620 likes | 783 Views
WiFi Profiler: Cooperative Diagnosis in Wireless LAN. Ayah Zirikly. Authors. Presented at MobiSys 2006 by Ranveer Chandra Venkata N.Padmanabhan Ming Zhang . Microsoft Research. What this paper is presenting:.
E N D
WiFi Profiler: Cooperative Diagnosis in Wireless LAN Ayah Zirikly
Authors Presented at MobiSys 2006 by • Ranveer Chandra • VenkataN.Padmanabhan • Ming Zhang Microsoft Research
What this paper is presenting: • A system in which wireless hosts cooperate to diagnose and resolve network problem in an automated manner. WiFi Profiler
Key observation behind the paper • If the host is disconnected, it is often in the range of other wireless nodes and is able to communicate with them peer-to-peer, to get access to the information gathered.
Goal of the paper • Creating a shared information plane that enables wireless hosts to exchange a range of information about their network settings. • By aggregating such information across multiple wireless hosts WiFiProfilerinfer the likely cause of the problem.
Differences between WiFiProfiler and previous tools • Previous tools like the one we saw in the last paper is not automated as it still needs the network administrator to figure out the problem. • Do not depend on any special vulnerabilities/characteristics in 802.11
Wireless LAN Architecture • Wireless Security: • MAC filtering: rejecting packets that their MAC address does not belong to a predefined list. • WEP: key setting configured manually at the AP and the wireless clients. • WPA: key setting configured • Automatically using 802.1X • Manually (user enter passphrase). • DHCP: • In addition to giving the client IP address, it provides other configuration information like the IP address of the gateway and LDNS server. • Firewall: • Port blocking. • Others… • Application-level proxies.
Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion
Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion
No AP detected The client is not receiving the broadcasted beacons. Reasons: • Out of Range. • Channel noise. • HW/SW incompatibility.
Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion
No association with the AP • AP is malfunctioning • Client does not have a good consistent signal. • Inappropriate MAC Address (MAC filtering). • Software Incompatibilities (outdated driver). • Hardware Incompatibilities (wireless cards). • Wrong WEP Key, or WPA authentication. • Other security related issues.
Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion
Inability to obtain an IP address • Client side • Wrong key (WEP/WPA) • Wrong MAC. • Configuration problem. • AP side • Wired interface is malfunctioning or disconnected. • DHCP side • IP address pool exhausted. • Server being down.
Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion
End-to-End communication failure • DNS resolution failure: • Incorrect local DNS server settings. • Failure in the DNS infrastructure. • Firewall might selectively block communication. • Common FW ports not open • The use of application proxies. • Proxy Server down • Inappropriate client proxy settings • Disconnected wireless LAN • Equipment Malfunction • Equipment Failure
Causes of Network Problems Location/distance No AP detected HW or SW config. No association Authentication DHCP server No IP address Firewall/proxy config. E2E failure WAN disconnection Poor performance Wireless congestion WAN congestion
Poor performance • Lossy wireless link due to: • Weak signal. • Noise. • Network Congestion(wireless medium or WAN) • Too many legitimate users consuming network resources. • Misbehaved users. • Combination of both…
Examples of the shared information Plane • Having or not the ability to be connected to a certain wireless network or AP. • The ability or not to obtain IP address. • Experiencing poor performance.
Sensing Communication Diagnosis Architecture of WiFi Profiler • Components of WiFi Profiler:
Design and Implementation of WiFiProfiler • Sensing : Make local observations of network configurations and health at the individual wireless clients. • Communication: Enable peer-to-peer communication among wireless hosts within range • Diagnosis: Infer the likely causes of the problems experienced by clients and possible steps for resolution
Sensing Mission: Make passive observations of the network health and network configuration information at the individual wireless clients.
Sensing • Wireless layer Wireless (HW/SW) configuration information (Static Information): • NIC model. • NIC name. • Driver version.
