- DL manuals
- AirMagnet
- Laptop
- PRG-Laptop 7.0
- Reference Manual
AirMagnet PRG-Laptop 7.0 Reference Manual
Summary of PRG-Laptop 7.0
Page 1
Airmagnet ® laptop wireless lan policy reference guide laptop wireless lan policy reference guide.Book page 1 thursday, january 25, 2007 5:36 pm.
Page 2
© 2002-2007 airmagnet, inc. All rights reserved. Airmagnet laptop wireless lan policy reference guide. This reference guide is furnished under license and may be used or copied only in accordance with the terms specified in the license. The content of this document is for information only and should...
Page 3: Table of Contents
Airmagnet laptop wireless lan policy reference guide table of contents i table of contents part one: security ids/ips .................................................... 1 chapter 1: configuration vulnerabilities ...................................3 ad-hoc station detected.............................
Page 4
Ii table of contents airmagnet laptop wireless lan policy reference guide dos attack: authentication-failure attack ......................................... 41 dos attack: de-authentication broadcast .......................................... 43 dos attack: de-authentication flood ....................
Page 5
Airmagnet laptop wireless lan policy reference guide table of contents iii rogue ap by channel .......................................................................... 91 rogue ap by ieee id (oui)............................................................... 92 rogue ap by mac address (acl) ........
Page 6
Iv table of contents airmagnet laptop wireless lan policy reference guide part two: performance violation ..................................... 129 chapter 6: channel or device overload .................................131 ap association capacity full....................................................
Page 7
Airmagnet laptop wireless lan policy reference guide table of contents v excessive roaming detected on wireless phones........................................... 163 power save dtim not optimized for voice traffic ....................................... 167 vowlan multicast traffic detected ...........
Page 8
Vi table of contents airmagnet laptop wireless lan policy reference guide laptop wireless lan policy reference guide.Book page vi thursday, january 25, 2007 5:36 pm.
Page 9: Part One: Security Ids/ips
Airmagnet laptop wireless lan policy reference guide part one: security ids/ips 1 part one: security ids/ips the addition of wlans in the corporate environment introduces a whole new class of threats for network security. Rf signals that penetrate walls and extend beyond intended boundaries can expo...
Page 10
2 part one: security ids/ips airmagnet laptop wireless lan policy reference guide to maximize the power of airmagnet mobile, security alarms can be customized to best match your security deployment policy. For example, if your wlan deployment includes access points made by a specific vendor, the pro...
Page 11: Ad-Hoc Station Detected
Airmagnet laptop wireless lan policy reference guide chapter 1: configuration vulnerabilities 3 chapter 1:configuration vulnerabilities implementing a strong deployment policy is fundamental to constructing a secure wlan. However, enforcing the policy requires constant monitoring to catch violations...
Page 12: Ap Broadcasting Ssid
4 chapter 1: configuration vulnerabilities airmagnet laptop wireless lan policy reference guide airmagnet mobile detects ad-hoc mode usage and triggers alarms. To get a list of all ad-hoc mode stations, you can use the infrastructure view. See the sample screen shot below: figure 1-2: infrastructure...
Page 13: Ap Configuration Changed
Airmagnet laptop wireless lan policy reference guide chapter 1: configuration vulnerabilities 5 airmagnet mobile detects an ap broadcasting its ssid and triggers alarms (it is also able to discover ssids that are not broadcast). In the start page, aps are listed with their ssids in red to indicate a...
Page 14
6 chapter 1: configuration vulnerabilities airmagnet laptop wireless lan policy reference guide the ieee 802.11 standard mandates the use of 802.11b/g devices in the 2.4 ghz ism (industrial, scientific and medical) band only while the 802.11a devices operate in the 5ghz unii (unlicensed national inf...
Page 15
Airmagnet laptop wireless lan policy reference guide chapter 1: configuration vulnerabilities 7 mexico is included in the americas domain but channels 1 through 8 are for indoor use only while channels 9 through 11 can be used indoors and outdoors. France is included in the emea regulatory domain, b...
Page 16
8 chapter 1: configuration vulnerabilities airmagnet laptop wireless lan policy reference guide after the initial site survey, in which channels for different aps were considered, it becomes very important that no changes be made in channel allocation. Any changes could lead to potential interferenc...
Page 17
Airmagnet laptop wireless lan policy reference guide chapter 1: configuration vulnerabilities 9 an attacker or a rogue insider could install such a wireless bridge inside the corporate network that would invariably extend the corporate network to any location outside the corporate premises. Detectio...
Page 18
10 chapter 1: configuration vulnerabilities airmagnet laptop wireless lan policy reference guide airmagnet mobile will alert the administrator when it detects a wireless bridge. Once a rogue ap running in the bridged mode is identified and reported by airmagnet mobile , the wlan administrator may us...
Page 19
Airmagnet laptop wireless lan policy reference guide chapter 1: configuration vulnerabilities 11 authentication/encryption settings, snmp read/write community strings, etc. Such default values are public knowledge available in user manuals and installation guides on the vendor web site and may be us...
Page 20
12 chapter 1: configuration vulnerabilities airmagnet laptop wireless lan policy reference guide wireless hotspot environment, one can say that one should not trust anyone else. Due to the concern of security these days, some wlan hotspot vendors are using 802.1x or higher authentication mechanisms ...
Page 21
Airmagnet laptop wireless lan policy reference guide chapter 1: configuration vulnerabilities 13 the hotspot users will have ssid configured in their windows wireless settings or in the wlan card profile. The wireless card will be sending out probe requests with the hotspot ssid. This will make the ...
Page 22
14 chapter 1: configuration vulnerabilities airmagnet laptop wireless lan policy reference guide airsnarf is a wireless access point setup utility to show how a hacker can steal username and password credentials from public wireless hotspots. Airsnarf, a shell script based tool creates a hotspot com...
Page 23
Airmagnet laptop wireless lan policy reference guide chapter 1: configuration vulnerabilities 15 airmagnet mobile detects client stations that are using ssids configured for use in the hotspot environment. Airmagnet mobile suggests that the administrator use the airmagnet find tool to locate the cli...
Page 24
16 chapter 1: configuration vulnerabilities airmagnet laptop wireless lan policy reference guide • tgn sync, backed by intel, atheros, marvell, agere, and philips. Both the proposals are similar, though they differ in terms of their goals: increasing peak data rates versus improving efficiency. The ...
