WLAND

Wireless LAN Detection

Overview

 

The deployment and use of IEEE 802.11 wireless LANs (WLANs) has grown dramatically over the past few years. The presence of a wireless infrastructure within a network, however, raises security and performance issues. It is crucial for network administrators to know the extend of wireless network usage, identify wireless traffic, and detect unauthorized wireless traffic.

 

We develop a novel methodology to detect TCP flows that traverse a 802.11 wireless network using measurements collected passively at the edge of a large network. We propose a passive measurement technique called TCP ACK-pair, which exploits both the TCP protocol and the random access mechanism of WLAN to differentiate Ethernet and WLAN TCP flows. Informally, an ACK-pair refers to two ACKs generated in response to data packets that arrived close in time at the measurement point.

 

Due to the prevalence of short TCP flows, the number of ACK-pairs in most TCP flows are not large enough to eliminate the overlap of median inter-ACK time distribution of ACK-pairs between Ethernet and WLAN. Therefore, we propose a classification scheme to calculate the fraction of wireless TCP flows and the belief that a TCP flow traverses a WLAN inside the network. The core of this classifier is an iterative Bayesian inference algorithm that we developed to obtain the maximum likelihood (MLE) of the above values.

 

We prove that our iterative inference algorithm converges to the unique MLEs and can handle any general two-class classification problem given the marginal distributions of these two classes. Numerical and experimental evaluations demonstrate that our classification scheme obtains accurate results. We apply the classifier to various traces collected at a monitoring point placed at the gateway router of the University of Massachusetts, Amherst (UMass) campus network. Application of the technique in UMass suggests that between 11\--14\% of all TCP flows entering the UMass campus traverse a 802.11 wireless link within the campus. We also detect wireless usage in areas that are not covered by the official wireless infrastructure.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Overlap between Ethernet and WLAN

Performance of the Iterative Bayesian Inference Algorithm

Papers

 

· Identifying 802.11 Traffic from Passive Measurements Using Iterative Bayesian Inference
Wei Wei, Sharad Jaiswal, Jim Kurose, Don Towsley
IEEE INFOCOM 2006, April 23-29, 2006, Barcelona.

· Identifying 802.11 Traffic from Passive Measurements Using Iterative Bayesian Inference
Wei Wei, Sharad Jaiswal, Jim Kurose, Don Towsley
UMass CMPSCI Technical Report 2005-47.

 
  Wei Wei's Home Page

Measurement Setting