Untitled

8. Most of the following questions are taken from the Wireshark labs accompanying the book. Download http://www-net.cs.umass.edu/wireshark-labs/Wireshark_802.11_ v7.0.pdf and follow its instructions. Answer the questions on this sheet. You do not have to print packets or parts thereof. Use the trace file Wireshark_802_11.pcap to answer the questions.

8.1.  (1 point) What are the SSIDs of the two access points that are issuing most of the beacon frames in this trace?
- SVAR: The two acres points are:
    - Tag: SSID parameter set: linksys_SES_24086
        - Tag Number: SSID parameter set (0)
        - Tag length: 17
        - SSID: linksys_SES_24086
    - Tag: SSID parameter set: 30 Munroe St
        -     Tag Number: SSID parameter set (0)
        -     Tag length: 12
        -     SSID: 30 Munroe St

8.2.  (1point) What are the intervals of time between the transmissions of the beacon frames the linksys_ses_24086 access point? From the 30 Munroe St access point? (Hint: this interval of time is contained in the beacon frame itself).
- SVAR: IEEE 802.11 wireless LAN management frame
    - Beacon Interval: 0.102400 [Seconds]

8.3. (1 point) What (in hexadecimal notation) is the source MAC address on the beacon frame from 30 Munroe St? Recall from Figure 6.13 in the text that the source, destin- ation, and BSS are three addresses used in an 802.11 frame. For a detailed discussion of the 802.11 frame structure, see section 7 in the IEEE 802.11 standards document (cited above).
- SVAR: Source address: Cisco-Li_f7:1d:51 (00:16:b6:f7:1d:51)

8.4.  (1point) What(in hexadecimal notation)is the destination MAC address on the beacon  frame from 30 Munroe St?
- SVAR: Destination address: Broadcast (ff:ff:ff:ff:ff:ff)

8.5.  (1 point) What (in hexadecimal notation) is the MAC BSS id on the beacon frame from 30 Munroe St?
- SVAR:  BSS Id: Cisco-Li_f7:1d:51 (00:16:b6:f7:1d:51)

8.6.  (1point) The beacon frames from the 30 Munroe St access point advertise that the access point can support four data rates and eight additional “extended supported rates.” What are these rates?
- SVAR: Tag: Supported Rates 1(B), 2(B), 5.5(B), 11(B), [Mbit/sec]
- Tag: Extended Supported Rates 6(B), 9, 12(B), 18, 24(B), 36, 48, 54, [Mbit/sec]


8.7.  (3 points) Find the 802.11 frame containing the SYN TCP segment for this first TCP session (that downloads alice.txt). What are three MAC address fields in the 802.11 frame? Which MAC address in this frame corresponds to the wireless host (give the hexadecimal representation of the MAC address for the host)? To the access point? To the first-hop router? What is the IP address of the wireless host sending this TCP segment? What is the destination IP address? Does this destination IP address correspond to the host, access point, first-hop router, or some other network-attached device? Explain.
- SVAR:
	Time for the TCP SYN into the trace is =  [Time since reference or first frame: 24.811093000 seconds]
	The source address of the TCP SYN is = Source address: IntelCor_d1:b6:4f (00:13:02:d1:b6:4f)
	The destination address, the first hop router, of the TCP SYN is = Destination address: Cisco-Li_f4:eb:a8 (00:16:b6:f4:eb:a8)
	The destination IP address is = 128.119.245.12
	The MAC BSS is = BSS Id: Cisco-Li_f7:1d:51 (00:16:b6:f7:1d:51)


 8.10.  (1 point) Examine the trace file and look for AUTHENTICATION frames sent from the host to an AP and vice versa. How many AUTHENTICATION messages are sent from the wireless host to the linksys_ses_24086 AP (which has a MAC address of Cisco_Li_f5:ba:bb) starting at around 𝑡 = 49?
- SVAR: frame.time_relative == 49.638857


8.11.  (1 point) Does the host want the authentication to require a key or be open?
- SVAR: The host wants it to be open. Authentication Algorithm: Open System (0)


8.12.  (1 point) Do you see a reply AUTHENTICATION from the linksys_ses_24086 AP in the trace?
- SVAR: No, the receiver address wlan.ra == 00:18:39:f5:ba:bb never reply.