Uninformed: Informative Information for the Uninformed

Current v9 v8 v7 v6 v5 v4 v3 v2 v1 All About
Vol 5» 2006.Sep


Next: What is in a Up: Fingerprinting 802.11 Implementations via Previous: Physical and Virtual Carrier   Contents


Statistical Analysis of Duration Field

As mentioned in chapter 3, the duration field is a 16 bit value which describes how long the station that currently has access to the medium intends to keep it, after the current transmission. Even though the duration field is 16 bits wide, it only takes on a few discrete values. Common values are 0 (for packets that are not acknowledged such as management frames broadcast during a Contention Period), and the time it takes for a SIFS (Short Interframe Spacing) interval plus an acknowledgment, used in transmitting unicast data frames.

Variables that can affect the duration field include some parameters of the local Basic Service Set specified in a beacon's fixed flags field. These include short slot time, short pre-amble, and of course, the data rates supported. The net result of this is that ideally a unique fingerprint for a given implementation would be taken across all possible variations of these parameters. For this work, four databases were created. The databases currently have human-friendly names (the name of the AP used to create them). In the future, the number of databases will grow large enough that an algorithmic naming scheme (rates-flags for example) will be employed.

Since the performance of this technique varies with the parameters of the Basic Service Set with which it is associated, a brief introduction to the four networks it was developed and tested against is given below.


Table 4.1: Summary of databases created

\begin{table} \begin{center} \begin{tabular}{\vert l\vert l\vert p{2.0in}\ver... ...eamble) \\ \hline \par \hline \end{tabular} \end{center} \end{table}% WIDTH=575 HEIGHT=102


Table 4.1 represents data about the four WLANs on which all experiments in this chapter were performed. They were chosen to give a good estimate of real world network deployments. Lexie is a b-only Cisco aironet 350 . Mixed-wrt54g is a rev5 Linksys wrt54g running in mixed mode. Mixed-Airplus is a D-link DI-524, and G-wrt54g is a rev5 Linksys wrt54g in g-only mode. The models of the Access Points used are mentioned to give the reader some sense of market representation. The databases generated from each AP are not tied to that specific AP. Clients should respond identically in any BSS with the same set of parameters listed above.


Subsections
Next: What is in a Up: Fingerprinting 802.11 Implementations via Previous: Physical and Virtual Carrier   Contents