SensingWireless Layer • Information about Wireless network in the vicinity: • BSSID list: (Basic Service set Identifiers) • The list of BSSIDs corresponding to the APs from whom beacons have been heard . • SSID list: (Service Set Identity) • Name identifies the network. • SSID may have multiple BSSIDs that a client can be associated with. • RSSI list: • Received signal of the BSSID. • Average RSSI reported.
SensingWireless Layer Security settings information: • Security protocol: • WEP/WPA key used for authentication or/and encryption. • To avoid exposing the key, only one–way hashing of this information is shared.
SensingWireless Layer • Information about the state of the wireless channel: • Beacon loss rate: • Based on the number of beacon frames that are not received at a client. • Loss rate of client broadcast UDP beacons (since some drivers do not compute BLR ). • Interface queue length: • Sampling the packet queue length at the wireless interface on a continual basis. • Indicator of the wireless congestion.
Sensing • Network layer: Dynamic Information concerns: • IP address/subnet/mask: the IP address, subnet, and netmask corresponding to the wireless interface. • IP mode: whether the client’s IP address is assigned statically or obtained dynamically using DHCP. • DHCP information: the IP address of the DHCP server that lease the address and when the lease happened. • LDNS information: the IP address(es) of the local DNS server(s).
Sensing • Transport layer: Learn about the E2E network connectivity over the wide-area network that can be affected by firewalls, congestion/disconnection of the WAN link. Information obtained (Dynamic Information): • Failed connection attempts: Number of connection and failed attempts. • Packet retransmission: Number of retransmitted TCP segments. • Server port numbers with successful TCP connections: Successful connection on a certain server port numbers (if not, firewall might blocking access).
Sensing Successful Connection • Protocol state example: Established Time-wait Start SYN-SENT Established Time-wait Established Time-wait Start Connection failed Port blocking SYN-SENT Start SYN-ACK time- out
Sensing • Application layer: Configuration information related to the wireless communication. • Web proxy setting: HTTP proxy has been used?? • Host name. • Port number.
Sensing • Summarizing Sensing Information: Needed to reduce the overhead of sharing with peers. • Configuration information (NIC type, …etc): • Values from the recent snapshots. • Dynamic information: • Compute aggregate (average or threshold) metric over: • 60 seconds for wireless-related information. • 300 seconds for TCP-related information. • BSSID list, SSID list: • Union of the distinct values of the sets.
Communication • Enables wireless client having problems “requester” to obtain information from its peers “responders”. • Challenges observed: • Requester and responders are not in the same network. • Requester is disconnected. • Requires responder to disconnect from its current network. • WiFiProfiler framework enables exchanging information without the need of disconnecting the responder from its network. • Key observation: • Disconnected node can initiate AH network with the responders. • Responder can connect to the requester’s AH without disconnecting from its network. Can be accomplished using two NICs or virtualWiFi
Communication • Each client using WiFiProfiler has two adapters: • Primary adapter: • Used for its normal communication. • Helper adapter: • Used to exchange information with peers.
Communication • Communication protocol Initialize Requester: The client activates the helper network adapter
Communication • Communication protocol Start AH Network: Started over the helper network adapter, with the appropriate SSID and IP address.
Communication • Communication protocol Initialize Responder: Parses the SSID field to see if it corresponds to a requester. If so, it activates its helper adapter.
Communication • Communication protocol Join Network, Send Response: Sets up a socket connection with the corresponding IP address and Port# Then, start sending information to the requester.
Communication • Communication protocol • Stop Responder: • After sending responses • Closes socket connection. • Stops the helper adapter.
Communication • Communication protocol • Stop Requester: • After sufficient number of responses • Shuts down socket. • Stops the helper adapter.
Communication Communication protocol steps using VirtualWiFi: • Requester activates its helper adapter and configures it with the help SSID. • The responder after detecting “Help” request, it activates its helper adapter. • VirtualWiFi switches the physical card across the primary and helper adapter. • Responder stops VirtualWiFi (unbind helper adapter after sending responses). • Requester activates its primary adapter to stop the AH network. Complete within a few milliseconds.
