Welcome to our new WiFi Ninjas Podcast episode!
This a second part of our protocol analysis discussion with Jedi Grandmaster
Peter MacKenzie!
A bit about Peter:
- CWNE #33
- Head of Technical
Operations at MarQuest Limited
- Graduated from the
University of Hull with a 1st class honours degree
- Co-author of the CWAP
study guide published by Wiley
- Member of the CWNE
Board of Advisers
Do we still call you Peter? We see Jim Palmer is
trying to find a new nickname for you 😀
- Peter Packets?
- Sir sniff a lot
- The Duke of Frames
- Peter McPacketface
A bit about MarQuest limited: – http://www.marquest.com/
- MarQuest’s customer
base includes large organisations across several sectors such as finance,
education, government, retail and legal services. Operating from UK offices in
Beverley (Yorkshire) and Oxford, we provide services and solutions to all
national regions. Our international reputation for technical excellence has led
to global provision of services and product supply to countries in mainland
Europe, North America and APAC countries (including India and Australia).
Protocol Analysis
- What is protocol
analysis
- Capturing tools
- Capture location and
duration
- Capture on a single
channel, multiple channel, 1SS, 2SS, etc.
- Roaming in captures
- Capture and display
filters, colouring, columns, etc.
- Decryption procedures
- Other tools: WLAN
scanners and discovery tools, captures visualisation and stats
- Centralised captures
and monitoring, alerting and forensic tools
- Tshoot framework:
Define, scale, causes, capture, analyse, observe, remedy, document
Spectrum Analysis
- What is spectrum
analysis
- Spectrum analysis
tools and views
- Noise and SNR
- Locate and identify
WiFi and non-WiFi interferers based on their RF signature
- Duty cycle vs spectrum
utilisation
- CCI vs ACI –
understand impact of channel interference on WiFi performance
- Identify 802.11 PHYs
looking at FFT
PHY Layers and Technologies
- PLCP and PMD sublayers
- PHY technologies in
captures: PHY headers, preambles, training fields, frame aggregation and data
rates
- Pseudo-headers: RSSI,
rate, MCS, duration, channel, properties, noise, etc.
- Protocol analysers
limits: supported PHYs, SS, SGI, etc.
MAC Sublayer and Functions
- Frame encapsulation
and frame aggregation
- MAC Frame Format
- 802.11 Management
Frame Formats
- Data and QoS Data
Frame Formats
- 802.11 Control Frame
Formats
- BSS config: country
code, rates, beacons, WMM, RSN, HT/VHT/HE, channels, SSID name, CRC
WLAN Medium Access
- Distributed
Coordination Function (DCF): carrier sense, energy detect, NAV, contention
window, random backoff and spacing
- Enhanced Distributed
Channel Access (EDCA)
- Wi-Fi Multimedia (WMM)
- Analyse QoS
configuration and operations: captures and end-to-end implementation
802.11 Frame Exchanges
- Discovery,
authentication, association
- EAP and PSK auth
- 4-way handshake
- Roaming optimisations
(802.11r, v and k) and considerations (sticky clients, excessive roaming)
- ACK, RTS/CTS, QoS
Data, Block ACK
- Analyse HT/VHT/HE
specific transmission methods
- MIMO, TxBF, MU-MIMO,
MRC
- Frame aggregation
(A-MSDU and A-MPDU)
- Power Saving
operations
- Protection mechanisms
- Band Steering
Thanks for listening and enjoy! And comment. And shout if you like it or don’t like it
or if you’d like us to talk about anything specific in future episodes!
With tons of love x,
WiFi Ninjas