Page 25
Airmagnet laptop wireless lan policy reference guide chapter 1: configuration vulnerabilities 17 airmagnet alerts the wlan administrator if it detects a pre-11n device in the wireless environment. The presence of such devices may cause severe performance degradation issues to the current wireless se...
Page 26
18 chapter 1: configuration vulnerabilities airmagnet laptop wireless lan policy reference guide client is searching for service. After learning the user profiles, an attacker can bring up an ap advertising for the desired service (ssid) to lure the client for association. Once the unsuspecting user...
Page 27: Leap Vulnerability Detected
Airmagnet laptop wireless lan policy reference guide chapter 1: configuration vulnerabilities 19 7) since the laptop is also connected to enterprise wired lan, it puts the wired network at risk. Stations that are exposed and are part of the acl (access control list) should be located using the find ...
Page 28
20 chapter 1: configuration vulnerabilities airmagnet laptop wireless lan policy reference guide joshua wright, a network engineer at johnson & wales university in providence, rhode island has written a hacking tool that compromises wireless lan networks running leap by using off- line dictionary at...
Page 29
Airmagnet laptop wireless lan policy reference guide chapter 1: configuration vulnerabilities 21 between the client and the server using a pac (protected access credential) to authenticate each other. After the tunnel establishment process, the client is then authenticated using the user-name and pa...
Page 30
22 chapter 1: configuration vulnerabilities airmagnet laptop wireless lan policy reference guide laptop wireless lan policy reference guide.Book page 22 thursday, january 25, 2007 5:36 pm.
Page 31: Dos Attack Against Ap
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 23 chapter 2:ids—denial of service attack wireless denial-of-service (dos) attacks aim to disrupt wireless services by taking advantage of various vulnerabilities of wlan at layers one and two. Dos attacks m...
Page 32
24 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide wireless intruders can exhaust ap resources, most importantly the client association table, by emulating a large number of wireless clients with spoofed mac addresses. Each one of these emulated clients w...
Page 33
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 25 association table by creating many clients reaching state 3 as illustrated below. Once the client association table overflows, legitimate clients will not be able to get associated, and thus a denial- of-...
Page 34
26 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide dos attack: association table overflow wireless intruders can exhaust ap resources, most importantly the client association table, by emulating a large number of wireless clients with spoofed mac addresse...
Page 35
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 27 figure 2-2: spoofed 802.11 authentication requests flooding ap association table, with clients stuck in state 1 and state 2 a form of dos attack aims to flood the ap's client state table (association tabl...
Page 36
28 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide airmagnet mobile detects this form a dos attack by tracking client authentication and association states. When the alarm is triggered, the ap under attack will be identified. The wlan security analyst can...
Page 37
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 29 airmagnet mobile detects this form of denial-of-service attack by tracking the 802.1x authentication state transition and particular attack signature. When the alarm is triggered, the client and ap under ...
Page 38
30 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide airmagnet mobile can detect this denial of service attack that can cause the wireless client to lose legitimate data. You can use the find tool to locate the source device and take appropriate steps to re...
Page 39
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 31 association table by creating many clients reaching state 3 as illustrated below. Once the client association table overflows, legitimate clients will not be able to get associated, and thus denial- of-se...
Page 40: Dos Attack: Cts Flood
32 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide dos attack against infrastructure in addition to attacking aps or client stations, a wireless intruder may target the rf spectrum or the back-end authentication radius server for denial-of-service attacks...
Page 41
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 33 network is in use, and thus other traffic must wait. See the illustration below. Figure 2-6: standard rts/cts mechanism vs. Intruder-injected cts dos attack a wireless dos attacker may take advantage of t...
Page 42: Exploit
34 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide figure 2-7: locating intruders using airmagnet mobile find tool dos attack: queensland university of technology exploit denial of service vulnerability in ieee 802.11 wireless devices: us- cert vu#106678 ...
Page 43
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 35 mark looi, christian wullems, kevin tham and jason smith from the information security research centre, queensland university of technology, brisbane, australia, have recently discovered a flaw in the 802...
Page 44
36 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide airmagnet mobile detects this specific dos attack and sets off the alarm. Please use the find tool to locate the responsible device and take appropriate steps to remove it from the wireless environment. F...
Page 45
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 37 office area. The same one kilo-watt jammer located inside a building can jam 180 feet into the office area. During the attack, wlan devices in the target area are out of wireless service. • physically dam...
Page 46
38 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide figure 2-10: tracking signal and noise levels using airmagnet find tool dos attack: virtual carrier attack the virtual carrier-sense attack is implemented by modifying the 802.11 mac layer implementation ...
Page 47
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 39 only packet that can follow the observed packet is an ack or cts. This includes rts and all management (association, etc.) frames. The high cap, on the other hand, is used when it is valid for a data pack...
Page 48
40 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide dos attack against client station denial-of-service attacks against wireless client stations are typically carried out based upon the fact that 802.11 management frames and 802.1x authentication protocols...
Page 49
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 41 figure 2-13: 802.1x user authentication process airmagnet mobile tracks the client authentication process and identifies dos attack signatures. Incomplete authentication and association transactions trigg...
Page 50
42 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide figure 2-14: attacker spoofs invalid authentication requests from associated client station to trick the ap into disassociating the associated client. A form of dos attack spoofs invalid authentication re...
Page 51
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 43 note: this alarm focuses on 802.11 authentication methods (open system, shared key, etc.). 802.1x and eap based authentications are monitored by other airmagnet mobile alarms. Dos attack: de-authenticatio...
Page 52
44 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide a form of dos attack aims to send all clients of an ap to the unassociated/unauthenticated state 1 by spoofing de-authentication frames from the ap to the broadcast address. With today's client adapter im...
Page 53
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 45 ieee 802.11 defines a client state machine for tracking station authentication and association status. Wireless clients and aps implement such a state machine (illustrated below) according to the ieee sta...
Page 54
46 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide airmagnet mobile detects this form of dos attack by detecting spoofed de-authentication frames and tracking client authentication and association states. When the alarm is triggered, the ap and client und...
Page 55
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 47 a form of dos attack aims to send a client of an ap to the unassociated/authenticated state 2 by spoofing disassociation frames from the ap to the broadcast address (all clients). With today's client adap...
Page 56
48 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide ieee 802.11 defines a client state machine for tracking the station authentication and association status. Wireless clients and aps implement such a state machine (illustrated below) according to the ieee...
