Wireshark Wifi Questions
Wireshark Wifi Questions
Wireshark Wifi Questions
Question# 1 What are the SSIDs of the two access points that are issuing most of the beacon frames in this trace? Answer 1. 30 Munroe St. (total 718 beacons) 2. linksys12 (total 29 beacons)
Question# 2 What are the intervals of time between the transmission of the beacon frames the linksys_ses_24086 access point? From the 30 Munroe St. access point? (Hint: this interval of time is contained in the beacon frame itself). Answer Beacon frame time interval of both linksys_ses_24084 and 30 Munroe St. is 0.102400 seconds.
Question# 3 What (in hexadecimal notation) is the source MAC address on the beacon frame from 30 Munroe St? Recall from Figure 6.13 in the text that the source, destination, and BSS are three addresses used in an 802.11 frame. For a detailed discussion of the 802.11 frame structure, see section 7 in the IEEE 802.11 standards document (cited above). Answer Source MAC address is 00:16:b6:f7:1d:51
Question# 4 What (in hexadecimal notation) is the destination MAC address on the beacon frame from 30 Munroe St?? Answer Destination address is ff:ff:ff:ff:ff:ff
Question# 5 What (in hexadecimal notation) is the MAC BSS id on the beacon frame from 30 Munroe St? Answer MAC BSS id is 00:16:b6:f7:1d:51
Question# 6 The beacon frames from the 30 Munroe St access point advertise that the access point can support four data rates and eight additional extended supported rates. What are these rates? Answer 1. Supported data rates are: 1.0, 2.0, 5.5, and 11.0 Mbit/sec 2. Extended supported rates are: 6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, 54.0 Mbit/sec
Question# 7 Find the 802.11 frame containing the SYN TCP segment for this first TCP session (that downloads alice.txt). What are three MAC address fields in the 802.11 frame? Which MAC address in this frame corresponds to the wireless host (give the hexadecimal representation of the MAC address for the host)? To the access point? To the first-hop router? What is the IP address of the wireless host sending this TCP segment? What is the destination IP address? Does this destination IP address correspond to the host, access point, first-hop router, or some other network-attached device? Explain. Answer Find the 802.11 frame containing the SYN TCP segment for this first TCP session (that downloads alice.txt). What are three MAC address fields in the 802.11 frame? Destination: 00:16:b6:f4:eb:a8, BSS ID: 00:16:b6:f7:1d:51, Source: 91:2a:b0:49:b6:4f
Which MAC address in this frame corresponds to the wireless host (give the hexadecimal representation of the MAC address for the host) ? Both Destination (00:16:b6:f4:eb:a8) and source (91:2a:b0:49:b6:4f) are wireless hosts
To the access point? To the first-hop router? MAC address coressponding to BSS ID(00:16:b6:f7:1d:51) is the access point
What is the IP address of the wireless host sending this TCP segment? What is the destination IP address? Does this destination IP address correspond to the host, access point, first-hop router, or some other network-attached device? Explain. IP of sending host is 192.168.1.109. Destination IP address is 128.119.245.12 which is gaia.cs.umass.edu. It corressponds to a host from which alice.txt is downloaded.
Question# 8 Find the 802.11 frame containing the SYNACK segment for this TCP session. What are three MAC address fields in the 802.11 frame? Which MAC address in this frame corresponds to the host? To the access point? To the first-hop router? Does the sender MAC address in the frame correspond to the IP address of the device that sent the TCP segment encapsulated within this datagram? (Hint: review Figure 5.19 in the text if you are unsure of how to answer this question, or the corresponding part of the previous question. Its particularly important that you understand this). Answer Find the 802.11 frame containing the SYNACK segment for this TCP session. What are three MAC address fields in the 802.11 frame? Destination: 91:2a:b0:49:b6:4f, BSS ID: 00:16:b6:f7:1d:51, Source: 00:16:b6:f4:eb:a8
Which MAC address in this frame corresponds to the host? Both Destination (91:2a:b0:49:b6:4f) and source (00:16:b6:f4:eb:a8) are wireless hosts
To the access point? To the first-hop router? MAC address coressponding to BSS ID(00:16:b6:f7:1d:51) is the access point
Does the sender MAC address in the frame correspond to the IP address of the device that sent the TCP segment encapsulated within this datagram? Yes, The sender in SYNACK packet is the receiver in SYN packet.
