WLAN_AP_background-hide
Download
Report
Transcript WLAN_AP_background-hide
網路實驗安裝無線區域網路網卡以及架設AP
授課教師: 侯廷昭 教授
1
Outline
實驗目的與設備
實驗所需相關知識
WLAN技術
WEP技術
NAT技術
iptables
DHCP技術
Bridge
2
Outline
實驗目的與設備
實驗所需相關知識
WLAN技術
WEP技術
NAT技術
iptables
DHCP技術
Bridge
3
實驗目的與設備
實驗目的
熟悉IEEE 802.11 無線區域網路通訊協定
在Linux作業系統上安裝Wireless LAN card
將PC設定為具有橋接器 (Bridge)和NAT (Network
Address Translation)功能的Access Point (AP)
將PC設定為具有加密 (WEP)功能的Access Point
4
實驗目的與設備
實驗設備
個人電腦一部
無線區域網路網卡
Linux OS 2.6
乙太網路網卡一張
Public IP address
測試電腦
5
Outline
實驗環境與設備
實驗所需相關知識
WLAN技術
WEP技術
NAT技術
iptables
DHCP技術
Bridge
6
實驗所需相關知識-WLAN
Stimulated by availability of unlicensed spectrum
U.S. Industrial, Scientific, Medical (ISM) bands
902-928 MHz, 2.400-2.4835 GHz, 5.725-5.850
GHz
IEEE 802 Family Tree
7
實驗所需相關知識-WLAN
IEEE 802.11 Standards
8
實驗所需相關知識-WLAN
Nomenclature
Distribution System: a logical component of 802.11
used to forward frames to their destinations
Access Points: perform the wireless-to-wired bridging
function
Wireless Medium
Stations
9
實驗所需相關知識-WLAN
Basic Service Set (BSS)
Group of stations that coordinate their access using a
given instance of MAC
Located in a Basic Service Area (BSA)
Stations in BSS can communicate with each other
Distinct collocated BSS’s can coexist
10
實驗所需相關知識-WLAN
Types of Networks
Independent networks (indep. basic service set,
IBSS), also known as ad hoc networks.
Infrastructure networks
11
實驗所需相關知識-WLAN
Infrastructure BSS
Two advantages for infrastructure networks
The mobile stations need not to maintain neighbor
relationships.
Access points assist with stations attempting to
save power
In an infrastructure network, stations must associate
with an AP to obtain network services. (equivalent to
plug in the network cable)
12
實驗所需相關知識-WLAN
Extended Service Set
An extended service set (ESS) is created by chaining
BSSs together with a backbone network (or distribution
System, DS)
All the access points in an ESS are given the same
service set identifier (SSID), which serves as a network
"name" for the users
13
實驗所需相關知識-WLAN
14
實驗所需相關知識-WLAN
Overlapping Network Types
18
實驗所需相關知識-WLAN
802.11 Network Operations
802.11 is sometimes referred to as "wireless Ethernet”
Stations are identified by 48-bit IEEE 802 MAC
addresses.
Conceptually, frames are delivered based on the MAC
address.
Frame delivery is unreliable, though 802.11
incorporates some basic reliability mechanisms to
overcome the inherently poor qualities of the radio
channels it uses
19
實驗所需相關知識-WLAN
Physical Carrier Sensing
Virtual Carrier Sensing at MAC sublayer
Analyze all detected frames
Monitor relative signal strength from other sources
Source stations informs other stations of transmission
time (in msec) for an MPDU (MAC PDU)
Carried in Duration field of RTS & CTS & DATA
Stations adjust Network Allocation Vector to indicate
when channel will become idle
Channel busy if either sensing is busy
20
實驗所需相關知識-WLAN
Distributed Coordination Function (DCF)
provides basic access service
Asynchronous best-effort data transfer
All stations contend for access to medium
CSMA-CA
Ready stations wait for completion of transmission
All stations must wait Interframe Space (IFS)
DIFS
Contention
window
PIFS
DIFS
SIFS
Busy medium
Defer access
Next frame
Wait for
reattempt time
Time
21
實驗所需相關知識-WLAN
Frame Structure
MAC Header: 30 bytes
Frame Body: 0-2312 bytes
