Kyle Pederson NETW360, Ben Brezinski 4/16/12 Lab #7 Hands on Lab Microsoft Network Monitor Introduction and Wireless Frames When we expanded frame 4 the signal strength was -60dbm, the data rate was 1mbps, and the SSID in the beacon frame was Amory. In frame 5, looking at the Hex Details, the BSSID for this access point was 00 15 E9 D1 48. The authentication status in frame 14 was successful. In frame 15, the Association Response status was in a successful state. When we tried to the Microsoft Network Monitor we were unable to pick up any management packets during our capture. SNMP management We were able to successfully ping 10. 7. 8. 80 to verify we had access to the “managed” device. The batch file was set up with the 10. 27. 8. 80 address and had commands to get information from that address. The name of the device was NPIF9460B and the status of it was “ready to print”. After we downloaded the MIB Browser and entered 10. 27. 8. 80 into the address field, we were able to get the sysUpTime which was 830 hours 13 min and 2 sec. Finding rogue access points When using the command “netsh wlan show networks mode=bssid” in the command prompt we were able to identify 17 access points. Out of the 17 access points 11 were not part of the DeVry wireless network.
Using the FindAccessPoints. BAT we were able to identify 18 access points and 12 of them were not part of the DeVry wireless network. Opening the FindAccessPoints. vbs in notepad we were able to see the script and the basis of the script worked around the command netsh wlan show networks mode=bssid. After we set up our Linksys as a rogue access point we had no problem finding it using the batch file. This would be very handy to use at your home network, if you lived in a place where there is many access points, because you could pick up any rogue access points that someone has set up to attempt to capture any of your information.
Logging Here is our log file from our Linksys access point. [pic] Linksys Access point maintenance and troubleshooting The current firmware version of our Linksys access point was 1. 5. 01 and the current time was 2012/04/14 15:42:41. The current status of our access point was: • Report Mode- BG-mixed • SSID- net360 • DHCP- enabled • Channel- 1 Next we were able to backup our current configuration to our PC and then we reset the access point to the factory defaults. The factory defaults were set as: • Report Mode BG-mixed • SSID- Linksys • DHCP- enabled • Channel- 6
Once set as the factory we were able to restore our original configuration by uploading the file we created earlier. As soon as that file uploaded our access point was set up the same as before. This was very straight forward to do and I feel it is a good idea to back up your configuration, just in case the access point gets reset. Wireshark Introduction and Examining Wireless Frames Lab Lab Report 1. Is Wireshark open source or propriety? (7 points) Wireshark is an Open-source program. 2. What is seen in each of the three panes that display the packets seen on a local area network? 7 point) The top pane is the packet list pane that shows each packet on a separate line and has five columns with the following information: the time that the packet came in, source, destination of each packet, the protocol being used with the packet, and information about each packet. The second pane is the tree view pane and it displays the headers of the various protocols captured in the packet and this is displayed in a hierarchal view from physical layer to the application layer. The third pane is the byte view pane that shows the raw data in a hexadecimal format. . What does a display filter do? (7 points) The display filter enables you to filter what you want to view when capturing your packets. So if you wanted to just view the packets that were using the protocol TCP you could filter those out. You can also use expression filters that lets you be more specific in what you want to filter. 4. What does the protocol column show? (7 points) The protocol column shows the highest layer protocol in the frame. 5. How do you expand the details in a layer of the packet in the middle frame? 7 points) To expand the details you must click on the plus sign. 6. In frame 1 what channel is being used? (7 points) Frame 1 is using channel 6. 7. In frame 1 what frequency is being used? (7 points) The frequency being used is 2437MHz. 8. In frame 1 what is the signal level? (7 points) The signal level in frame 1 is 11. 9. What type of frame is frame 1? (7 points) Frame 1 is a broadcast initiation frame to the access point 10. In frame 1 what is the beacon interval in milliseconds? (7 points) The beacon interval is 102. 4ms.