forensics Networking Basics Collecting Network-Based Evidence (NBE) Collection of Packets using Tools Windows Intrusion UNIX Intrusion

Documents
Packet switching network Data is divided into packets. Transfer of information as payload in data packets Packets undergo random delays & possible loss

Packet switching network Data is divided into packets. Transfer of information as payload in data packets Packets undergo random delays & possible loss

Documents
Packets & Photons: The Emerging Two Layer Network

Packets & Photons: The Emerging Two Layer Network

Documents
Network Power Users The Case for Jumbo Packets with WestGrid Examples

Network Power Users The Case for Jumbo Packets with WestGrid Examples

Documents
See how Hosted Voice & Fax over IP makes sense for your ...€¦ · QoS Audio Packets Tagging QoS audio packets tagging monitors the importance of data packets and insures that high

See how Hosted Voice & Fax over IP makes sense for your ...€¦ · QoS Audio Packets Tagging QoS audio packets tagging monitors the importance of data packets and insures that high

Documents
Network Layer Routing - WPIrek/Undergrad_Nets/C04/Network_Layer.pdf · Networks: Routing 2 Network Layer • Concerned with getting packets from source to destination. • The network

Network Layer Routing - WPIrek/Undergrad_Nets/C04/Network_Layer.pdf · Networks: Routing 2 Network Layer • Concerned with getting packets from source to destination. • The network

Documents
1 Part II: Packet Transmission Packets on a Network Packets, Frames, LAN, WAN, Hardware Addresses, Bridges, Switches, Routing and Protocols Fall 2005 Qutaibah

1 Part II: Packet Transmission Packets on a Network Packets, Frames, LAN, WAN, Hardware Addresses, Bridges, Switches, Routing and Protocols Fall 2005 Qutaibah

Documents
Network Programming - cse.chalmers.se · Network message. All information sent over a network is split up into indivisible packets. Packets can be lost and may have to be resent depending

Network Programming - cse.chalmers.se · Network message. All information sent over a network is split up into indivisible packets. Packets can be lost and may have to be resent depending

Documents