ITRAINONLINE MMTK WIRELESS TROUBLESHOOTING
Contents
1. B d SSIDs Ft buss ft default Hik linksys Bf Filters Sf Encryption Off rE Encryption On jh ESS AP P IBSS Peer A CF Pollable p Short Preamble A PBCC Short Slot Time 119 amp f Default SSID gt Ready 3 APs active GPS Disabled Us Figure 1 Netstumbler GUI Source http upload wikimedia org wikipedia en 9 95 Netstumbler jpg In the example Figure 1 we can see that there are three SSID present default linksys buss in just two channels 2 and 6 Two of the access points are operating in the g standard of 54 Mbps default and buss and one in bp WEP encryption is enable in the network with SSID buss All networks are listened with good SNR ratios SNR gt 10 dB Netstumbler is a passive software that eavesdrops wireless traffic from the network Not all the wireless card will allow you to monitor wireless traffic promiscuously before you install Netstumbler check out that your wireless card is supported 13_en mmtk_wireless_troubleshooting_handout odt 5 Created 22 December 2005 Available online from http www itrainonline org itrainonline org mmtk 6 Scenario 2 Congested Network Flooding If you want to get a general overview of the type of IP connections that are active in your wireless network you can use the Unix program EtherApe in your wired gateway EtherApe allows you to monitor the incoming and outcoming connections routed i2. len 48 58 10 942145 194 109 209 218 85 226 127 250 SSH Encrypted response packet len 80 60 10 943307 194 109 209 218 85 226 127 250 SSH Encrypted response packet len 32 62 10 965336 194 109 209 218 85 226 127 250 SSH Encrypted response packet len 32 64 11 006237 194 109 209 218 85 226 127 250 TCP ssh gt 57273 ACK Seq 1232 Ack 512 Win 2408 Len 0 TSV 174561060 TSER 19936194 69 13 444443 194 109 209 218 85 226 127 250 TCP pop3 gt 50947 ACK Seq 82 Ack 11 Win 5792 Len 0 TSV 174561670 TSER 19938672 70 13 445691 194 109 209 218 85 226 127 250 POP Response OK Password required for aep 78 17 028874 85 226 127 250 TCP pop3 gt 50947 ACK Seq 114 Ack 21 Win 5792 Len 0 TSV 174562566 TSER 19942216 92 26 990988 o de 94 26 992657 85 226 127 250 POP Response L 96 27 017190 85 226 127 250 TCP pop3 gt 50947 ACK Seq 192 Ack 22 Win 5792 Len 0 TSV 174565062 TSER 19952247 z b Flags OxO018 PSH ACK Window size 5792 scaled Checksum 0x4695 correct X Options 12 bytes NOP NOP Time stamp tsval 174565056 tsecr 19942216 7 Post Office Protocol gt ERR AUTH aep access denied r n Response ERR Response Arg AUTH aep access denied 0000 00 12 fO 62 b7 f7 00 O2 17 29 b4 00 08 00 45 00 b 0010 00 57 32 4a 40 00 36 06 a8 32 c2 6d dl da 55 e2 W2J 6 2 m U 0020 7f fa 00 6e c7 03 27 47 a4 fe 52 35 d3 4e 80 18 0030 05 a8 46 95 00 00 01 O1 08 Oa Oa 67 a6 cO 01 30 F g 0040 4b 48 2d 45 52 52 20 Sb 41 5
3. 5 54 48 Sd 20 22 61 KH ERR AUTH a 0050 65 70 22 3a 20 61 63 63 65 73 73 20 64 65 6e 69 ep acc ess deni 0060 65 64 2e Od Oa ed File tmp etherXXXX8sCEeW 11 KB 00 00 32 P 102 D 23 M 0 Drops 0 Just to show how powerful Ethereal can be for troubleshooting in the example Figure 3 we can see the level of detail that can be obtained from Ethereal e After capturing traffic from the network we can apply a filter ip src 194 109 209 218 to filter all packets coming FROM the mail POP server green box e After filtering all the packets we can see the traffic exchange between the mail server and our client violet Traffic marked as TCP indicates the connection renegotiation known as TCP handshake traffic parked as POP3 corresponds to the Application POP3 mail retrieval e We can select individual packets of the POP3 Session and see the presence of ERR AUTH aep access denied With this information we can determine that the connection from our client to the mail server takes place the POPS server is running and the problem takes place when authenticating An authentication problem can result from a client or a server side problem the client sending the wrong password or the server not being able to validate the password correctly 13_en mmtk_wireless_troubleshooting_handout odt 7 Created 22 December 2005 Available online from http Avww itrainonline org itrainonline org mmtk 8 Conclusions The five
