802.11 MAC layer sniffer using spoof detection algorithm / Azwan Abdul Satar

The explosive growth of 802.11 networks has coincided with increased presence of security treat to these networks. A large portion of these treats are in the form of spoof attacks. Spoof attacks involve with impersonation of authorized network client to access network resource or to launch malicious...

Full description

Bibliographic Details
Main Author: Abdul Satar, Azwan
Format: Thesis
Language:English
Published: 2007
Online Access:http://ir.uitm.edu.my/id/eprint/9294/
http://ir.uitm.edu.my/id/eprint/9294/1/TD_AZWAN%20ABDUL%20SATAR%20CS%2007_5.pdf
Description
Summary:The explosive growth of 802.11 networks has coincided with increased presence of security treat to these networks. A large portion of these treats are in the form of spoof attacks. Spoof attacks involve with impersonation of authorized network client to access network resource or to launch malicious code. If security measures in wireless network are not without doubts, it is worsen by its performance. Radio interference, attenuation, channel overlapping, sharing of bandwidth and overhead of the wireless protocol are known to degrade wireless network performance. This paper present a wireless sniffer monitoring tool, as well as the analysis and development process of constructing it. The goal is to design a wireless sniffer that can automatically detect spoofing and provide simple network statistic. The wireless sniffer implements sequence number-based spoofing detection algorithm in its processing. The information provided on both security and connectivity problem of wireless network can be generated by sniffing real-time frames capture using wireless adaptor or automation of log analysis on static pcap file. The testing of the wireless sniffer prototype was evaluated against four wireless traffic simulations under normal, spoofing, AP misconfiguration, high loss and retransmitted fi-ames conditions. The result of these tests showed that the wireless sniffer was able to identify all normal gap, spoofing, high gap between successive frames, out of order and retransmit frames. Furthermore, at the end of its execution, the sniffer provide simple network statistic allowing user to detect abnormal fraffic such as high gap between successive frames sequence number or high percentage of retransmitted frames send by a source. This indicates that the wireless network may have been misconfigured or some station may suffer from availability and connectivity issues. These characteristics of the wireless sniffer, provides a foundation for development of more advance monitoring tool that explicitly leveraging on the sequence number field in IEEE 802.11 MAC header.