802'11B Wireless Network Sniffer Mid Term Report

1
802.11B Wireless Network Sniffer Mid Term Report

• Guy Shalev
• Eyal Nave
• Project Instructor Yoram Yihyie

2
Project Goals

• Getting Familiar with 802.11b Linux
  environment.
• Compiling a Linux Driver for specified wireless
  network card.
• Patching the Linux Kernel with this driver.
• Expanding the drivers capabilities to allow
  sniffing reporting all the wireless packet
  headers that the card receives.
• Writing a User Interface for the Sniffer.

3
Project Description

• This project purpose is to create a sniffer for a
  wireless network, based on the 802.11B protocol.
• The software in the project should support Avaya
  / Orinoco Wireless 802.11B LAN PC Card in the
  Linux operating system. The main purpose of the
  sniffer is to report statistics and parameters of
  the data flowing through access point of a nearby
  network.

FOR MORE INFO...
www.comnet.technion.ac.il/cn12w03
4
What is Wireless Networking?

• Wireless networking is one of several ways to
  connect computers to each other. It creates a
  network by sending radio-frequency signals
  between computers in order to share information.
• This can make networking extremely easy,
  especially if you have computers in various
  locations. It also makes it a whole lot simpler
  to move computers around. For example, a laptop
  with a wireless network card is completely
  portable.

5
Wireless Networking Diagram
6
IEEE 802.11 vs. 802.3

• Similarity
• Same LLC (Logical Link Control). There in no
  differences for upper layer protocol
• Differences
• WLAN is not private (not protected)
• WLAN is exposed to more distractions (environment
  problems)
• Reflectors
• Changes in strength on the Rx signal in small
  position change
• Moving object can change the wave signal
• Other infrared devices overlap the Tx path.
• Etc

7
IEEE 802.11 vs. 802.3 (cont)

• Differences (cont.)
• Mobility
• The WLAN user can move from one place to another
  big advantage. But it cause internal
  complexity. Roaming between access points and
  between different IP networks (Mobile IP or
  DHCP).
• Servers and services need to be changed (Printer,
  Proxy server, file server, etc)
• IEEE 802.11 PHY has NO collision detection
• IEEE 802.3 use collision detection algorithm.
• IEEE 802.11 use collision avoidance algorithm.

8
Wireless Network Sniffing

• In order to gather information on the traffic in
  a wireless network, the MAC layer protocol needs
  to be changed, so it wont dump packages not sent
  specifically to him (or multicast packets).
• The Wireless sniffer needs to receive all the
  packets that are being transmitted on the
  wireless channel and that are heard by the
  wireless network card.
• Please note that not all Wireless Network cards
  support the feature described above which is also
  called promiscuous mode.
• Further more the MAC layer needs to store all the
  packets it receives in a database ( preferred on
  a disk and not in memory).

9
Why Linux Avaya / Orinoco ?

• In order to achieve all the requirements
  specified above, the driver of the Wireless
  Network card needs to be changed.
• The procedure that is called each time a packet
  arrives, needs to be changed in order to store
  the data to disc.
• Also the Network card needs to be inserted into
  promiscuous mode on initialization.
• Therefore Linux operating system was chosen (Open
  Source Drivers).
• Not all network cards support promiscuous mode.
  Currently Avaya Orinoco claim that their cards
  do!

10
Software Design

• The Wireless Network driver is patched in order
  to store all the packets that arrive.
• A GUI ( Graphical User Interface) Application
  reads the data from the log file displays it to
  the user.
• The separation described above is done in order
  to avoid bottlenecks in the driver.
• The drivers priority isnt changed the GUI is a
  regular process that parses the data displays
  it in several modes.

11
Current Status Vs. Goals

• Getting Familiar with 802.11b Linux
  environment. - done
• Compiling a Linux Driver for specified wireless
  network card. - done
• Patching the Linux Kernel with this driver.
  done
• Expanding the drivers capabilities to allow
  sniffing reporting all the wireless packet
  headers that the card receives. partial
  success. Currently we can only see packets that
  were sent to the NIC not all the packets on the
  channel.
• Writing a User Interface for the Sniffer.
  started implementation . The GUI is written in
  C using Qt as the Graphical Library. This
  provides Multi Platform Support for the GUI -
  future projects???

12
Related Documents

• Project Specifications
• http//www.comnet.technion.ac.il/cn12w03/archive/
  project20specifications.pdf
• Project Journal
• http//www.comnet.technion.ac.il/cn12w03/archive/
  Journal.doc
• Intel Wireless Overview
• http//www.comnet.technion.ac.il/cn12w03/archive/
  IEEE_802.11_WLAN.ppt