Page 57
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 49 airmagnet mobile detects this form of dos attack by detecting spoofed disassociation frames and tracking client authentication and association states. When the alarm is triggered, the ap under attack will...
Page 58
50 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide airmagnet mobile detects this form of dos attack by tracking 802.1x authentication states. When the alarm is triggered, the client and ap under attack will be identified. The wlan security officer can log...
Page 59
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 51 figure 2-20: attacker spoofs invalid authentication requests from associated client station to trick the ap into disassociating the associated client. A form a dos attack spoofs invalid authentication req...
Page 60
52 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide airmagnet mobile detects the use of fata-jack by monitoring on spoofed mac addresses and authentication failures. This alarm may also indicate an intrusion attempt. When a wireless client fails too many t...
Page 61
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 53 the ieee 802.1x specification prohibits a client to bring up its interface when the required mutual authentication has not been completed. This enables a well implemented 802.1x client station to avoid be...
Page 62
54 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide dos attack: premature eap-success attack the ieee 802.1x standard defines the authentication protocol using eap (extensible authentication protocol) over lans, or eapol. The 802.1x protocol starts with a ...
Page 63
Airmagnet laptop wireless lan policy reference guide chapter 2: ids—denial of service attack 55 airmagnet enterprise detects this form of dos attack by tracking spoofed pre-mature eap-success frames and the 802.1x authentication states for each client station and ap. Locate the device and take appro...
Page 64
56 chapter 2: ids—denial of service attack airmagnet laptop wireless lan policy reference guide laptop wireless lan policy reference guide.Book page 56 thursday, january 25, 2007 5:36 pm.
Page 65: Airsnarf Attack Detected
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 57 chapter 3:ids—security penetration one common form of wireless intrusion is to breach the wlan authentication mechanism in order to gain access to the wired network or the wireless devices. Dictionary attacks...
Page 66
58 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide figure 3-1: basic components of a wlan hotspot network the 4 components of a basic hotspot network are: • hotspot subscribers: these are valid users with a wireless enabled laptop or handheld and valid login ...
Page 67
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 59 airsnarf, a shell script based tool creates a hotspot complete with a captive portal where the users enter their login information. Important values such as local network information, gateway ip address, and ...
Page 68
60 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide figure 3-2: locating a device airmagnet mobile find tool fast wep crack (arp replay) detected it is well publicized that wlan devices using static wep key for encryption are vulnerable to wep key cracking att...
Page 69: Device Probing For Aps
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 61 user concatenated with the 24-bit iv (initialization vector). The iv that is determined by the transmitting station can be reused frequently or in consecutive frames, thus increasing the possibility of the se...
Page 70
62 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide • legitimate wireless client attempting risky promiscuous association. Figure 3-4: war-chalker publishes a discovered wlan and its configuration at the wlan location with these universal symbols. The first po...
Page 71
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 63 figure 3-5: 802.11 aps location posted on the internet by war-driving groups the second potential security threat for this alarm may be even more damaging. Some of these alarms could be from legitimate and au...
Page 72
64 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide airmagnet mobile also detects a wireless client station probing the wlan for an anonymous association (i.E., association request for an ap with any ssid) using the netstumbler tool. The device probing for ap ...
Page 73
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 65 a dictionary attack can take place online actively, where an attacker repeatedly tries all the possible password combinations. Online dictionary attacks can be prevented using lock-out mechanisms available on...
Page 74: Fake Aps Detected
66 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide intruders with the legitimate 802.1x user identity and password combination (or valid certificate) can penetrate the 802.1x authentication process without the proper knowledge of the exact eap-type. The intru...
Page 75: Fake Dhcp Server Detected
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 67 identify the real aps deployed by the user. This tool, though very effective in discouraging war-drivers, poses many other disadvantages such as bandwidth consumption, misleading legitimate client stations, i...
Page 76: Hotspotter Tool Detected
68 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide with username and password credentials. It could also simply give out non-functional and non-routable ip addresses to achieve a denial of service attack. This sort of attack is generally against a wlan withou...
Page 77
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 69 user to login. So, the criterion for entry is dependent only on whether the subscriber has paid the subscription fees or not. In a wireless hotspot environment, one can say that one should not trust anyone el...
Page 78
70 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide “hotspotter” automates a method of penetration against wireless clients, independent of the encryption mechanism used. Using the hotspotter tool, the intruder can passively monitors the wireless network for p...
Page 79
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 71 once the rogue ap is identified and reported by airmagnet enterprise, the wlan administrator may use the find tool to locate the rogue device. Figure 3-9: locating a device using airmagnet mobile find tool il...
Page 80
72 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide once the client is identified and reported by airmagnet mobile, the wlan administrator may use the find tool to locate it. Figure 3-10: locating a device using airmagnet mobile find tool man-in-the-middle att...
Page 81
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 73 over the wireless lan. By capturing the wireless frames during the association phase, the hacker can get ip and mac address information about the wireless client card and access point, association id for the ...
Page 82: Monitored Device Detected
74 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide monitored device detected there are few cases in which the aps and stas activity needs to be continuously monitored: • malicious intruders attempting to hack into the enterprise wired network need to be monit...
Page 83: Netstumbler Detected
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 75 netstumbler detected airmagnet enterprise detects a wireless client station probing the wlan for an anonymous association (i.E. Association request for an ap with any ssid) using the netstumbler tool. The dev...
Page 84
76 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide from the air. The same equipment is used, but from a low flying private plane with high power antennas. It has been reported that a perth, australia-based war-flier picked up e-mail and internet relay chat se...
Page 85
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 77 detecting wlan networks that use leap, de-authenticates the users forcing them to reconnect and provide their user name and password credentials. The hacker can capture packets of legitimate users trying to r...
Page 86
78 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide some of the major advantages of eap-fast are that it is not proprietary, is compliant with the ieee 802.11i standard, supports tkip and wpa, does not use certificates thus avoiding complex pki infrastructures...
Page 87
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 79 figure 3-13: locating a device using airmagnet mobile find tool laptop wireless lan policy reference guide.Book page 79 thursday, january 25, 2007 5:36 pm.
Page 88
80 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide publicly secure packet forwarding (pspf) violation publicly secure packet forwarding (pspf) is a feature implemented on wlan access points to block wireless clients from communicating with other wireless clie...
