WiFi Troubleshooting & Performance Monitoring

Slides:



Advertisements
Similar presentations
Doc.: IEEE /0018r0 Submission January 2010 Alexander Tolpin, Intel CorporationSlide 1 4 –Way Handshake Synchronization Issue Date:
Advertisements

IEEE i IT443 Broadband Communications Philip MacCabe October 5, 2005
Analysis and Improvements over DoS Attacks against IEEE i Standard Networks Security, Wireless Communications and Trusted Computing(NSWCTC), 2010.
Wireless Security Ryan Hayles Jonathan Hawes. Introduction  WEP –Protocol Basics –Vulnerability –Attacks –Video  WPA –Overview –Key Hierarchy –Encryption/Decryption.
WPA2 By Winway Pang. Overview  What is WPA2?  Wi-Fi Protected Access 2  Introduced September 2004  Two Versions  Enterprise – Server Authentication.
VoIP Packets In the Air and Over the Wire J. Scott Haugdahl CTO
1. There are different assistant software tools and methods that help in managing the network in different things such as: 1. Special management programs.
Chapter Nine The Session Layer. Objectives We’ll see how a new session is created, maintained, and dismantled. The process of logon authentication will.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
Wireless LAN Security. Security Basics Three basic tools – Hash function. SHA-1, SHA-2, MD5… – Block Cipher. AES, RC4,… – Public key / Private key. RSA.
Doc.: IEEE /551r0 Submission September 2002 Moore, Roshan, Cam-WingetSlide 1 TGi Frame Exchanges Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget.
IEEE i Aniss Zakaria Survey Fall 2004 Friday, Dec 3, 2004
Shambhu Upadhyaya Security – Key Hierarchy Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 11)
Csci388 Wireless and Mobile Security – Key Hierarchies for WPA and RSN
Doc.: IEEE /008r0 Submission January 2003 N. Cam-Winget, D. Smith, K. AmannSlide 1 Proposed new AKM for Fast Roaming Nancy Cam-Winget, Cisco Systems.
Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.
Doc.: IEEE /657r0 Submission August 2003 N. Cam-WingetSlide 1 TGi Draft 5.0 Comments Nancy Cam-Winget, Cisco Systems Inc.
1 © 2004, Cisco Systems, Inc. All rights reserved. Wireless LAN (network) security.
Erik Nicholson COSC 352 March 2, WPA Wi-Fi Protected Access New security standard adopted by Wi-Fi Alliance consortium Ensures compliance with different.
Doc.: IEEE /1426r02 Submission NameAffiliationsAddressPhone ChengYan FengZTE Corporation No.800, Middle Tianfu Avenue, Hi-tech District,
Module Overview Overview of Wireless Networks Configure a Wireless Network.
Protocols and layering Network protocols and software Layered protocol suites The OSI 7 layer model Common network design issues and solutions.
Technology Requirements for Online Testing Training Module Please refer to the revision log on the last slide of this presentation, updated August.
Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.
Module 48 (Wireless Hacking)
Robust Security Network (RSN) Service of IEEE
Cognitive Wi-Fi.
CSE 4905 WiFi Security II WPA2 (WiFi Protected Access 2)
History and Implementation of the IEEE 802 Security Architecture
Re-evaluating the WPA2 Security Protocol
Solving Real-World Problems with Wireshark
Data Link Layer Flow Control.
Wireless Protocols WEP, WPA & WPA2.
Advanced Troubleshooting with Cisco Prime NAM-3: Use Case
Lecture 29 Security in IEEE Dr. Ghalib A. Shah
Module 10: Managing and Monitoring Network Access
WEP & WPA Mandy Kershishnik.
WUR Reconnection Usage Model
Configuring and Troubleshooting Routing and Remote Access
A Wireless LAN Security Protocol
Advanced Penetration testing
3 | Analyzing Server, Network, and Client Health
802.1X and key interactions Tim Moore November 2001
CWNA-107 Practice Test
CWNP CWNA-107 Exam Braindumps
Chapter 24 Wireless Network Security
Wireless LAN Security 4.3 Wireless LAN Security.
Advanced Penetration testing
Advanced Penetration testing
Mesh Security Proposal
Wireless Network Security
PEKM (Post-EAP Key Management Protocol)
July 2002 Threat Model Tim Moore Tim Moore, Microsoft.
Security for Measurement Requests and Information
Jesse Walker and Emily Qi Intel Corporation
Security for Measurement Requests and Information
Roaming Keith Amann, Spectralink
Fast Roaming Compromise Proposal
Rekeying Protocol Fix Date: Authors: Month Year
Roaming timings and PMK lifetime
Fast Roaming Compromise Proposal
Fast Roaming Compromise Proposal
Roaming timings and PMK lifetime
Tim Moore Microsoft Pejman Roshan Nancy Cam-Winget Cisco Systems, Inc
Overview of Improvements to Key Holder Protocols
WJEC GCSE Computer Science
Active Roaming & Fast Roaming Not the Same
Roaming timings and PMK lifetime
What’s New In WatchGuard Wi-Fi Cloud v8.6
Advanced Penetration testing
Presentation transcript:

