assessing the completeness of wireless-side tracing mechanisms (wowmom 2007)

8/3/2019 Assessing the Completeness of Wireless-side Tracing Mechanisms (WoWMoM 2007)

http://slidepdf.com/reader/full/assessing-the-completeness-of-wireless-side-tracing-mechanisms-wowmom-2007 1/23

Assessing the Completeness of

Wireless-side Tracing Mechanisms

Aniket Mahanti, Martin Arlitt, Carey Williamson

Department of Computer Science

University of Calgary, Canada



Slide 2 of 22

Introduction

Global usage of WiFi has increasedsignificantly over the years.

The surge in popularity of WLANs motivates

the study of how such networks are used. Wireless measurement can help in:

Network planning

Improving QoS Addressing RF DoS attacks, hidden node

problems etc.



Slide 3 of 22

Wireless Trace Collection

WirelessRouter

EthernetSensorWireless

Laptops

WirelessPDAs

AP

AP

WLAN

DATA

FRAMES

WirelessSensor

WirelessLaptops

WirelessPDAs

AP AP

WLAN

Wired-side Measurement Wireless-side Measurement



Slide 4 of 22

Pros and Cons

Wired-side Measurement

Does not captureManagement and Controlframes.

Replaces the MAC header.

Supplementary informationrequired for complete WLANanalysis (e.g., SNMP polls,syslog).

Relatively easy to deploy.

Incurs low measurement loss.

Wireless-side Measurement

Captures all wireless frametypes.

Captures the completewireless MAC header.

No supplementaryinformation required.

Relatively complicated to deploy; requires use of multiple distributed sensors.

Could incur high measurement loss, if the deployment is not correct.



Slide 5 of 22

Objectives

1) Examine three different methods forestimating the completeness of wirelesstraces. (Passive Measurement)

2) Examine the effect of placement of wirelesssensors on the completeness of wireless

traces. (Active Measurement)



Slide 6 of 22

Objectives






Slide 7 of 22

Passive Measurement Methodology

We collected WLAN traces using a specialized tracecapture program called Airopeek.

Airopeek works in conjunction with a networkadapter to capture wireless frames.

We used an off-the-shelf adapter called 802.11

Remote Distributed Sensor that can capture all802.11 a/b/g frames at a remote location.

The sensor plugs into an Ethernet LAN and sendscopies of UDP encapsulated captured frames backto Airopeek running on any network accessiblecomputer.



Slide 8 of 22

Qualitative Assessment of Captured

Traces

Accurate determination of frames missed bythe sensor is a non-trivial task.

We have to rely on the existing data set to

infer the number of missed frames.

We examine three methods for estimatingnumber of missed frames:

Beacon method MAC sequence number method

ACK method



Slide 9 of 22

Beacon Method

Most APs transmit beacons at fixed intervals.

By taking the difference between thetheoretical total count and captured count of

beacon frames over a time period, we canestimate the beacon miss ratio .

It is a simple method to calculate, and can

quickly indicate if there is a serious problemwith the completeness of the trace.



Slide 10 of 22

Sequence Number Method

All data and management frames have asequence number in the MAC header.

Sequence numbers vary from 1 to 4095, after

which the counter wraps.

By counting the gaps in the sequencenumbers of frames captured by a sensor, we

can estimate the frame miss ratio .



Slide 11 of 22

ACK Method

All data frames and certain managementframes are acknowledged at the data linklayer.

ACK frames have the address of the senderin the MAC header.

By counting the number of ACK frames for

which there were no corresponding dataframes, we can estimate the frame miss ratio .



Slide 12 of 22

Test Environment

Test trace was collected from the computer sciencedepartment WLAN (single channel 802.11/b/g)distributed across three floors (5th,6th, and 7th floors).

A single stationary sensor was placed on thetopmost floor to potentially capture frames from all 7

APs. We consider an AP-centric deployment where the

sensor is placed close to an AP. This allows thesensor to have a perspective of the WLAN similar tothe viewpoint of the AP.

We apply all three methods to the same trace togauge their accuracy.



Slide 13 of 22

Beacon Miss Ratio

Time

30/4 1/5 2/5 3/5 4/5 5/5

PercentageofMissedBeacons

0

20

40

60

80

100

Time

30/4 1/5 2/5 3/5 4/5 5/5

PercentageofMissedBeacons

0

20

40

60

80

100

Bad Case (AP2)

Results highlight influence of traffic intensity and time ofday in the frame capture process.

It helps us understand the “wall penetration” of

monitored APs.