Page 89: Soft Ap Or Host Ap Detected
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 81 airmagnet mobile detects pspf violations. That is, if a wireless client attempts to communicate with another wireless client, airmagnet mobile raises an alarm for a potential intrusion attack. This alarm does...
Page 90: Spoofed Mac Address Detected
82 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide any soft ap detected by airmagnet mobile should be treated as a rogue ap as well as a potential intrusion attempt. Once the soft ap is identified and reported by airmagnet mobile, the wlan administrator may u...
Page 91
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 83 airmagnet detects a spoofed mac address by following the ieee authorized oui (vendor id) and 802.11 frame sequence number signature. An administrator or the wireless security analyst can use airmagnet handhel...
Page 92
84 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide for global airmagnet mobile deployment, the configurable office- hour range is defined in local time. For the office and manufacturing floor mixed wlan, one can define office hours (for example, 9am to 5pm) f...
Page 93
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 85 • use the airmagnet enterprise wired trace and block rogue device feature provided by the airmagnet enterprise console on the ids/rogue page to track down the wired- side ip address of the rogue ap and manual...
Page 94
86 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide figure 3-17: airmagnet enterprise wired trace and block rogue feature suspends rogue aps laptop wireless lan policy reference guide.Book page 86 thursday, january 25, 2007 5:36 pm.
Page 95: Wellenreiter Detected
Airmagnet laptop wireless lan policy reference guide chapter 3: ids—security penetration 87 wellenreiter detected airmagnet enterprise detects a wireless client station probing the wlan for an anonymous association (i.E. Association request for an ap with any ssid) using the wellenreiter tool. Figur...
Page 96
88 chapter 3: ids—security penetration airmagnet laptop wireless lan policy reference guide figure 3-19: 802.11 aps location posted on the internet by war-driving groups the tool supports prism2, lucent, and cisco based cards. The tool can discover infrastructure and ad-hoc networks, if those networ...
Page 97
Airmagnet laptop wireless lan policy reference guide chapter 4: rogue ap and station 89 chapter 4:rogue ap and station as wlan gains popularity in enterprise and home networks, it is common for enterprise it professionals to discover unauthorized wlan devices connected to the corporate wired network...
Page 98: Rogue Ap
90 chapter 4: rogue ap and station airmagnet laptop wireless lan policy reference guide figure 4-1: locating a device using airmagnet mobile find tool rogue ap airmagnet mobile detects rogue aps by mac address, vendor id, ssid, radio media type, and rf channels. For airmagnet enterprise, the airmagn...
Page 99: Rogue Ap By Channel
Airmagnet laptop wireless lan policy reference guide chapter 4: rogue ap and station 91 rogue ap by channel airmagnet mobile alerts the wlan administrator on rogue aps by checking against enterprise standardized operating radio channel assignments for the 802.11a, 802.11b, or 802.11g standards. When...
Page 100: Rogue Ap By Ieee Id (Oui)
92 chapter 4: rogue ap and station airmagnet laptop wireless lan policy reference guide rogue ap by ieee id (oui) airmagnet mobile alerts the wlan administrator of a rogue ap by checking against a pre-configured authorized ap equipment vendor list. For example, if your enterprise has deployed only c...
Page 101
Airmagnet laptop wireless lan policy reference guide chapter 4: rogue ap and station 93 rogue ap by mac address (acl) after configuring a list of mac addresses of your authorized aps, airmagnet mobile can alert wlan administrators on unauthorized (rogue) aps whose mac address falls out of the pre-co...
Page 102: Rogue Ap By Ssid
94 chapter 4: rogue ap and station airmagnet laptop wireless lan policy reference guide rogue ap by ssid airmagnet mobile alerts the wlan administrator of a rogue ap by checking against a pre-configured authorized ssid list. For example, if your enterprise-deployed wlan is configured only with myoff...
Page 103
Airmagnet laptop wireless lan policy reference guide chapter 4: rogue ap and station 95 rogue ap by wireless media type airmagnet mobile alerts the wlan administrator of a rogue ap by checking against enterprise standardized operating radio frequencies and media such as 802.11a, 802.11b, or 802.11g....
Page 104
96 chapter 4: rogue ap and station airmagnet laptop wireless lan policy reference guide rogue ap traced on enterprise wired network airmagnet mobile can detect rogue aps that are connected to the corporate wired network. Rogue aps installed by unauthorized employees may not follow enterprise standar...
Page 105: Rogue Station
Airmagnet laptop wireless lan policy reference guide chapter 4: rogue ap and station 97 rogue station with the ubiquity of wireless devices (especially laptops with built-in wi-fi cards), it is getting increasingly difficult to manage wireless clients. Rogue stations may be intruders as well as legi...
Page 106
98 chapter 4: rogue ap and station airmagnet laptop wireless lan policy reference guide figure 4-8: locating a device using the airmagnet mobile find tool rogue station by ieee id (oui) airmagnet mobile alerts the wlan administrator of a rogue station by checking against a pre-configured authorized ...
Page 107
Airmagnet laptop wireless lan policy reference guide chapter 4: rogue ap and station 99 once a rogue station is identified and reported by airmagnet mobile , the wlan administrator may use the find tool to locate the rogue device. Figure 4-9: locating a device using airmagnet mobile find tool rogue ...
Page 108: Rogue Station By Ssid
100 chapter 4: rogue ap and station airmagnet laptop wireless lan policy reference guide once a rogue station is identified and reported by airmagnet mobile, the wlan administrator may use the find tool to locate the rogue device. Figure 4-10: locating a device using the airmagnet mobile find tool r...
Page 109
Airmagnet laptop wireless lan policy reference guide chapter 4: rogue ap and station 101 once a rogue station is identified and reported by airmagnet mobile , the wlan administrator may use the find tool to locate the rogue device. Figure 4-11: locating a device using airmagnet mobile find tool rogu...
Page 110
102 chapter 4: rogue ap and station airmagnet laptop wireless lan policy reference guide once a rogue station is identified and reported by airmagnet mobile , the wlan administrator may use the find tool to locate the rogue device. Figure 4-12: locating a device using airmagnet mobile find tool lapt...
Page 111
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 103 chapter 5:authentication and encryption the first line of defense for wlan security is user authentication and wireless traffic encryption. Centralized wlan user authentication based on the ieee 802.1x ...
