Title: Written by
1Jigsaw Solving the Puzzle of Enterprise 802.11
Analysis
- Written by
- Yu-Chung Cheng, John Bellardo, Peter Benko, Alex
C. Snoeren, Geoffrey M. Voelker and Stefan Savage
Analysis by Carlos Troncoso CS388 Wireless
Security
2Common problems in production Wireless Networks
- Conflicts with nearby wireless devices
- Bad AP channel assignments
- Microwave ovens interference
- Bad interaction between TCP and 802.11
- Rogue access points interference
- Poor choice of APs (weak signal)
- Incompatible user software/hardware
3Sounds Familiar?
- Helpdesk receives a phone call
- User my Internet connection is flaky
- Support What happened?
- User Well Internet got disconnected and now it
is very slow - SupportOK, let me check here
- User Wait!..waitits working now.
4Goal of Jigsaw
- To develop a deeper understanding of the dynamics
and interactions in production wireless networks
by reconstructing their behavior in its entirety.
5Jigsaw
- Provides a single, unified view of all physical,
link, network, and transport-layer activity on a
802.11 production network.
6Wireless traffic measure challenges
- Ambient environmental interference
- Senders transmit power
- Distance to the receiver
- Strength of any simultaneous transmissions on
nearby channels heard by the same receiver - MAC (Media Access Control) protocol
- Traffic is based on TCP protocol that carries a
set of complex dynamics
7Methodology
- Large-scale monitoring infrastructure deploying
hundreds of radio monitors to gather traffic
activity over the Wireless network (covering
around 1million cubic feet) - These monitors feed the centralized system Jigsaw
to produce a precise global picture of the
network activity.
8Methodology (continued)
- Large-scale Synchronization achieved through a
passive algorithm that synchronizes the hundreds
of simultaneous traces - Frame Unification achieved by combining and
merging duplicate traces to construct a single
trace - Multi-Layer Reconstruction achieved by
reconstructing raw frame data into a complete
trace with all link and transport-layer
conversations.
9Media Access Control
- 802.11 protocol uses the CSMA/CA (Carrier Sense
Multiple Access with Collision Avoidance) to
schedule and retry transmissions - CSMA/CA has the hidden node problem
10Hidden Node problem
- Creates co-channel interference from other
transmitters - Finding
- CSMA/CA uses special RTS/CTS (Request to
Send/Clear to Send) frames to handle this problem - Hidden nodes are handled by Jigsaw (with
exceptions)
B
?
Laptop
A
A sends data and Laptop sends an ACK
Hidden NodeA sends data, Laptops reception is
interfered by B
11Previous Related Work
- Researches measured traffic using less monitoring
nodes - Previous efforts focused on separate channels, or
focused on small number of traces - The Jigsaw approach focuses on large-scale online
monitoring and complete multi-layer
reconstruction.
12Data Collection
- Environment
- Hardware
- Software
Department of Computer Science and Engineering
University of California, San Diego
13Environment
- Study was done at the Universitys CS building
- 4 story building
- 500 users with 10 to 100 active client
connections
14Hardware
- 2.8 GHz Pentium Server with 2 TB of Storage
- 40 sensor pods used for wireless infrastructure
- 4 radios in each sensor pod to capture all
channels, timestamp, errors, etc.
15Software
- Pebble Linux and MadWifi driver for each monitor
- Driver modified to capture even corrupted frames
and physical errors - Jigdump application to manage data capture
16Trace Merging
- Trace merging is necessary to produce a coherent
description of combined traces.
17Trace Merging Requirements
- Synchronization monitors timestamps by properly
synchronizing all frames to a common reference
time - Unification minimizes duplicate traces
- Efficiency trace merging executes faster than
real time radios
18Bootstrap synchronization
- Method finds set of reference points to
synchronize the radios - All clocks run at the same rate and Jigsaw system
places each frame into a universal time by
adjusting its timestamp - Methodology allows frames on one channel to be
related to timestamps on another
19Unification
- After bootstrap synchronization, Jigsaw processes
traces by time and unifies duplicate frames
(instances) into single data structures called
jframes
20Jigsaw trace jframe
21Unification (continued)
- Basic unification a linear scan is performed to
group instances with the same timestamp - Clock adjustment because radio clocks skew over
time, jigsaw takes advantage of the unification
method and resynchronizes each trace - Managing skew and drift if sensors do not detect
frames in common, then jigsaw relies in the local
clock of the radio sensor to assign a timestamp
22Link and transport reconstruction
- After constructing a global view of the physical
events, the next step is to reconstruct the link
and transport layer traffic.
23Link-Layer inference L2
- Jigsaw identifies each transmission attempt from
the sender and records subsequent responses - MAC address are used to group frames to check
whether transmission requests are being delivered
successfully or not - Jigsaw uses frame sequence number to reference
groups of frames, but also deduces the presence
of missing frames based on subsequent behavior of
sender and receiver
24Transport inference L4
- The transport analysis takes frame exchanges as
input and reconstructs TCP flows based on the
packet headers - By capturing TCP ACKs, Jigsaw can record even the
omitted frames shown in the packet
25Coverage
- Obtaining effective coverage for all
transmissions is an evident challenge - Monitors need to be precisely placed and properly
configured to capture ALL data - 97 of traffic was covered in this Jigsaw
implementation
26Analysis
- Global perspective provided by the distributed
monitors - Trace summary
- Interference
- 802.11g protection mode
- TCP loss rate inference
27Trace Summary
- High level characteristics of trace by collecting
traffic from active APs - Average of three observations made for every
frame in the network - Finding management traffic (beacon, ARP)
consumes 10 of the channel at a given time
28Interference
- Simultaneous transmission that causes frame loss
Red color shows an example of physical
interference caused by a Microwave oven
Instantly detects and tags interference
29802.11g Protection mode
- Protection policy is extremely conservative
- Reduces performance
- Should only be used when 802.11b is present
30TCP loss rate inference
- The TCP reconstruction algorithm is used to
assemble all flows that complete a handshake. - TCP loss is dominant over physical traffic
31Present
- Jigsaw is an attempt to attain a high level of
detailed analysis - Jigsaw unifies traces from multiple passive
wireless monitors to reconstruct a global view of
network activity - Jigsaw is only the building block to answer the
questions - Why is the network malfunctioning?
- How do I fix it?
32Future
- Real-time system for automated detection and
evaluation of poor network performance - Identifies problem flows and isolates potential
causes of poor performance
33