Good Case (AP1)



Slide 14 of 22

Frame Miss Ratio (Sequence Number Method)

Bad Case (AP2)

Frame miss ratio = 58%

Time

30/4 1/5 2/5 3/5 4/5 5/5

Perc

entageofMissedFrames

0

20

40

60

80

100

To-AP

From-AP

Time

30/4 1/5 2/5 3/5 4/5 5/5

Perc

entageofMissedFrame

s

0

20

40

60

80

100

Good Case (AP1)




Slide 15 of 22

Frame Miss Ratio (ACK Method)

Bad Case (AP2)


Time

30/4 1/5 2/5 3/5 4/5 5/5

PercentageofMissedFram

es

0

20

40

60

80

100

To-APFrom-AP

Time

30/4 1/5 2/5 3/5 4/5 5/5

PercentageofMissedFram

es

0

20

40

60

80

100

Good Case (AP1)


ACK method does not correctly identify the bad case.

If both DATA and ACK frames are missing in the trace,the ACK method fails.



Slide 16 of 22

Sequence Number Method Complications

General Issues Sequence numbers are

not reset when a clientswitches from one AP

to another. We observed a high

number of frameretransmissions in the

To-AP direction.

Vendor-specificimplementation issues

D-Link APs usedseparate sequence

numbers perassociated station.

For several Intel NICsthe sequence numbers

of consecutive framessent were notsequential.



Slide 17 of 22

Objectives






Slide 18 of 22

Determining Sensor Placement

We were interested in determining at what distance the

capture capability of the sensor reduces to zero. We conducted a UDP Ping experiment, where a mobile

wireless client sends ping packets to a stationary serveron the wired-side of the network. The ping packet, ifreceived, is returned by the server to the client.

A stationary sensor is allowed to capture the packetsexchanged between the client and server, via an AP.

By varying the position of the client with respect to thesensor we can quantify the operating range of the

sensor. Several trials of the experiments were conducted at

different points of interests (called loci) on the 7th and 6th floors of the department.



Slide 19 of 22

Loci7th FLOOR

Sensor

1

2 3

4

5

9

AP

Locus North

6th FLOOR

6

8

7

AP

AP AP



Slide 20 of 22

Metrics

Signal Strength - the RF energy of a signal asexperienced by the sensor. We calculate this fromthe wireless packet trace captured by thesensor/Airopeek.

Miss Probability - the average miss ratio for n trials.We calculate this from the UDP Ping logs from theserver and client (Each ping packet has a distinctsequence number embedded in its payload).

CRC Error Probability – the probability that a framecaptured by the sensor is corrupt. We calculate thisfrom the wireless packet traces captured by thesensor/Airopeek.



Slide 21 of 22

Active Measurement Results

Locus

1 2 3 4 5 6 7 8 9

SignalStrength(%)

0

20

40

60

80

100

To-AP

From-AP

Locus

1 2 3 4 5 6 7 8 9

MissProbability

0.0

0.2

0.4

0.6

0.8

1.0

Locus

1 2 3 4 5 6 7 8 9

CRC

Erro

rProbability

0.0

0.2

0.4

0.6

0.8

1.0

SignalStrength

Miss Probability

CRC Error

Probability Loci 1-5, 9:Horizontal Plane

Loci 6-8:Vertical Plane



Slide 22 of 22

Summary and Conclusions

We examined three different methods (beacon, ACK, andsequence number) for estimating the completeness ofwireless traces.

The methods differ in the features they examine, their simplicity,and their accuracy. We found the sequence number method to bethe most accurate, although its implementation is complicated bythe idiosyncrasies of different wireless devices.

We also examined the placement of sensors within WLANenvironments, with the goal of improving the completeness ofthe collected traces, while minimizing the number of sensorsneeded.

We found that placing sensors in locations where the signalstrength of client-AP communication is at least 40% results inrelatively complete traces with a few sensors.



Slide 23 of 22

Sequence Number Vs. ACK Example

Using sequencenumber method wefind there are three missed data frames .

Using ACK methodwe find no missing data frames as their

corresponding ACKframes are alsomissing.

Type From To Seq #Frame

4 ACK AP S2

6 ACK AP S1

14 ACK S2 AP

Type From To Seq #Frame

10 ACK S1 AP

8 ACK S1 AP

2 ACK AP S1

20 ACK AP S1

18 ACK S1 AP

16 ACK S1 AP

12 ACK AP S2

19 DATA S1 AP 102

17 DATA AP S1 1004

15 DATA AP S1 1003

13 DATA AP S2 1002

11 DATA S2 AP 501

9 DATA AP S1 1001

7 DATA AP S1 1000

5 DATA S1 AP 101

3 DATA S2 AP 500

1 DATA S1 AP 100

Grey: Captured

White: Missed

assessing the completeness of wireless-side tracing mechanisms (wowmom 2007)

Documents