Scribd
Upload
189 views30 pages

Visualizing 802.11 WireShark Data

The document discusses visualizing 802.11 WiFi data using Wireshark. It covers the differences between 802.3 wired and 802.11 wireless standards, WiFi channels and their overlap, physical layer modulation techniques, channel contention and access, 802.11 frame types, and how to analyze wireless packets and configure Wireshark profiles to visualize wireless data. The presentation was given by Ryan Woodings at SHARKFEST '12 at UC Berkeley on June 24-27, 2012.

Uploaded by

jean-phile
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
189 views30 pages

Visualizing 802.11 WireShark Data

The document discusses visualizing 802.11 WiFi data using Wireshark. It covers the differences between 802.3 wired and 802.11 wireless standards, WiFi channels and their overlap, physical layer modulation techniques, channel contention and access, 802.11 frame types, and how to analyze wireless packets and configure Wireshark profiles to visualize wireless data. The presentation was given by Ryan Woodings at SHARKFEST '12 at UC Berkeley on June 24-27, 2012.

Uploaded by

jean-phile
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Visualizing 802.

11
Wireshark Data
Tuesday, July 26th, 2012

Ryan Woodings
Chief Geek | MetaGeek
@metageek

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Wired vs Wireless

802.3 - Wired
1. CSMA CD
2. Distributed Access Scheme

802.11 - Wireless
1. CSMA CA
Distributed Access Scheme

Additional Considerations
2.4 & 5 GHz Public ISM bands
Overlapping Channels
Non-Wi-Fi Transmitters
Tx Power Restrictions

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Channels
2.4 GHz

11 (US) 3 Non-Overlapping
13 (Europe) 4 Non-Overlapping

5 GHz

9 non-DFS (US)
12 DFS (US)
4 non-DFS (Europe)
15 DFS (Europe)

Detailed List
http://en.wikipedia.org/wiki/List_of_WLAN_channels
SHARKFEST 12 | UC Berkeley | June 2427, 2012

Channel Overlap

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Physical Layer Modulation

CCK (HR-DSSS Phase Shift Keying)

OFDM (Orthogonal Frequency Division Multiplexing)


SHARKFEST 12 | UC Berkeley | June 2427, 2012

Channel Contention
Co-Channel: Every station and access point on
the same channel competes for the time to talk.
Adjacent Channel: Every Station and access
point on an overlapping channel competes for
time to talk.
Non-Wi-Fi: non-802.11 devices also compete
for medium access.
SHARKFEST 12 | UC Berkeley | June 2427, 2012

Physical Layer Modulation

Live Demo
SHARKFEST 12 | UC Berkeley | June 2427, 2012

802.11b

2.4 GHz-only
22 MHz Wide
1-11 Mbps
HR-DSSS BPSK w/ CCK Modulation
Good for longer range but low data rate.

SHARKFEST 12 | UC Berkeley | June 2427, 2012

802.11a

5 GHz-only
20 MHz Wide
6-54 Mbps
OFDM Modulation

SHARKFEST 12 | UC Berkeley | June 2427, 2012

802.11g

2.4 GHz-only
20 MHz Wide
6-54Mbps
ERP-OFDM Modulation

SHARKFEST 12 | UC Berkeley | June 2427, 2012

802.11n

2.4 & 5 GHz


20-40 MHz Wide
6-450 Mbps
OFDM Modulation

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Dynamic Rate Selection


As clients are further away from an Access point
they choose a lower modulation rate.

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Channel Contention

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Channel Contention

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Contention Domains

Channel
Antenna Pattern
Physical Barriers
Transmit Power

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Wireless Medium Access


CSMA w/ CA

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Wireless Medium Access

SHARKFEST 12 | UC Berkeley | June 2427, 2012

802.11 Frame Types

Management Frames
wlan.fc.type == 0

Control
wlan.fc.type == 1

Data
wlan.fc.type == 2
SHARKFEST 12 | UC Berkeley | June 2427, 2012

Management Frames
Management frames "manage" stations joining and leaving
a WLAN. These frames exist only in the 802.11 MAC layer.
For Example,
Beacons
Probes
Authentications
Associations

wlan.fc.type == 0
SHARKFEST 12 | UC Berkeley | June 2427, 2012

Control Frames
Control Frames "control" the RF medium and aid in delivery
of data and management frames.
For Example,
ACK
Block-ACK
RTS

CTS

wlan.fc.type == 1

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Data Frames
Data Frames carry higher-level protocol data
For Example,
Data

Data+CF-Ack

Data+CF-Poll

QoS data

wlan.fc.type == 2
SHARKFEST 12 | UC Berkeley | June 2427, 2012

Visual Packet Analysis

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Packets vs. Bytes vs. Time

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Packet Analysis Demo

Live Demo
SHARKFEST 12 | UC Berkeley | June 2427, 2012

WireShark Config Profiles


WLAN Frame Types
Data, Management and Control
Data Rates
Highlight frames sent slow/fast
Channels
For captures with multiple adapters.
SHARKFEST 12 | UC Berkeley | June 2427, 2012

WireShark Config Profiles


Additional Columns to Consider:
SubType
wlan.fc.type_subtype
Data Rate
IEEE 802.11 TX rate (existing field type)
RSSI
IEEE 802.11 RSSI (existing field type)
SHARKFEST 12 | UC Berkeley | June 2427, 2012

Packet Type Profile

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Channel Profile

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Data Rate Profile

SHARKFEST 12 | UC Berkeley | June 2427, 2012

Fin.

Visualizing 802.11
Wireshark Data
Tuesday, July 26th, 2012

Ryan Woodings
Chief Geek | MetaGeek
@metageek

SHARKFEST 12 | UC Berkeley | June 2427, 2012

You might also like