WiFi Troubleshooting & Performance Monitoring Case Study : Troubleshooting wireless issues via Mojo Aware - Asvin

Case studies In this session, we will cover how Mojo Aware helped system administrators to identify following issues in corporate environment: Scenerio1: Wireless connection is lost when the wireless session times out in Windows 7 or Windows Server 2008 R2 Scenerio2: Issues with clients staying connected to an Access Point that has bad signal (Sticky Clients)

Case Study: Window 7 Clients loses WiFi connectivity Vertical: SME branch office Problem Wireless connection is lost when the wireless session times out in Windows 7 or Windows Server 2008 R2 Flag Mojo Aware flagged Invalid MIC failure on dashboard Cause Win 7 clients randomly introduce invalid MIC causing Mojo AP’s to reject M2 messages

Learning Objectives User impact of random client disconnection Problem Statement Detailed description of EAPOL 4-Way handshake functionality Symptoms Cause How Mojo Aware quickly identifies Invalid MIC failures and promptly alerts administrator

User Impact of the Problem Few minutes disruption of WiFi during office hours Issue occurs randomly on Windows 7 laptop Takes nearly 1 to 2 mins for the laptop to reconnect to wireless network

Debugging “Invalid MIC failure” Problem Statement Few minutes random disruption of WiFi Windows 7 clients connecting to wireless networks configured with WPA2 and session timeout may get disconnected during the key exchange after re- authentication Over the air, M1 and M2 packet retried several times causing delay in reconnection AP logs during problem:

EAPOL 4-way Message in detail (M1) Apply display filter EAPOL-Key messages using “eapol.keydes.type == 2” wireshark display filter. Message 1 (M1) Authenticator sends EAPOL-Key frame containing an ANonce(Authenticator nonce) to supplicant. With this information, supplicant have all  necessary input to generate PTK using pseudo-random function(PRF)

EAPOL 4-way Message in detail (M2) Message 2 (M2) Supplicant sends an EAPOL- Key frame containing SNonce to the Authenticator. Now authenticator has all the inputs to create PTK. Supplicant also sent RSN IE capabilities to Authenticator & MIC Authenticator derive PTK & validate the MIC as well.

EAPOL 4-way Message in detail (M3) Message 3 (M3) If necessary, Authenticator will derive GTK from GMK. Authenticator sends EAPOL- Key frame containing ANonce, RSN-IE & a MIC. GTK will be delivered (encrypted with PTK) to supplicant. Message to supplicant to install temporal keys.

EAPOL 4-way Message in detail (M4) Message 4 (M4) Supplicant sends final EAPOL-Key frame to authenticator to confirm temporal keys have been installed. From this point onwards data frame will be encrypted using PTK or GTK (depending upon unicast or multicast/broadcast frame)

Symptoms This issue occurs when a Windows 7-based computer is connected to a wireless network by using the WiFi- WPA2 protocol and the wireless access point (AP) starts a new exchange of WPA2 keys. In the four-way handshake, the Windows 7-based computer sends a Message 2 (M2) with an invalid message integrity check (MIC) Note This issue may occur every 12 hours or more frequently, and it takes one minute to regain the network connectivity. 

Cause This issue occurs because the WPA2 key context is not set correctly before the four-way handshake rekeys. Certain variables are not reset after the previous four-way handshake. This causes the secure bit to be set incorrectly and the stale Pairwise Transient Key (PTK) to be used to calculate the MIC in the M2 key messages. APs reject the M2 messages because of these errors.