4. EEE 802 11b that require very specific monitoring troubleshooting tools 4 Tools for troubleshooting Nslookup dig Ntop Visualroute traceroute Nmap Ethereal See Scenario 3 Etherape See Scenario 2 Netstumbler See Scenario 1 Kismet Vendor specific management tools O OOO OT E 13_en mmtk_wireless_troubleshooting_handout odt 4 Created 22 December 2005 Available online from http Avww itrainonline org itrainonline org mmtk 5 Scenario 1 Radio Interferences Occupied Channels There is a not simple and cheap way to monitor all the parameters involved in the physical layer of your wireless network When troubleshooting the radio you will always use tools that talk with the wireless cards and retrieve a limited set of that information for you By using a program like Netstumbler a wireless cards acts as a simple spectrum analyser that can scan for existing networks their signal to noise ratio modulation technique and operation mode Netstumbler gathers all that information in a easy to use interface 4 Network Stumbler 20060108140249 p 10l x Fie Edit view Device Window Help 18 x Co bed Eaa Channels Mac SSID Name Chan Speed Vendor_ Type Enc SNF Signal Noise ee 2 000F3038195E default 2 54Mbps AP 18 82 100 18 H 6 000F6694AE99 linksys 6 11 Mbps Linksys AP 19 80 100 20 000FE6E1DC43 buss 6 54 Mbps Linksys AP WEP 34 3 100 63
5. ITRAINONLINE MMTK WIRELESS TROUBLESHOOTING HANDOUT Developed by Alberto Escudero Pascual IT 46 Table of Contents 1 ADOUTTHIS COCUMOM N A E E A acted tin 1 1 1 Copyright information ccccccsssssecessesseeeeseeseesssneeceseesssnssnsaeeseenesnsaseseeceeneseeseeseeneassneeassneeseneaneeceaneaseneaneanees 1 Aee eE a E R 1 2 AMODUCHONasiiatttidh ta diuniiaddiddval aa hihaddided aie Reed Gide ae 2 S Method Ol0Gy tata ate Aa aiwaa aaa anion aaa ana aus 2 Sd Top down trou DIGSHOOTING csecsen aa Nadia Waidiew ini tanieaielinnade deen 2 3 2 Middle top middle down troubleShOoting c ccccceseeseseseseesneeeseecseeeenseeeneetsaeensatensatsnsatsnsatsnsetsnsateneatanees 2 3rd Paciga GRAME oaia wie anid abate died el pedir Madani eaters 3 4 Tools tor troubleShootin Giviisiiirs shite cal a ne nnaaateunaa awa atom ad anlag 4 5 Scenario 1 Radio Interferences Occupied Channels c ccscccssssssssessssescsssecssesccseeceseeessssesesseeessnecsseeseessneesees 5 6 Scenario 2 Congested Network FIOOGING cccsessesessecescesessesnsseeeteesnsseesneaeenesnesseaseieeneseeassneeieeneneeaeaneenenees 6 7 Scenario 3 Why this network service is not working Connection RefUSCC c ccseseseceeestesteasssseeseeteeteeees 7 8 CONCIUSIONS wi cirassa ied chained culeninea ia aia aE anion ie aia Ge 7 1 About this document These materials are part of the ItrainOnline Multimedia Training Kit MMTK The MMTK provides an integrated set of multi
6. iption for computer network communication protocol design The model splits different communication functions into seven different layers that can work independent of each other The Internet protocol design follows a similar structure to the OSI model Each protocol layer only uses the functionality of the layer below and provides functionality only to layers above This structure is of great help when trying to troubleshoot a problem as it helps us to isolate where the problem is located The first thing that we always need to do when things go wrong is to try to identify in which layer the problem appears and which layer that is the cause of the problem For example users will always complain that an application x is not working OSI Layer 7 but the cause of the problem can be in any of the layers below For example it can be related to lack of radio signal OSI Layer 1 or lack of IP address OSI Layer 3 Layer Os TCP IP 7 Application Application 6 Presentation 5 Session Transport TCP 4 Transport 3 Network Network IP 2 Data Link Media Access Control 1 Physical Table 1 OSI model versus TCP IP protocol suite 3 Methodology Depending on the information that we have in advance we can take two approaches 3 1 Top down troubleshooting When there is a problem top down troubleshooting starts by checking the application s configuration settings and finishes by chec