Page 112
104 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide (authentication and encryption) include mis-configurations, out-of- date software/firmware, and suboptimal choice of corporate security policy. Airmagnet mobile alerts the administrator on these issues ...
Page 113
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 105 airmagnet mobile allows enterprise network administrators to monitor, administer and secure an organization's wlans across any number of campuses and office locations and drill down into individual netw...
Page 114: Static Wep Encryption
106 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide being an overlay solution, fortress secure gateways can be easily deployed in any network regardless of topology, infrastructure vendor or wireless technology being used. Whether protecting small pocket...
Page 115
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 107 interestingly enough, statistics show that more than 50 percent of wlans do not implement any encryption method. Even with the potential vulnerability of static wep, it is still safer than no encryption...
Page 116: Crackable Wep IV Key Used
108 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide mechanism is used, data exchanged between an ap and its client stations is subject to eavesdropping by intruders. Clients with wep disabled risk their file system, which may contain confidential corpora...
Page 117
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 109 tkip (temporal key integrity protocol) encryption mechanism, which is now supported by most enterprise-level wireless equipment. Tkip-enabled devices are not subject to any such wep key attacks. Device ...
Page 118
110 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide figure 5-3: shared key authentication 4-packet protocol exchange shared key authentication uses a standard challenge and response approach for authentication between the 802.11 client and the access poi...
Page 119: Wep IV Key Reused
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 111 wep iv key reused it is well publicized that a wlan device using a static wep key for encryption is vulnerable to various wep cracking attacks (refer to weaknesses in the key scheduling algorithm of rc4...
Page 120: Device Unprotected By Vpn
112 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide • l2tp - layer 2 tunneling protocol • pptp - point to point tunneling protocol • ssh - secure shell device unprotected by vpn if your wlan security deployment requires the use of vpn, airmagnet can aler...
Page 121: Wpa and 802.11I
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 113 wpa and 802.11i the wi-fi published wpa (wireless protected access) specification identifies a feature subset of the ieee 802.11i standard. Wpa is one of the answers to the well-publicized vulnerability...
Page 122
114 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide airmagnet mobile monitors wpa transactions and alerts the administrator when it detects non-compliant devices and weak configurations. 802.11x rekey timeout too long it is well publicized that wlan devi...
Page 123
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 115 encryption keys are updated periodically. This enhances security by eliminating the use of static encryption keys and preventing attacks that require the collection of large amounts of data encrypted wi...
Page 124
116 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide airmagnet mobile detects unencrypted multicast and broadcast frames caused by mis-configuration or vendor implementation errors. Airmagnet recommends that the user use aps that implement the encryption ...
Page 125
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 117 figure 5-7: 802.1x framework provides centralized user authentication and encryption key management the ieee 802.11i standard provide a pre-shared key (psk) mechanism and the 802.1x-server based key man...
Page 126
118 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide figure 5-8: 4-way handshake completes the key exchange for the pre- shared key mode operation (authenticator ap and authentication server as are on the ap device) there are two encryption standards defi...
Page 127
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 119 figure 5-10: tkip and mic encrypted frames expands the original data by 20 bytes for stronger encryption and integrity check the implementation of aes-ccmp is mandatory for the ieee 802.11i standard. Th...
Page 128
120 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide figure 5-11: ccmp mpdu airmagnet mobile alerts on detecting devices that are not using the ieee 802.11i standard and possibly compromising the security of the wireless network. Airmagnet mobile recommen...
Page 129
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 121 figure 5-12: 802.1x framework provides centralized user authentication and encryption key management 802.1x is used with a variety of eap (extensible authentication protocol) types such as leap, tls, tt...
Page 130
122 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide device unproetected by eap-fast it is well publicized that wlan devices using static wep key for encryption are vulnerable to the wep key cracking attack ( see the paper weaknesses in the key scheduling...
Page 131: Device Unprotected By Peap
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 123 • using a dynamic database table and index to make lookups on large files very fast. This reduces the worst-case search time to .0015% as opposed to lookups in a flat file. • writing just the leap excha...
Page 132: Device Unprotected By Tkip
124 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide • identity protection • dictionary attack resistance • protection negotiation from replay attack • header protection • protected termination from packet spoofing, flooding, and dos attack • fragmentatio...
Page 133
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 125 packet forgery and replay attacks. Most importantly, tkip is immune to the weakness introduced by a static wep key and attacks stemming from key reuses. Along with mic, tkip also provides per- packet ke...
Page 134
126 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide wpa or 802.11i pre-shared key used wpa and the 802.11i standard provide a pre-shared key (psk) mechanism as an alternative to using the ieee 802.1x-based key establishment. 802.1x-based key management r...
Page 135
Airmagnet laptop wireless lan policy reference guide chapter 5: authentication and encryption 127 airmagnet mobile detects the use of the psk mode and recommends switching to the more secure 802.1x-eap based key management and authentication system. If you decide to stay with psk mode key management...
Page 136
128 chapter 5: authentication and encryption airmagnet laptop wireless lan policy reference guide laptop wireless lan policy reference guide.Book page 128 thursday, january 25, 2007 5:36 pm.
Page 137
Airmagnet laptop wireless lan policy reference guide part two: performance intrusion 129 part two: performance violation wlan performance efficiency is constantly challenged by the dynamics of the rf environment and the mobility of client devices. A closely-monitored and well-tuned wlan system can a...
Page 138
130 part two: performance intrusion airmagnet laptop wireless lan policy reference guide laptop wireless lan policy reference guide.Book page 130 thursday, january 25, 2007 5:36 pm.
Page 139
Airmagnet laptop wireless lan policy reference guide chapter 6: channel or device overload 131 chapter 6:channel or device overload wlan technologies use the radio frequency spectrum as a shared physical medium similar to the original 10 mbps ethernet technology, which later evolved into ethernet sw...
Page 140: Ap Association Capacity Full
132 chapter 6: channel or device overload airmagnet laptop wireless lan policy reference guide about rf is that it has no boundaries that could lead your wlan channel utilization to increase significantly even when your neighbor installs new wlan devices in an adjoining channel. Airmagnet mobile mon...
Page 141: Ap Overloaded By Utilization
Airmagnet laptop wireless lan policy reference guide chapter 6: channel or device overload 133 infrastructure view. If multiple aps are becoming overloaded frequently, it is recommended that you either reduce the number of clients connecting to the network or increase the number of aps implemented. ...