CRC: CCITT-32 4 bytes CRC over MAC header &
frame body
2
2
Frame
Control
Duration/
ID
MAC header (bytes)
6
6
Address
1
Address
2
6
2
6
0-2312
4
Address
3
Sequence
control
Address
4
Frame
body
CRC
22
實驗所需相關知識-WLAN
Frame Control (1)
Protocol version = 0
Type: Management (00), Control (01), Data (10)
Subtype within frame type
Type=00, subtype=association; Type=01, subtype=ACK
MoreFrag=1 if another fragment of MSDU to follow
2
2
Frame
Control
Duration/
ID
MAC header (bytes)
6
6
Address
1
Address
2
2
2
4
Protocol
version
Type
Subtype
1
6
2
6
0-2312
4
Address
3
Sequence
control
Address
4
Frame
body
CRC
1
1
1
1
1
1
1
To From More
Pwr More
Retry
WEP Rsvd
DS DS frag
mgt data
23
實驗所需相關知識-WLAN
Frame Control (2)
Retry=1 if mgmt/control frame is a retransmission
Power Management to put station in/out of sleep mode
More Data =1 to tell station in power-save mode more
data buffered for it at AP
WEP=1 if frame body encrypted
2
2
Frame
Control
Duration/
ID
MAC header (bytes)
6
6
Address
1
Address
2
2
2
4
Protocol
version
Type
Subtype
1
6
2
6
0-2312
4
Address
3
Sequence
control
Address
4
Frame
body
CRC
1
1
1
1
1
1
1
To From More
Pwr More
Retry
WEP Rsvd
DS DS frag
mgt data
24
Outline
實驗環境與設備
實驗所需相關知識
WLAN技術
WEP技術
NAT技術
iptables
DHCP技術
Bridge
25
實驗所需相關知識-WEP
WEP: Wired Equivalent Privacy
WEP requires the use of the RC4 cipher (stream cipher)
Generic Stream Cipher Operation
26
實驗所需相關知識-WEP
Most stream ciphers operate by taking a relatively short
secret key and expanding it into a pseudorandom
keystream the same length as the message.
The pseudorandom random number generator (PRNG)
is a set of rules used to expand the key into a keystream.
27
實驗所需相關知識-WEP
WEP Data Processing
28
實驗所需相關知識-WEP
WEP Framing
IV header: 24-bit IV
pad =0
key id identifies the default key that was used to encrypt the
frame.
up to 4 default keys
ICV: a 32-bit CRC of the data frame.
29
實驗所需相關知識-WEP
Key Distribution
The WEP key must be distributed to all stations.
Typically you type keys into your device drivers or AP
by hand.
Key cannot be considered secret
If keys are accessible to user, then all keys must be changed
whenever staff members leave the organization.
Publish the key
In Aug. 2001, S Fluhrer, I. Mantin, & A. Shamir
describe a theoretical attack on WEP.
30
Outline
實驗環境與設備
實驗所需相關知識
WLAN技術
WEP技術
NAT技術
iptables
DHCP技術
Bridge
31
實驗所需相關知識-NAT
Class A, B, and C addresses have been set aside for use within private
internets
Packets with private (“unregistered”) addresses are discarded by routers
in the global Internet
NAT (RFC 1631): method for mapping packets from hosts in private
internets into packets that can traverse the Internet
A device (computer, router, firewall) acts as an agent between a private
network and a public network
A number of hosts can share a limited number of registered IP addresses
Static/Dynamic NAT: map unregistered addresses to registered addresses
Overloading: maps multiple unregistered addresses into a single registered
address (e.g. Home LAN)
32
實驗所需相關知識-NAT
Address Translation Table:
192.168.0.10; x 128.100.10.15; y
192.168.0.13; w 128.100.10.15; z
192.168.0.10;x
Private Network
192.168.0.13;w
128.100.10.15;y
NAT
Device
Public Network
128.100.10.15; z
Hosts inside private networks generate packets with private IP address &
TCP/UDP port #s
NAT maps each private IP address & port # into shared global IP address
& available port #