Root cause analysis Microsoft confirmed this bug and fixed in Hotfix Win7 release. https://support.microsoft.com/en-in/kb/3094412 Win7 laptop required above hotfix upgrade.

How Mojo-aware quickly identifies Invalid MIC failures and promptly alerts administrator Mojo Aware pinpoint exact cause of failure and saves administrator time and effort for debugging Wireless capture is saved here!

Aware: Capture for corresponding failure Mojo Aware display exact packet capture during problem statement without applying any display filters!

Mojo Aware advantages Promotes actual cause of issue, not just client connectivity failure Administrator identifies complex EAPOL issues in single glance Save time and debugging effort without using real time wireless sniffer Wireless client failure logs preserved in cloud and can be looked and accessed any time.

Case Study2: Bad signal(Sticky clients) causing network slowness Vertical: SME branch office Problem Issues with clients staying connected to an Access Point that has bad signal (Sticky Clients) Flag Mojo Aware flagged sticky clients on dashboard Cause Clients still have good signal strength to far away AP so do not disassociate

Learning Objectives User impact of bad signal and sticky client Problem statement What is sticky client Symptoms Cause Resolution How Mojo-Aware quickly identifies sticky clients and promptly alerts administrators

User Impact of the Problem Far away clients contend with rising error rates due to the lower signals Overall wireless efficiency of the cell is reduced as clients wait longer than they should for a slower speed client to send its data Key to high performance WiFi network is airtime efficiency Even a small number of sticky clients, using sub- optimal speeds, can very quickly drag down the performance of Wi-Fi network

Debugging “Bad signal and network slowness” Problem Statement Customer reported “Overall network slowness ” Basic file copy operation within the network takes long time to transfer.

Sticky clients and roaming decision Wireless clients tend to hang on to the original access point they associated with, rather than moving to a nearby AP that would generally be a better choice for them. Roaming Decision is a client decision, not a network decision AP don’t tell client when to roam – the network has to respect the wishes and behavior of client devices.

Symptoms Identifying Sticky clients - behavior Do not probe on other channels Probe infrequently Remain associated to an AP even through better Aps are available Transmit on low PHY rate consuming more air

Sticky client end user impact

Sniff capture with sticky client in network Low Data rate Low RSSI

Mojo Aware Mojo Aware quickly identifies sticky clients and promptly alerts administrators to take appropriate action.

Resolution Enable Smart Steering Enable Min Association RSSI Disassociate “Sticky clients” Prevent them from re-associating to the AP Encourage/Force roam to better AP Configured per SSID (Enable/Disable) Enable Min Association RSSI RSSI Threshold Reduce the number of probe/assoc response Prevent clients with RSSI below the threshold from associating

Sniff Capture-After Enabling smart steering Deauth after enabling smart steering

Mojo Aware - After Enabling Smart steering

Mojo Aware Advantages Warns the administrator about network slowness (eg. Sticky client) Ability to quickly identify the WLAN issues Ability to quickly detect total no of sticky or bad clients in the network Ability to isolate problematic clients with complete details include packet captures and system logs for further analysis.

Thank You

Backup slides

EAPOL 4-Way Handshake functionality Process: The AP sends a nonce-value to the STA (ANonce). The client now has all the attributes to construct the PTK. The STA sends its own nonce-value (SNonce) to the AP together with a MIC, including authentication, which is really a Message Authentication and Integrity Code: (MAIC). The AP sends the GTK and a sequence number together with another MIC. This sequence number will be used in the next multicast or broadcast frame, so that the receiving STA can perform basic replay detection. The STA sends a confirmation to the AP.

What is session timeout? Session timeout means that authenticated user session expires in 1800 seconds based on implementation, it is not an activity or idle timeout.  So depending on authentication method, this could cause client to disconnect.

Root cause analysis Microsoft confirmed this bug and fixed in Hotfix Win7 release. https://support.microsoft.com/en-in/kb/3094412 Win7 laptop required above hotfix upgrade. Per Microsoft, this issue can also be mitigated by reducing the EAPOL key retransmission timeout. The issue was first seen with timeout value of 3ms. When reducing this value to 1msec the issue was fixed. Note: Do be aware that reducing this value might negatively impact key negotiations with some very old and slow clients.

How Mojo-aware quickly identifies Invalid MIC failures and promptly alerts administrator Mojo-aware pinpoint exact cause of failure and saves administrator time and effort for debugging

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.