Wireshark-802-11-Solution-July-22-2007

SolutionstoIEEE802.11WiresharkLabs1.ThetwoaccesspointsthatareissuingmostofthebeaconframeshaveanSSIDof“30MunroeSt”and“linsys_SES_24086”2.ThebeaconintervalforbothaccesspointsinreportedintheBeaconIntervalofthe802.11wirelessLANMagementfraneas.1024seconds(i.e.,justover100milliseconds).Notethatthe30MunroeStAPbeaconframesshowupinthetraceatthisregularity,butthebeaconsfromthelinsys_SES_24086APdonot.3.ThesourceMACaddressonthe30MunroeSt,beaconframeis00:16:b6:f7:1d:514.ThedestinationMACaddressonthe30MunroeSt,beaconframeisff:ff:ff:ff:ff:ff,i.e.,thebroadcastaddress.5.TheMACbssidaddressonthe30MunroeSt,beaconframeis00:16:b6:f7:1d:51.Notethatthisisthesameasforthesourceaddress(sincethisisabeaconframe)6.Thesupportratesare1.0,2.0,5.5,11.0Mbps.Theextendedratesare6.0,9.0,12.0,18.0,24.0,36.0,48.0and54.0Mbps7.TheTCPSYNissentatt=24.811093secondsintothetrace.TheMACaddressforthehostsendingtheTCPSYNis00:13:02:d1:b6:4f.TheMACaddressforthedestination,whichthefirsthoproutertowhichthehostisconnected,is00:16:b6:f4:eb:a8.TheMACaddressfortheBSSis00:16:b6:f7:1d:51.TheIPaddressofthehostsendingtheTCPSYNis192.168.1.109.NotethatthisisaNATedaddress.Thedestinationaddressis128.199.245.12.Thiscorrespondstotheservergaia.cs.umass.edu.ItisimportanttounderstandthatthedestinationMACaddressoftheframecontainingtheSYN,isdifferentfromthedestinationIPaddressoftheIPpacketcontainedwithinthisframe.Makesureyouunderstandthisdistinction!(Ifyou’reabithazyonthis,re-readpages468and469inthe4theditionofthetext).8.TheTCPSYNACKisreceivedatt=24.827751secondsintothetrace.TheMACaddressforthesenderofthe802.11framecontainingtheTCPSYNACKsegmentis00:16:b6:f4:eb:a8,whichisthe1sthoproutertowhichthehostisattached.TheMACaddressforthedestination,whichthehostitself,is91:2a:b0:49:b6:4f.(Curiously,thisisdifferentfromtheMACaddressofthehostusedintheframethatsendstheTCPSYN.Thehostwirelessinterfaceisbehavingasifithastwointerfaceaddresses-interesting!).TheMACaddressfortheBSSis00:16:b6:f7:1d:51.TheIPaddressoftheserversendingtheTCPSYNACKis128.199.245.12(gaia.cs.umass.edu)Thedestinationaddressis192.168.1.109(ourwirelessPC).9.Att=49.583615aDHCPreleaseissentbythehosttotheDHCPserver(whoseIPaddressis192.168.1.1)inthenetworkthatthehostisleaving.Att=49.609617,thehostsendsaDEAUTHENTICATIONframe(Frametype=00[Management],subframetype=12[Deauthentication]).OnemighthaveexpectedtoseeaDISASSOCIATIONrequesttohavebeensent.10.ThefirstAUTHENTICATIONfromthehosttotheAPisatt=49.638857.11.Thehostisrequestingthattheassociationbeopen(byspecifyingAuthenticationAlgorithm:OpenSystem).12.Ican’tfindanyreplyfromtheAP.ThisisprobablybecausetheAPisconfiguredtorequireakeywhenassociatingwiththatAP,sotheAPislikelyignoring(i.e.,notrespondingto)requestsforopenaccess.13.Att=63.168087thereisaAUTHENTICATIONframesentfrom00:13:02:d1:b6:4f(thewirelesshost)to00:16:b7:f7:1d:51(theBSS).Att=63.169071thereisanAUTHENTICANfromsentinthereversedirectionfromtheBSStothewirelesshost.14.Att=63.169910thereisaASSOCIATEREQUESTframesentfrom00:13:02:d1:b6:4f(thewirelesshost)to00:16:b7:f7:1d:51(theBSS).Att=63.192101thereisanASSOCIATERESPONSEfromsentinthereversedirectionfromtheBSStothewirelesshost.15.IntheASSOCIATIONREQUESTframethesupportedratesareadvertisedas1,2,5.5,11,6,9,12,18,24,32,48,and54Mbps.ThesameratesareadvertisedintheASSOCIATIONRESPONSE.16.Att=2.297613thereisaPROBEREQUESTsentwithsource00:12:f0:1f:57:13,destination:ff:ff:ff:ff:ff:ff,andaBSSIDofff:ff:ff:ff:ff:ff.Att=2.300697thereisaPROBERESPONSEsentwithsource:00:16:b6:f7:1d:51,destinationandaBSSIDof00:16:b6:f7:1d:51.APROBEREQUESTisusedbyahostinactivescanningtofindanAccessPoint(seeFigure6.9onpage531inthetext).APROBERESPONSEissentbytheaccesspointtothehostsendingtherequest.