Page 142
134 chapter 6: channel or device overload airmagnet laptop wireless lan policy reference guide channel page screen shot below demonstrates 32% utilization but less than 1 mbps throughput. The problem lies in the low speed transmission, which is also graphically illustrated below by the 1 mbps traffi...
Page 143
Airmagnet laptop wireless lan policy reference guide chapter 6: channel or device overload 135 besides bandwidth inefficiency, low speed multicast and broadcast frames take longer to complete the transmission process, thus introducing higher delays for other devices waiting for the wireless medium t...
Page 144
136 chapter 6: channel or device overload airmagnet laptop wireless lan policy reference guide laptop wireless lan policy reference guide.Book page 136 thursday, january 25, 2007 5:36 pm.
Page 145
Airmagnet laptop wireless lan policy reference guide chapter 7: deployment and operation error 137 chapter 7:deployment and operation error an important part of ensuring wlan performance efficiency and reliability is properly configuring the wlan infrastructure. Wireless configuration management pro...
Page 146: Configuration Error
138 chapter 7: deployment and operation error airmagnet laptop wireless lan policy reference guide • connection problems caused by client/ap mismatch configuration • wlan infrastructure device down or reset • flaws in wlan device implementation • more... Configuration error it is relatively easy to ...
Page 147
Airmagnet laptop wireless lan policy reference guide chapter 7: deployment and operation error 139 ad-hoc node using ap’s ssid the ieee 802.11 standard defines two modes of wlan operation: • infrastructure mode for ap and client station networking, and • ad-hoc mode for peer-to-peer networking betwe...
Page 148: Conflicting Ap Configuration
140 chapter 7: deployment and operation error airmagnet laptop wireless lan policy reference guide airmagnet mobile detects ssid sharing between infrastructure and ad-hoc mode devices and raises an alarm for early warning. Locate the ad-hoc device and force the user to use a different ssid for commu...
Page 149: Higher Speed Not Supported
Airmagnet laptop wireless lan policy reference guide chapter 7: deployment and operation error 141 inconsistent settings among aps may result in inconsistent security enforcement or inconsistent client connectivity experience. Airmagnet mobile identifies aps with a nonconforming configuration for th...
Page 150: Missing Performance Options
142 chapter 7: deployment and operation error airmagnet laptop wireless lan policy reference guide slows down and the throughput degrades. See the problem illustrated by an airmagnet mobile screen shot below. It shows excessive low speed transmission (1mbps), high utilization (32%), and low throughp...
Page 151
Airmagnet laptop wireless lan policy reference guide chapter 7: deployment and operation error 143 configuration. A device without this feature may be implemented on an overloaded channel, thus resulting in interference. During the wlan design and deployment process, you may decide to take advantage...
Page 152: Device Down Or Malfunction
144 chapter 7: deployment and operation error airmagnet laptop wireless lan policy reference guide unassociated station detected in the event where a wireless client station failed to authenticate or associate with an access point, it would continue trying periodically until it is successfully assoc...
Page 153: Ap System Or Firmware Reset
Airmagnet laptop wireless lan policy reference guide chapter 7: deployment and operation error 145 ap system or firmware reset the wireless access point goes through a system or firmware reset in the event of reconfiguration, power failure, or software defects. When a system reset occurs, all previo...
Page 154: Ieee 802.11G Issues
146 chapter 7: deployment and operation error airmagnet laptop wireless lan policy reference guide • ap not buffering client data while client is in power-save mode. • ap did not notify the power-save mode client of data arrival. Both scenarios result in client data loss, which will eventually be re...
Page 155
Airmagnet laptop wireless lan policy reference guide chapter 7: deployment and operation error 147 just like 802.11b devices, 802.11g devices operate in the 2.4 ghz industrial scientific medical (ism) band, except they use orthogonal frequency division multiplexing (ofdm) technology for extended spe...
Page 156
148 chapter 7: deployment and operation error airmagnet laptop wireless lan policy reference guide 802.11g ap beacons wrong protection in an 802.11b and 802.11g mixed wlan environment, ieee 802.11g specifies protection mechanisms to keep 802.11g and 802.11b devices from interfering with each other. ...
Page 157: 802.11G Pre-Standard Device
Airmagnet laptop wireless lan policy reference guide chapter 7: deployment and operation error 149 where this specification is not followed (many 802.11g devices have been known to violate this rule), the impact is uncoordinated and potentially overlapping transmissions resulting in frame collisions...
Page 158
150 chapter 7: deployment and operation error airmagnet laptop wireless lan policy reference guide besides watching out for these specific 802.11g feature violations, airmagnet mobile detects 802.11g pre-standard (802.11g draft) protocol usage to identify pre-standard devices. Once these devices are...
Page 159
Airmagnet laptop wireless lan policy reference guide chapter 7: deployment and operation error 151 device may transmit over an 802.11g ofdm transmission, causing packet collisions. The ieee 802.11g standard specifies two protection mechanisms to resolve this issue: rts/cts and cts-to-self. It is con...
Page 160
152 chapter 7: deployment and operation error airmagnet laptop wireless lan policy reference guide to further investigate this problem, you may use the airmagnet infrastructure page and select the list-by-station view option to show all historical sessions a client station has with various aps. You ...
Page 161
Airmagnet laptop wireless lan policy reference guide chapter 8: ieee 802.11e and vowlan issues 153 chapter 8:ieee 802.11e & vowlan issues the ieee 802.11e standard adds quality-of-service (qos) features and multimedia support to the existing 802.11 a/b/g wireless standards while maintaining full bac...
Page 162
154 chapter 8: ieee 802.11e and vowlan issues airmagnet laptop wireless lan policy reference guide a) the amount of time a station senses the channel to be idle before backoff or transmission. B) the length of the contention window for the backoff. C) the duration a station may transmit after it acq...
Page 163
Airmagnet laptop wireless lan policy reference guide chapter 8: ieee 802.11e and vowlan issues 155 • roaming: how the network deals with phones roaming from one access point to another figure 8-2: vowlan system with the udp protocol and the 802.11 mac and phy layers ap overloaded by voice traffic a ...
Page 164
156 chapter 8: ieee 802.11e and vowlan issues airmagnet laptop wireless lan policy reference guide normal data transfers on the wireless network. After deployment, as the number of users grows, it may become increasingly difficult for the existing deployment to maintain constant service. This situat...