7. k service is not working Connection Refused If you need to have a closer look to what is happening for a specific type of traffic you might consider installing Ethereal Ethereal will allow you to capture ALL the traffic that is passing by your interface and be able to examine the traffic flows and the bits and bytes of every transaction Ethereal is very useful to monitor e packet loss in TCP connections that is normally an indication of a congested network collisions etc e round trip times that is an indication of your network latency High round trip times inside of your wireless network is an indication of high level of channel utilization or packet collisions e protocol errors errors that are not normally visible to the user as inappropriate authentication duplicate IP addresses network unreachable ICMP flooding etc See Advanced Networking Figure 3 Troubleshooting POP3 Mail Problems with Ethereal ic Untitled Ethereal l 5X File Edit View Go Capture Analyze Statistics Help Sl Gt et Sxe B er2PFE OE aaan BMEX F W citer Jip sre 194 109 209 218 expression Yclear Y Apply No Time Source Destination Protocol Info 50 10 824243 194 109 209 218 85 226 127 250 SSH Encrypted response packet len 48 53 10 847516 194 109 209 218 85 226 127 250 SSH Encrypted response packet len 64 55 10 889052 194 109 209 218 85 226 127 250 SSH Encrypted response packet
8. king whether there is wireless interference or a low signal level in the radio receiver 3 2 Middle top middle down troubleshooting When there is a problem this approach starts by checking whether there is IP connectivity to the requested service or the border router and depending on the result attempts to troubleshoot the layers below or above 13_en mmtk_wireless_troubleshooting_handout odt 2 Created 22 December 2005 Available online from http Avww itrainonline org itrainonline org mmtk This approach is the most popular ping lt the service gt ping lt the router gt Unfortunately most of the time this only helps to identify who to blame rather than troubleshooting the actual problem If ping to the border router fails then we can blame the wireless carrier if ping to the service fails then we can blame the international carrier If none of them fail then we blame the user or the operative system Whatever approach we take to troubleshooting a problem it is important that we are familiar with the tools that are appropriate when analysing each of the functional layers of our network The ultimate goal of having a methodology is that it will allow you to describe troubleshooting procedures and be able to identify which problems that require higher levels of expertise 3 3 Practical example Let s take an example to illustrate the approach If someone calls you and screams can not read my Hotmail you need
9. main issues you should remember from this unit can be summarized as 1 The more you know about how things work the easier to troubleshoot when they do NOT work 2 To understand a problem is not the same that solving a problem 3 Try to apply a logical methodology when things go wrong rather then doing things in random order 4 Whatever approach we take to troubleshooting it is important to be familiar with the tools that are appropriate when analysing each of the functional layers of the network 5 When identifying problems in the wireless media we can use two types of tools the ones that work with any IEEE 802 11b compliant product and those that come with every specific vendor 13_en mmtk_wireless_troubleshooting_handout odt 8 Created 22 December 2005 Available online from http Avww itrainonline org itrainonline org mmtk
10. media training materials and resources to support community media community multimedia centres telecentres and other initiatives using information and communications technologies ICTs to empower communities and support development work 1 1 Copyright information This unit is made available under the Creative Commons Attribution NonCommercial ShareAlike 2 5 Sweden To find out how you may use these materials please read the copyright statement included with this unit or see http creativecommons org licenses by nc sa 2 5 se 1 2 Degree of Difficulty The degree of difficulty of this unit is Medium with some additional Advanced parts All Advanced sections are marked with a red frame to make the reader aware of a higher degree of difficulty 13_en mmtk_wireless_troubleshooting_handout odt 1 Created 22 December 2005 Available online from http Avww itrainonline org itrainonline org mmtk 2 Introduction This unit proposes a methodological approach to the troubleshooting of wireless networks The main problem of troubleshooting any communication network is to identify what is going on when things go wrong Rather than rebooting everything that is attached to a power cord or blaming the weather conditions we propose to follow the OSI model to try to find out the cause of the problem The OSI Open Systems Interconnection Reference Model created by ISO International Standards Organization is an abstract descr
