PCAP Creation for Duration Analysis

Pcaps created for this project were intentionally not generated by any sort of highly automated process. Captures were created of all cards being powered on and searching for a network before joining. After joining they loaded between 4 and 20 webpages. In one database (G-wrt54g) the capture was run explicitly until 5000 packets had been received (representing the high end of data sampled). The results generated were not significantly better than those databases where the packet captures were stopped in an ad-hoc manner using less data.

The implications of these considerations is that the prints currently created are not strictly representative of clients that are already associated to a network. These prints best represent the behavior of clients around a small window of time centered on them associating to a network. Though this period of time is not very packet-intensive, a lot of important information is gleaned from the duration values contained in the management frames that are exchanged. When implementing this technique in the wild the best thing to do is probably only examine packets exchanged within a window around client association. Merely sampling packets once association has happened will not yield as diverse results.