Translation table allows packets to be routed unambiguously
33
iptables
iptables是一個已經發展許久的軟體,主要的功
能是在IPv4的環境中建立防火牆,根據事先設
定好的防火牆規則去處理每一個進來的封包,
做出相對應的動作,這些動作稱為Target,有
可能是接受(ACCEPT)、丟棄(DROP)等。
iptables也被使用於建立NAT伺服器。
34
iptables structure
iptables structure
35
Iptables Rules/Chains
不管使用哪一種防火牆,基本上都是設定防火牆規則( Rules )來規
範封包的處理。
Iptables將不同的規則集合起來,放進不同的鏈(Chains)中以備查用。
Iptables有五個內建鏈(Built-in Chains),分別是﹕PREROUTING、
INPUT、OUTPUT、FORWARD與POSTROUTING
INPUT與OUTPUT,用於對那些與本機處理(Local Process)相關的
封包
對於一個從網路界面傳入的封包,如果它是送給本地端的封包才算是
INPUT,至於將從一個網路界面送出的封包,如果這個封包是從本地
端產生的才算是OUTPUT
那些與傳入/傳出本機無關的封包,則是屬於FORWARD (既不是
INPUT也不是OUTPUT)
PREROUTING是在接收封包後,還未做路由判斷之前做規則的檢查
POSTROUTING則是針對即將送出的封包(做完FORWARD或是
OUTPUT檢查後)做規則檢查
36
Options
-t【列表名稱】
-A【檢查點】
攔截規則3,指定封包的目的地為設定的IP位址時,才會被攔截。
-j【Target名稱】
攔截規則2,指定封包的來源地為設定的IP位址時,才會被攔截。
-d【IP位址】
攔截規則1,指定從某個介面接收的封包才會被攔截。
-s【IP位址】
新增或是刪除規則,新增為A (Add),刪除為D (Delete)。後面接的檢查點可以是五個內
建鏈的其中一項。
-i【介面名稱】
每ㄧ規則都有存放規則的列表,在Iptables中存在三種列表,mangle、nat與filter列表,但
在Ip6tables中並沒有nat的列表。Mangle列表主要存放關於修改封包的規則,nat列表主要
存放關於架設NAT伺服器做的IP位址轉換之用,filter列表用來做封包的過濾。
j指的是Jump,當設定的規則全部符合時,就把封包攔截下來,並使用參數後面指定的
Target為處理動作
--oif【介面名稱】
Oif指的是Outgoing Interface,這是ROUTE Target才能使用的參數,用來設定封包的導出
介面。
37
Outline
實驗環境與設備
實驗所需相關知識
WLAN技術
WEP技術
NAT技術
iptables
DHCP技術
Bridge
38
實驗所需相關知識-DHCP
Dynamic Host Configuration Protocol (RFC 2131)
BOOTP (RFC 951, 1542) allows a diskless workstation to
be remotely booted up in a network
UDP port 67 (server) & port 68 (client)
DHCP builds on BOOTP to allow servers to deliver
configuration information to a host
Used extensively to assign temporary IP addresses to hosts
Allows ISP to maximize usage of their limited IP addresses
39
實驗所需相關知識-DHCP
DHCP Operation
Host broadcasts DHCP Discover message on its physical network
Server replies with Offer message (IP address + configuration
information)
Host selects one offer and broadcasts DHCP Request message
Server allocates IP address for lease time T
Sends DHCP ACK message with T, and threshold times T1
(=1/2 T) and T2 (=.875T)
At T1, host attempts to renew lease by sending DHCP Request
message to original server
If no reply by T2, host broadcasts DHCP Request to any server
40
實驗所需相關知識-DHCP
DHCP server: 223.1.2.5
DHCP discover
arriving
client
src : 0.0.0.0, 68
dest.: 255.255.255.255,67
yiaddr: 0.0.0.0
transaction ID: 654
DHCP offer
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 654
Lifetime: 3600 secs
DHCP request
time
src: 0.0.0.0, 68
dest:: 255.255.255.255, 67
yiaddrr: 223.1.2.4
transaction ID: 655
Lifetime: 3600 secs
DHCP ACK
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 655
Lifetime: 3600 secs
41
Outline
實驗環境與設備
實驗所需相關知識
WLAN技術
WEP技術
NAT技術
iptables
DHCP技術
Bridge
42
實驗所需相關知識-Bridge
Operation at data link level
must deal with
Difference in MAC formats
Difference in data rates; buffering; timers
Difference in maximum frame length
Network
Network
LLC
LLC
MAC
802.3
802.3
802.11
802.11
MAC
PHY
802.3
802.3
802.11
802.11
PHY
802.3
CSMA/CD
802.11
CSMA/CA
43
實驗所需相關知識-Bridge
Bridge/switch vs. router
both store-and-forward devices
routers: network layer devices (examine network layer headers)
switches are link layer devices
routers maintain routing tables, implement routing algorithms
switches maintain switch tables, implement filtering, learning
algorithms
44
Kernel network parameters
/proc/sys/net
/proc/sys/net/ipv4/ip_forward
是否要核心轉送封包
預設是關閉的
45