Communication Communication protocol steps using two NICs: • WiFiProfiler assigns static IP address to the helper adapter. • Requester activates its helper adapter. • Primary adapter scans the channels for the requester’s beacons. • Responder activates its helper adapter when detecting a requester. • The helper adapter scans the channels to locate the requester’s network. • Responder joins AH network.. • The responder disables its helper adapter after sending responses.
Communication • Optimization to keep the overhead on the responder low: • Summarizing the sensing information in 1200bytes to fit into a single packet (keep the protocol as simple as possible). • Using UDP for the responses giving the responder the ability to send single packet and then leave the AH network. • Limit the responding rate for help to provide protection from malicious users. • Responders wait for a random time before joining the AH network and responding (useful in the case of large number of potential responders). • Responders can cache recently sent responses to send it to current requesters.
Diagnosis • Based on the information gathered from the peer nodes. Inability to detect an AP: Reasons: • No AP in its vicinity. • Beacons are not detected at the current location. • HW/SW incompatibility between the client and AP. • Client wireless NIC is not working.
Diagnosis Inability to detect AP Diagnosing steps: • If the client does not hear from any peers it is because: • No WiFiProfiler-enabled in its vicinity. • NIC is not working. • If a peer with the same NIC type and driver version is able to receive beacons client current location is the cause. • If all the peers has the same NIC type but different driver version NIC driver version or client current location is the cause. • If all the peers have different NIC types. client NIC type, NIC driver version, or current location is the cause. Resolution of the problem: User action: changing NICs, installing a new driver, or changing location.
Diagnosis Inability to associate with AP: Reasons: • AP uses security mechanisms like MAC filtering, WEP, WPA. • Weak wireless link at the client’s current location. • Incompatibility between the NIC type or driver and the AP hardware. • AP malfunction.
Diagnosis Inability to associate with AP Diagnosing steps: • Client authentication configurations does not match the successfully associated peers (incorrect key) configuration information missing/wrong. • Client has higher BLR/has lower RSSI than its successfully associated peers weak link due to client current location. • If a peer with the same NIC type and driver version is able to associate MAC filtering is applied at the AP. Resolution of the problem: User action: changing authentication key/passphrase, location, NICs, or installing a new driver. Operator action: adding NIC MAC address to the MAC filter list.
Diagnosis Inability to obtain IP address: Reasons: • Incorrect WEP key that prevents communication with AP. • AP hardware malfunctioning or disconnections that prevents the AP from communicating with DHCP server. • DHCP is down or out of addresses and is not responding to the requests.
Diagnosis Inability to obtain IP address Diagnosing steps: • Client WEP encryption key does not match its successfully associated peers configuration information missing/wrong. • One or more peer is successfully associated but did not obtain IP address DHCP server or general connectivity problems. • If at least one peer established successful wide-are communication. Failure or address exhaustion at the DHCP. Resolution of the problem: User action: changing authentication key/passphrase, location, NICs, or installing a new driver. Operator action: resolve DHCP server problem or hardware disconnection problem.
Diagnosis End-to-End Communication Failure: Reasons: • DNS resolution failure: • Incorrect local DNS server setting. • LDNS server is down or unreachable. • General problem with DNS that is not specific to local wireless network. • E2E connectivity problems. • Incorrect application proxy setting. • Application proxy is down or disconnected. • Firewall blocking access. • Connectivity problem between the wireless LAN and the wide-area network.
Diagnosis E2E communication failure DNS resolution Failure: Diagnosing steps: • If a peer with a different LDNS setting reports a high success rate while no peer with the same LDNS setting reports it. incorrect LDNS server setting • All peers report a high failure rate for DNS resolution, with no response from the server. LDNS server is down or unreachable. • Otherwise, general DNS problem. Misconfiguration or WAN connectivity issues. Resolution of the problem: User action: changing the client’s LDNS setting. Otherwise, operator intervention needed.