A framework for wireless LAN monitoring and its applications

Many studies on measurement and characterization of wireless LANs (WLANs) have been performed recently. Most of these measurements have been conducted from the wired portion of the network based on wired monitoring (e.g. sniffer at some wired point) or SNMP statistics. More recently, wireless monitoring, the traffic measurement from a wireless vantage point, is also widely adopted in both wireless research and commercial WLAN management product development. Wireless monitoring technique can provide detailed PHY/MAC information on wireless medium. For the network diagnosis purpose (e.g. anomaly detection and security monitoring) such detailed wireless information is more useful than the information provided by SNMP or wired monitoring. In this paper we have explored various issues in implementing the wireless monitoring system for an IEEE 802.11 based wireless network. We identify the pitfalls that such system needs to be aware of, and then provide feasible solutions to avoid those pitfalls. We implement an actual wireless monitoring system and demonstrate its effectiveness by characterizing a typical computer science department WLAN traffic. Our characterization reveals rich information about the PHY/MAC layers of the IEEE 802.11 protocol such as the typical traffic mix of different frame types, their temporal characteristics and correlation with the user activities. Moreover, we identify various anomalies in protocol and security of the IEEE 802.11 MAC. Regarding the security, we identify malicious usages of WLAN, such as email worm and network scanning. Our results also show excessive retransmissions of some management frame types reducing the useful throughput of the wireless network.

[1]  Ashok K. Agrawala,et al.  Measuring Traffic on the Wireless Medium: Experience and Pitfalls , 2002 .

[2]  David A. Wagner,et al.  Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[3]  Stefan Savage,et al.  802.11 Denial-of-Service Attacks: Real Vulnerabilities and Practical Solutions , 2003, USENIX Security Symposium.

[4]  David Kotz,et al.  Analysis of a Campus-Wide Wireless Network , 2002, MobiCom '02.

[5]  Joshua Wright,et al.  Detecting Wireless LAN MAC Address Spoofing , 2003 .

[6]  Ashok K. Agrawala,et al.  Estimating available capacity of a network connection , 2000, Proceedings IEEE International Conference on Networks 2000 (ICON 2000). Networking Trends and Challenges in the New Millennium.

[7]  Bernard J. Bennington,et al.  Wireless Andrew: experience building a high speed, campus-wide wireless data network , 1997, MobiCom '97.

[8]  Mary Baker,et al.  Analysis of a local-area wireless network , 2000, MobiCom '00.

[9]  Maxim Raya,et al.  DOMINO: a system to detect greedy behavior in IEEE 802.11 hotspots , 2004, MobiSys '04.

[10]  Peter Steenkiste,et al.  Measurement and analysis of the error characteristics of an in-building wireless network , 1996, SIGCOMM 1996.

[11]  David Schwab,et al.  Characterising the use of a campus wireless network , 2004, IEEE INFOCOM 2004.

[12]  Voon Chin Phua,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1999 .

[13]  Keith McCloghrie,et al.  Management Information Base for network management of TCP/IP-based internets , 1990, RFC.

[14]  William A. Arbaugh,et al.  Improving the latency of 802.11 hand-offs using neighbor graphs , 2004, MobiSys '04.

[15]  Nitin H. Vaidya,et al.  Selfish MAC layer misbehavior in wireless networks , 2005, IEEE Transactions on Mobile Computing.

[16]  Paramvir Bahl,et al.  Characterizing user behavior and network performance in a public wireless LAN , 2002, SIGMETRICS '02.

[17]  William A. Arbaugh,et al.  An Initial Security Analysis of the IEEE 802.1X Standard , 2002 .

[18]  Marshall T. Rose,et al.  Management Information Base for network management of TCP/IP-based internets , 1990, RFC.

[19]  Wenke Lee,et al.  Intrusion Detection Techniques for Mobile Wireless Networks , 2003, Wirel. Networks.

[20]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.