Page 165: Aps
Airmagnet laptop wireless lan policy reference guide chapter 8: ieee 802.11e and vowlan issues 157 voice quality degradation caused by interfering aps 802.11b and 11g devices operate in the rf frequency range of 2.4ghz. A total of 14 channels are defined by the ieee standard in this frequency range ...
Page 166
158 chapter 8: ieee 802.11e and vowlan issues airmagnet laptop wireless lan policy reference guide security standards such as wpa and 802.11i are in place. Additional time will consequently be required for the handshake process and receiving the new encryption key for this server-based method of aut...
Page 167
Airmagnet laptop wireless lan policy reference guide chapter 8: ieee 802.11e and vowlan issues 159 also, the airmagnet jitter tool allows the user to effectively measure rf signal jitter in both incoming and outgoing wlan traffic between an access point and a station. Based on this information, the ...
Page 168
160 chapter 8: ieee 802.11e and vowlan issues airmagnet laptop wireless lan policy reference guide figure 8-8: beacon frame format as suggested by ieee 802.11e laptop wireless lan policy reference guide.Book page 160 thursday, january 25, 2007 5:36 pm.
Page 169
Airmagnet laptop wireless lan policy reference guide chapter 8: ieee 802.11e and vowlan issues 161 figure 8-9: probe response frame format as suggested by ieee 802.11e both these frames include the qbss load element. The qbss load element contains information on the current station population and tr...
Page 170
162 chapter 8: ieee 802.11e and vowlan issues airmagnet laptop wireless lan policy reference guide airmagnet recommends keeping the channel utilization to a minimum. One of the simplest ways of doing this is by reducing the number of client devices that talk to a single ap. The other option that is ...
Page 171
Airmagnet laptop wireless lan policy reference guide chapter 8: ieee 802.11e and vowlan issues 163 excessive roaming detected on wireless phones after successfully associating with an ap, vowlan client devices start using the wireless connection for communication but continue to search for better wi...
Page 172
164 chapter 8: ieee 802.11e and vowlan issues airmagnet laptop wireless lan policy reference guide roaming, which will help support real-time applications, such as voice. With more advanced wlan management technologies (such as the ones listed below), client stations are increasingly prone to associ...
Page 173
Airmagnet laptop wireless lan policy reference guide chapter 8: ieee 802.11e and vowlan issues 165 figure 8-13: using the infrastructure page station-list to investigate excessive roaming problem laptop wireless lan policy reference guide.Book page 165 thursday, january 25, 2007 5:36 pm.
Page 174
166 chapter 8: ieee 802.11e and vowlan issues airmagnet laptop wireless lan policy reference guide the airmagnet roaming tool is designed to measure the roaming delay when a station disassociates from one access point and then tries to associate with another access point. Figure 8-14: airmagnet roam...
Page 175
Airmagnet laptop wireless lan policy reference guide chapter 8: ieee 802.11e and vowlan issues 167 power save dtim not optimized for voice traffic the dtim value plays a major role in vowlan applications. Any mis-configurations here may lead to choppy traffic and dissatisfied vowlan users, as in the...
Page 176
168 chapter 8: ieee 802.11e and vowlan issues airmagnet laptop wireless lan policy reference guide situations, the frames will be queued and transmitted on a delivery traffic indication map (dtim) frame interval. This interval can vary (depending on different ap vendors) by as much as 1-2 seconds. M...
Page 177
Airmagnet laptop wireless lan policy reference guide chapter 9: problematic traffic pattern 169 chapter 9:problematic traffic pattern many wlan performance problems (including the rf multipath problem) manifest themselves in the mac layer protocol transactions and statistics. By tracking and analyzi...
Page 178
170 chapter 9: problematic traffic pattern airmagnet laptop wireless lan policy reference guide excessive fragmentation degrading performance the 802.11 mac layer supports the processes of fragmentation and defragmentation. The process of partitioning an 802.11 frame into smaller frames for transmis...
Page 179: Excessive Frame Retries
Airmagnet laptop wireless lan policy reference guide chapter 9: problematic traffic pattern 171 excessive frame retries the wlan rf spectrum is open, dynamic, shared, and is subject to noise, interference, packet collisions, multipath, hidden node syndrome, etc. When there are errors caused by any o...
Page 180
172 chapter 9: problematic traffic pattern airmagnet laptop wireless lan policy reference guide when the ratio of retry frames to total frames exceeds a user- definable threshold, airmagnet mobile alerts the administrator of a possible wlan performance problem due to noise, interference, packet coll...
Page 181
Airmagnet laptop wireless lan policy reference guide chapter 9: problematic traffic pattern 173 figure 9-6: 802.11b speed and coverage correlation see the table below for all the supported speeds and what airmagnet mobile considers to be a low speed for the selected standard. Figure 9-7: supported t...
Page 182: Excessive Missed Ap Beacons
174 chapter 9: problematic traffic pattern airmagnet laptop wireless lan policy reference guide figure 9-8: airmagnet mobile channel screen shot on bandwidth utilization, throughput, and transmit speed relationship airmagnet will alert the administrator if it sees a high amount traffic at lower spee...
Page 183: Excessive Packet Errors
Airmagnet laptop wireless lan policy reference guide chapter 9: problematic traffic pattern 175 excessive packet errors the wlan rf spectrum is open, dynamic, shared, and is subject to noise, interference, packet collisions, multipath, hidden node syndrome, etc. Ieee 802.11 has a built in error chec...
Page 184
176 chapter 9: problematic traffic pattern airmagnet laptop wireless lan policy reference guide figure 9-11: fcs (frame checksum) defined in 802.11 mac protocol format airmagnet mobile detects these error frames and tracks them based on per device and per channel orientation. See illustration below:...
Page 185
Airmagnet laptop wireless lan policy reference guide chapter 9: problematic traffic pattern 177 excessive roaming or reassociation after successfully associating with an ap, wlan client devices start using the wireless connection for communication but continue to search for better wireless services ...
Page 186
178 chapter 9: problematic traffic pattern airmagnet laptop wireless lan policy reference guide all these technologies are designed to improve wlan efficiency; however, vendor implementations and fine-tuning are not on par with each other. Immature new products may cause confused client stations to ...
Page 187
Airmagnet laptop wireless lan policy reference guide chapter 9: problematic traffic pattern 179 high management traffic overhead the ieee 802.11 standard defines three basic frame types: management, control, and data frames. Management frames (such as beacon, probe-request/response, association requ...