Question# 9 What two actions are taken (i.e., frames are sent) by the host in the trace just after t=49, to end the association with the 30 Munroe St AP that was initially in place when trace collection began? (Hint: one is an IP-layer action, and one is an 802.11-layer action). Looking at the 802.11 specification, is there another frame that you might have expected to see, but dont see here? Answer The two actions are DHCP Release and Deauthentication.
Question# 10 Examine the trace file and look for AUTHENICATION frames sent from the host to an AP and vice versa. How many AUTHENTICATION messages are sent from the wireless host to the linksys_ses_24086 AP (which has a MAC address of Cisco_Li_f5:ba:bb) starting at around t=49? Answer Total 15 messages are sent.
Question# 11 Does the host want the authentication to require a key or be open? Answer No key is required. It is open.
Question# 12 Do you see a reply AUTHENTICATION from the linksys_ses_24086 AP in the trace? Answer No. There is no reply AUTHENTICATION from the linksys_ses_24086 AP in the trace. This AP has sent only Beacon frames.
Question# 13 Now lets consider what happens as the host gives up trying to associate with the linksys_ses_24086 AP and now tries to associate with the 30 Munroe St AP. Look for AUTHENICATION frames sent from the host to and AP and vice versa. At what times are there an AUTHENTICATION frame from the host to the 30 Munroe St. AP, and when is there a reply AUTHENTICATION sent from that AP to the host in reply? (Note that you can use the filter expression wlan.fc.subtype == 11and wlan.fc.type == 0 and wlan.addr == IntelCor_d1:b6:4f to display only the AUTHENTICATION frames in this trace for this wireless host.) Answer Authentication request is sent two times to 30 Munroe St. Access point. First at 63.168087 and second at 63.169707. 30 Munroe St. Has sent two authentication responses. One at 63.169071 and second at 63.170692.
Question# 14 An ASSOCIATE REQUEST from host to AP, and a corresponding ASSOCIATE RESPONSE frame from AP to host are used for the host to associated with an AP. At what time is there an ASSOCIATE REQUEST from host to the 30 Munroe St AP? When is the corresponding ASSOCIATE REPLY sent? (Note that you can use the filter expression wlan.fc.subtype < 2 and wlan.fc.type == 0 and wlan.addr == IntelCor_d1:b6:4f to display only the ASSOCIATE REQUEST and ASSOCIATE RESPONSE frames for this trace.) Answer Request is at: 63.169910 Reply is at: 63.192101
Question# 15 What transmission rates is the host willing to use? The AP? To answer this question, you will need to look into the parameters fields of the 802.11 wireless LAN management frame. Answer Supported rates by host are: 1.0, 2.0, 5.5, 11.0, 6.0, 9.0, and 12.0 [Mbit /sec]. Extended supported rates by host are: 24.0, 36.0, 48.0 and 54.0 [Mbit /sec].
Supported rates by AP are 1.0, 2.0, 5.5, and 11.0 [Mbit / sec] Extended supported rates by AP are 6.0, 9.0, 12.0, 18.0, 24.0, 36.0, 48.0, and 54.0 [Mbit / sec]
Question# 16 What are the sender, receiver and BSS ID MAC addresses in these frames? What is the purpose of these two types of frames? (To answer this last question, youll need to dig into the online references cited earlier in this lab). Answer A host sends a probe request to determine which access points are within range. An access point informs its availability to host using probe response. In probe request following are the MAC addresses: Destination: ff:ff:ff:ff:ff:ff (broadcast) Source: 00:12:f0:1f:57:13 BSS ID: ff:ff:ff:ff:ff:ff (broadcast)
In probe response, following are the MAC adresses: Destination: 00:12:f0:1f:57:13 Source: 00:16:b6:f7:1d:51 (30 Munroe St. Access point) BSS ID: 00:16:b6:f7:1d:51 (30 Munroe St. Access point)