11. nto your wireless It can help you not only to identify the type of IP traffic present and the distribution of traffic between your nodes but also how dynamic your network is By observing the traffic graphs with the software you will be able to detect viruses scanning your clients or the present of heavy peer to peer or FTP traffic There are similar softwares and more sofisticated protocol analysers also under MS Windows AirDefense Scrutinizer SolarWinds etc but few of them are free if any Etherape File Edit View Settings oO 8s New Open Save Help Protocols DOMAIN XWINDOWS TECHET UDP_UNKNOWN www IMAP2 NETBIOS_NS TCP_UNKNOWN HTTPS Number of nodes 33 Figure 2 EtherApe GUI Active IP connections In the example Figure 2 we can see that there is big amount of HTTPS Secure Web Traffic between the node nebaj and sourceforge violet line We can also see that there is a Telnet connection between nodes nebaj and argos yellow think line DNS traffic is working properly from argos to ns eusnet es and ns2 economix es red lines The UDP unkown traffic brown line corresponds to ICQ Messenger traffic connection to fes d008 icq aol com 13_en mmtk_wireless_troubleshooting_handout odt 6 Created 22 December 2005 Available online from http Avww itrainonline org itrainonline org mmtk 7 Scenario 3 Why this networ
12. oblem is normally easier to troubleshoot as it stems from problems related to a wrong link budget power loss in the equipment misalignment of antennas wrong settings etc The second type of problem especially when related to lower layers of the TCP IP stack is more difficult to troubleshoot as it will require you to monitor all the wireless parameters during a period of time while you are trying to identify the cause of the problem In the diagram below we include a set of tools that can help you to troubleshoot 13_en mmtk_wireless_troubleshooting_handout odt 3 Created 22 December 2005 Available online from http Avww itrainonline org itrainonline org mmtk Layer Tools TCP IP Tools 7 Application Application nslookup 6 Presentation 5 Session Transport TCP Ntop Win32 Linux 4 Transport Visualroute traceroute Network Network IP Nmap Ntop Win32 Linux Ethereal Etherape 3 2 Data Link Media Access Control Ethereal Win32 Linux Netstumbler Win32 Physical Kismet Wavemon Wellenreiter 1 Vendor Specific Management Tools Table 2 Tools for troubleshooting for each and one of the seven layers of the TCP IP protocol stack When it comes to identify problems in the wireless media we can use two types of tools the ones that work with any IEEE 802 11b compliant product and those that come with every specific vendor Some vendors e g Proxim Orinoco Outdoor Solutions implement extensions to I
13. to be able to have a method to identify the cause without calling in your best network engineer If we follow the first of the proposed methods top down we will ask the following questions trying to identify where the problem is What program do you use to check your e mail Checking for application problems e Can you check the proxy settings of your program e Can you reach any other Internet sites Checking for DNS problems e Does your application time out Checking for session TCP problems e Have you authenticated with the access control server Checking for Authentication Problems e Can you reach our router provider web site Checking for routability problems Do you have an IP address Checking for IP problems If we follow the second proposed method middle top down we will ask the following questions e Can you ping hotmail com Can you ping lt IP address of the border router of the WISP gt If both answers are no Do you have an IP address e Have you authenticated with the access control server Classifying problems is not an easy task and problems vary from network to network but the methodology we use to troubleshoot is always the same There is one easy way to classify any problem in a network Things do not work at all Why my computer does not lt include word here gt e Things work sometimes or things work but badly Why is my computer so slow The first type of pr
Download Pdf Manuals
Related Search