NOTE: While you are free to discuss your findings with your peers as you work on this lab, you are to submit your own, individually completed version of this lab document.
Identical lab reports will be given a grade of zero
and will be subject to the academic honesty provisions with our departmental code of conduct.
Lab Objectives
· Identify some of the various frame types visible when engaged in 802.11 networking.
· Within the various types of 802.11 frames available to us, locate the value which will inform the NAV (Network Allocation Vector) timer setting.
· Examine the difference in the Duration field values for various types of 802.11 frames.
Hardware/Software Requirements
· Wireshark
· The following trace files which are located alongside this document on the course page:
o DCFLapB.pcap
o DCFLabN.pcap
Setup
· Download the two trace files listed above from the course page and save them onto your workstation so they are easily accessible during the lab.
o If you are working on a Mohawk computer, depending on the current image the top level of the C:\ drive and/or the D:\ drive may be writable locations, but the browser should automatically pick a workable location, such as the Downloads folder.
· Next, start up Wireshark on your workstation and use it throughout this lab.
Useful things to know:
· When you see
SenaoInt_8b:ac:0f
in the capture file it refers to a USB-based
EnGenius WLAN adapters, whereas
Cisco-Li_ca:f0:8d
is a
Linksys WRT150N wireless router.
· DCFLabB.pcap was created with the Linksys wireless router configured for Wireless-B Only and the EnGenius client was configured for IEEE 802.11b.
· DCFLabN.pcap was created with the Linksys wireless router configured for Wireless-N Only and the EnGenius client was configured for IEEE 802.11b/g/n
Background
When a STA sends some types of 802.11 frames they expect an immediate response frame. To reserve time for this expected response the original transmitting STA enters a NAV timer value in its frame Duration field. This value represents the number of microseconds that other STAs must wait before they can start their contention process (i.e. part of the virtual carrier-sense procedure). Sending the response frame will complete the cycle that WiFi devices use to determine that the intended recipient of the frame has indeed received it.
In this lab you will locate and chart the number of microseconds in the Duration field for several types of 802.11 frames. It will be useful to know this as we discuss the various frame types in our lectures.
Lab Worksheet
1. In Wireshark, open the
DCFLabN.pcap
trace file which you downloaded from the course page earlier.
· Three major panes of information should be visible – at the top you should see a list of captured frames, in the middle should be details for the currently selected frame and on the bottom will appear the raw data from the frame.
· If you cannot see one of these areas clearly, slide the bars up or down to reveal the sections – we’ll definitely need to see the middle one .
2. Turn your attention to the list of frames (the top area) and by looking in the Info column, find the Authentication frame and click on it.
3. In the middle area expand the IEEE 802.11 Authentication header section and locate the Duration:
field.
· This field is showing 314 which means other STAs are not allowed to transmit for at least 314 microseconds – of course, the only exception would be the STA who would normally be expected to respond to the frame.
4. Follow the same procedure to determine the
Duration
value for each of the following frame types – enter the
Duration
value for each of the frame types shown into the following table
· The
314
value for the Authentication frame in the
DCFLabN.pcap
trace file has already been recorded in this chart.
· If you see more than one frame of a given type, see if the value is the same for each one.
DCFLabN.pcap
|
Frame Type
|
Duration
|
Beacon frame
|
0
|
Probe Request
|
336
|
Probe Response
|
314
|
Acknowledgement
|
0
|
Authentication
|
314
|
Association Request
|
76
|
Association Response
|
314
|
Disassociate frame
|
0
|
5. Open the
DCFLabB.pcap
file and fill in the following table – for every one of the 17 frames in the file determine the source (EnGenius or Router or Unknown), destination (EnGenius, Router or Broadcast) and duration value (note: the first frame has been filled in for you as an example):
DCFLab
B
.pcap
|
Frame #
|
Frame Type
|
Source
|
Destination
|
Duration
|
1
|
Probe Request frame
|
EnGenius
|
Broadcast
|
336
|
2
|
Probe Response frame
|
Router
|
EnGenius
|
314
|
3
|
Probe Response frame
|
Router
|
EnGenius
|
314
|
4
|
Acknowledgement
|
Unknown
|
Linksys
|
0
|
5
|
Beacon frame
|
Router
|
Broadcast
|
0
|
6
|
Beacon frame
|
Router
|
Broadcast
|
0
|
7
|
Beacon frame
|
Router
|
Broadcast
|
0
|
8
|
Acknowledgement
|
Unknown
|
EnGenius
|
0
|
9
|
Authentication
|
Router
|
EnGenius
|
314
|
10
|
Acknowledgement
|
Unknown
|
Router
|
0
|
11
|
Association Request
|
EnGenius
|
Router
|
235
|
12
|
Association Response
|
Router
|
EnGenius
|
314
|
13
|
Acknowledgement
|
Unknown
|
Router
|
0
|
14
|
Beacon frame
|
Router
|
Broadcast
|
0
|
15
|
Beacon frame
|
Router
|
Broadcast
|
0
|
16
|
Beacon frame
|
Router
|
Broadcast
|
0
|
17
|
Disassociate
|
EnGenius
|
Router
|
0
|
6. When comparing the numbers from two files, were there any of the same field that had different Duration settings between the files?
DCFLabN.pcap had an Association Request of 76 milliseconds in duration, whereas, DCFLabB.pcap had an Association Request of 235 milliseconds.
7. If so, why do you think they are different? If not, what does this suggest?
8. Some of the Duration fields have a value of 0 (zero) – does this mean that other STAs can immediately transmit their frames?
9. If so, why? If not, why not?
10.Based on the frame types visible in these examples, develop a theory as to what activity is going on in each of the two capture files (feel free to look up what the various frame types are). We’re not expecting you to guess perfectly here – we’re looking to see if you’ve given it some quality thought. An example response would be similar to the following: This capture file shows the client requesting a web page from a server, the server responding to the request and sending the web page, and the client acknowledging receipt of the web page.
DCFLabB.pcap
DCFLabN.pcap