CWNA Chapter 9 Lab Directions

Download as pdf or txt
Download as pdf or txt
You are on page 1of 4
At a glance
Powered by AI
The document discusses how to analyze wireless network traffic using a packet analyzer and view different wireless frames such as beacon frames, probe requests, authentication frames, and data frames.

Beacon frames are broadcast by access points and contain information about the network. They can contain the SSID, supported rates, timestamp, and other capabilities. Using a packet analyzer, individual sections of a beacon frame can be expanded to view details.

A probe request is a broadcast frame sent by a client to discover available networks, while a probe response is a unicast frame sent by an access point in response to a probe request with information about the network. A null probe request does not contain an SSID while a directed one specifies a particular SSID.

CWNA Chapter 9 Lab Directions

Lab Exercise 9.1


Viewing Beacon Frames
1. To perform this exercise, you need to download and save the CWNA-CH9.PCAP file

2. After the file is downloaded, you will need packet analysis software to open the file. If
you do not already have a packet analyzer installed on your computer, you can download
Wireshark from www.wireshark.org.

3. Using the packet analyzer, open the CWNA-CH9.PCAP fi le. Most packet analyzers display
a list of capture frames in the upper section of the screen, with each frame numbered
sequentially in the first column.

4. Click on one of the first eight frames. All of these frames are beacon frames.

5. After selecting one of the beacon frames, in the lower section of the screen, browse
through the information found inside the beacon frame body. You can expand a section
by clicking on the plus sign next to the section.

Lab Exercise 9.2


Understanding Probe Requests and Probe Responses
1. To perform this exercise, you need to use the CWNA-CH9.PCAP file

2. After the file is downloaded, you will need packet analysis software to open the file. If
you do not already have a packet analyzer installed on your computer, you can download
Wireshark from www.wireshark.org.

3. Using the packet analyzer, open the CWNA-CH9.PCAP file. Most packet analyzers display
a list of capture frames in the upper section of the screen, with each frame numbered sequentially
in the first column.

4. Scroll down the list of frames and click on frame #416, which is a probe request.

5. In the lower section of the screen, look at the SSID fi eld in the frame body and notice that this
is a directed probe request.

6. Click on frame #417, which is a probe response.


7. In the lower section of the screen, browse through the information found inside the frame body
and notice that the information is similar to a beacon frame.
8. Click on frame #253, which is a probe request. Look at the SSID field in the frame body and
notice that this is a null probe request, since it does not contain an SSID value.

9. Click on frames #254, #255, and #256. Notice that there are three probe responses to the null
probe request. Each probe response has a different SSID.

Lab Exercise 9.3

Using Open System Authentication


1. To perform this exercise, you need use the CWNA-CH9.PCAP file.

2. After the file is downloaded, you will need packet analysis software to open the file. If you do
not already have a packet analyzer installed on your computer, you can download Wireshark
from www.wireshark.org.

3. Using the packet analyzer, open the CWNA-CH9.PCAP file. Most packet analyzers display
a list of capture frames in the upper section of the screen, with each frame numbered sequentially
in the first column.

4. Scroll down the list of frames and click on frame #418, which is an authentication request.

5. In the lower section of the screen, look at the 802.11 MAC header and note the source address
and destination address.

6. Click on frame #419, which is an authentication response. Look at the 802.11 MAC header
and note that the source address is the AP’s BSSID and that the destination address is the MAC
address of the client that sent the authentication request. Look at the frame body and note that
authentication was successful.

Exercise 9.4
Understanding Association

1. To perform this exercise, you need to use the CWNA-CH9.PCAP file

2. After the file is downloaded, you will need packet analysis software to open the file. If you do
not already have a packet analyzer installed on your computer, you can download
Wireshark from www.wireshark.org

3. Using the packet analyzer, open the CWNA-CH9.PCAP fi le. Most packet analyzers display
a list of capture frames in the upper section of the screen, with each frame numbered sequentially
in the first column.

4. Scroll down the list of frames and click on frame #420, which is an association request. Look
at the frame body.

5. Click on frame #421, which is the association response. Look at the frame body and note that
the association was successful and that the client received an AID number.

Exercise 9.5
Understanding Reassociation

1. To perform this exercise, you need to use the CWNA-CH9.PCAP file

2. After the file is downloaded, you will need packet analysis software to open the file. If you do
not already have a packet analyzer installed on your computer, you can download Wireshark
from www.wireshark.org.

3. Using the packet analyzer, open the CWNA-CH9.PCAP fi le. Most packet analyzers display
a list of capture frames in the upper section of the screen, with each frame numbered sequentially
in the first column.

4. Scroll down the list of frames and click on frame #658, which is a reassociation request. Look
at the frame body.

5. Click on frame #659, which is the reassociation response. Look at the frame body and note
that the reassociation was successful and that the client received an AID number.

Exercise 9.6
Understanding Acknowledgment

1. To perform this exercise, you need to use the CWNA-CH9.PCAP file

2. After the file is downloaded, you will need packet analysis software to open the file. If
you do not already have a packet analyzer installed on your computer, you can download
Wireshark from www.wireshark.org.

3. Using the packet analyzer, open the CWNA-CH9.PCAP fi le. Most packet analyzers display
a list of capture frames in the upper section of the screen, with each frame numbered sequentially
in the first column.

4. Scroll down the list of frames and click on frame #1499, which is a data frame.
5. Observe the frame exchanges between frame #1500 and frame #11178. Notice that all
the unicast frames are being acknowledged by the receiving station.

Exercise 9.7
Using Data Frames

1. To perform this exercise, you need to use the CWNA-CH9.PCAP file

2. After the file is downloaded, you will need packet analysis software to open the file. If you do
not already have a packet analyzer installed on your computer, you can download Wireshark
from www.wireshark.org.

3. Using the packet analyzer, open the CWNA-CH9.PCAP file. Most packet analyzers display
a list of capture frames in the upper section of the screen, with each frame numbered sequentially
in the first column.

4. Scroll down the list of frames and click on frame #2001, which is an unencrypted simple data
frame. Look at the frame body and notice the upper-layer information such as IP addresses and
UDP port. This information is visible because no encryption is being used.

5. Click on frame #689, which is a null function frame. Look at the 802.11 MAC header. Look in
the Frame Control field and note that the Power Management bit is set to 1. The AP will now
buffer the client’s traffic.

You might also like