Page 188
180 chapter 9: problematic traffic pattern airmagnet laptop wireless lan policy reference guide management frames are sent in low speed (1mbps or 2mbps for 802.11b), and therefore consume more wlan bandwidth than data frames. In an efficient wlan, channel bandwidth utilization by management frame tr...
Page 189
Airmagnet laptop wireless lan policy reference guide chapter 9: problematic traffic pattern 181 figure 9-17: top traffic analysis page displays the traffic distribution among management/data/control frames by channel or by device streaming traffic from wireless device the wlan spectrum is a shared m...
Page 190
182 chapter 9: problematic traffic pattern airmagnet laptop wireless lan policy reference guide due to an authorized user who is downloading music or movies from the internet causing the bandwidth of the corporate network to choke. Music, movie streaming, wireless cameras cause constant traffic to f...
Page 191
Airmagnet laptop wireless lan policy reference guide chapter 9: problematic traffic pattern 183 figure 9-19: the airmagnet mobile find tool locates devices by tracking down the signal level laptop wireless lan policy reference guide.Book page 183 thursday, january 25, 2007 5:36 pm.
Page 192
184 chapter 9: problematic traffic pattern airmagnet laptop wireless lan policy reference guide laptop wireless lan policy reference guide.Book page 184 thursday, january 25, 2007 5:36 pm.
Page 193: Chapter 10:rf Management
Airmagnet laptop wireless lan policy reference guide chapter 10: rf management 179 chapter 10:rf management airmagnet mobile monitors the physical rf environment, which is dynamic and very often the source of wlan performance problems. Through this, the airwise technology characterizes the following...
Page 194
180 chapter 10: rf management airmagnet laptop wireless lan policy reference guide please note that channel utilization, 802.11a/b/g modulation issues, and mac layer protocol problems are classified in other airmagnet mobile performance categories rather than the rf management category. Channel with...
Page 195: Channel With Overloaded Aps
Airmagnet laptop wireless lan policy reference guide chapter 10: rf management 181 if you purchase airmagnet spectrum analyzer and integrate it with airmagnet mobile, you now have a more powerful tool that can identify these additional sources of interference. By enabling the spectrum analyzer integ...
Page 196
182 chapter 10: rf management airmagnet laptop wireless lan policy reference guide collisions, hidden node problems, interference, etc. A typical site survey assigns non-overlapping channels to physically adjacent aps to avoid co-channel interference. The figure below shows a sample channel allocati...
Page 197: Hidden Station Detected
Airmagnet laptop wireless lan policy reference guide chapter 10: rf management 183 hidden station detected a hidden station problem occurs when a wireless node cannot hear one or more of the other nodes, and thus the media access protocol (csma/ca - carrier sense multiple access/collision avoidance)...
Page 198
184 chapter 10: rf management airmagnet laptop wireless lan policy reference guide analyzer is located). Once hidden stations are detected, airmagnet mobile would suggest countermeasures, typically turning on the rts/cts (request-to-send/clear-to-send) mechanism to coordinate media access. In the ab...
Page 199: Insufficient Rf Coverage
Airmagnet laptop wireless lan policy reference guide chapter 10: rf management 185 in order to configure a device to use rts/cts, please see the sample cisco configuration below: figure 10-9: sample rts/cts configuration for a cisco aironet client adapter to resolve the hidden node problem insuffici...
Page 200
186 chapter 10: rf management airmagnet laptop wireless lan policy reference guide are introduced, the rf coverage produced by aps could be compromised. If such a change becomes dramatic, wireless clients could not only experience degraded performance levels but could face connectivity issues. Figur...
Page 201: Interfering Aps Detected
Airmagnet laptop wireless lan policy reference guide chapter 10: rf management 187 interfering aps detected 802.11b and 11g devices operate in the rf frequency range of 2.4ghz. A total of 14 channels are defined by the ieee standard in this frequency range with each channel occupying 22 mhz. Adjacen...
Page 202
188 chapter 10: rf management airmagnet laptop wireless lan policy reference guide mobile detects 5 aps operating in channel 1, 2, 3, 4, 5, and 6 individually, it would generate this alarm to indicate these aps all interfere with each other and exceeded the default threshold of 3 aps with overlappin...
Page 203
Airmagnet laptop wireless lan policy reference guide chapter 10: rf management 189 network from network stations, but they cannot see the whole rf spectrum in the unlicensed band, and so cannot identify other sources of rf activity, which can cause dropped network connections and other problems. Lac...
Page 204
190 chapter 10: rf management airmagnet laptop wireless lan policy reference guide airmagnet mobile integrated with airmagnet spectrum analyzer includes sophisticated technology to detect and classify sources of rf activity. Using this data, network engineers can take a variety of actions to enhance...
Page 205
Airmagnet laptop wireless lan policy reference guide chapter 10: rf management 191 airmagnet mobile integrated with airmagnet spectrum analyzer offers six different types of plots: figure 10-16: airmagnet spectrum sensor: fft, power vs. Frequency, fft duty cycle, and swept spectrogram plots • real-t...
Page 206: Rf Regulatory Rule Violation
192 chapter 10: rf management airmagnet laptop wireless lan policy reference guide • fft duty cycle: the fft duty cycle plot displays the percentage of the time that the ambient rf signal is 20 db above the noise floor. (this is represented on a per-frequency bin basis.) the duty cycle for the fft d...
Page 207
Airmagnet laptop wireless lan policy reference guide chapter 10: rf management 193 with 802.11b/g devices as they operate in different frequency bands. According to the 802.11 standard, the user sets the channel for the access point and the wireless client adjusts its frequency to the same channel a...
Page 208
194 chapter 10: rf management airmagnet laptop wireless lan policy reference guide figure 10-18: channel assignment for 802.11b devices. Mexico is included in the americas domain but channels 1 through 8 are for indoor use only while channels 9 through 11 can be used indoors and outdoors. France is ...
Page 209
Airmagnet laptop wireless lan policy reference guide chapter 10: rf management 195 once the violating ap is identified and reported by airmagnet mobile , the wlan administrator may use the find tool to locate the device. Figure 10-19: the airmagnet mobile find tool locates devices by tracking down t...
Page 210
196 chapter 10: rf management airmagnet laptop wireless lan policy reference guide laptop wireless lan policy reference guide.Book page 196 thursday, january 25, 2007 5:36 pm.