On The Fidelity of 802.11 Packet Traces Aaron Schulman, Dave Levin, - - PowerPoint PPT Presentation

on the fidelity of 802 11 packet traces
SMART_READER_LITE
LIVE PREVIEW

On The Fidelity of 802.11 Packet Traces Aaron Schulman, Dave Levin, - - PowerPoint PPT Presentation

Jun 08, 2023 468 likes •1.27k views

On The Fidelity of 802.11 Packet Traces Aaron Schulman, Dave Levin, Neil Spring University of Maryland, College Park PAM - April 2008 On The Fidelity of 802.11 Packet Traces 1 Uses of 802.11 packet traces MAC Layer (Mahajan et al, Jardosh

slide-1
SLIDE 1

On The Fidelity of 802.11 Packet Traces PAM - April 2008

On The Fidelity of 802.11 Packet Traces

Aaron Schulman, Dave Levin, Neil Spring University of Maryland, College Park

1

slide-2
SLIDE 2

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Uses of 802.11 packet traces

  • MAC Layer (Mahajan et al, Jardosh et al)
  • Performance (Rodrig et al)
  • Troubleshooting (Cheng et al)

2

These studies benefit from complete packet traces

slide-3
SLIDE 3

On The Fidelity of 802.11 Packet Traces PAM - April 2008

What is an incomplete trace?

Transmissions are within range of the monitor but packets are missing

3

Client 1 Client 2 Monitor AP

slide-4
SLIDE 4

On The Fidelity of 802.11 Packet Traces PAM - April 2008

What is an incomplete trace?

Transmissions are within range of the monitor but packets are missing

3

Client 1 Client 2 Monitor AP

slide-5
SLIDE 5

On The Fidelity of 802.11 Packet Traces PAM - April 2008

What is an incomplete trace?

Transmissions are within range of the monitor but packets are missing

3

Client 1 Client 2 Monitor AP

slide-6
SLIDE 6

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Capturing complete 802.11 packet traces is hard

  • Monitor Hardware/Software
  • RF Interference
  • Monitor Placement
  • Merging requires accurate timestamps

4

(Yeo et al, Portoles-Comeras et al)

slide-7
SLIDE 7

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness Accuracy

Did we capture all of the packets? Did we timestamp the packets correctly?

Trace Fidelity

5

slide-8
SLIDE 8

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness Accuracy

Did we capture all of the packets? Did we timestamp the packets correctly?

Trace Fidelity

5

Main finding: Both are dependent on load

slide-9
SLIDE 9

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness Accuracy

Did we capture all of the packets? Did we timestamp the packets correctly?

Trace Fidelity

5

Main finding: Both are dependent on load

slide-10
SLIDE 10

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Monitor

Monitors can miss packets

AP Client 2 Client 1

6

slide-11
SLIDE 11

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Monitor

Monitors can miss packets

AP Client 2 Client 1

6

slide-12
SLIDE 12

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Monitor

Monitors can miss packets

AP Client 2 Monitor AP Client 1

Both the Monitor and AP receive a packet from Client 1

6

slide-13
SLIDE 13

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Monitor

Monitors can miss packets

AP Client 2 Client 1

Both the Monitor and AP receive a packet from Client 1

6

slide-14
SLIDE 14

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Monitor

Monitors can miss packets

AP Client 2 Client 1

Both the Monitor and AP receive a packet from Client 1

6

slide-15
SLIDE 15

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Monitor

Monitors can miss packets

AP Client 2 AP Client 1

Both the Monitor and AP receive a packet from Client 1 The Monitor misses a packet from Client 2

6

slide-16
SLIDE 16

On The Fidelity of 802.11 Packet Traces PAM - April 2008

802.11 protocol can show completeness

7

802.11 Header

Sequence # Retry Bit

Incremented when a packet is sent Set when a packet is a retransmission (Yeo et al)

slide-17
SLIDE 17

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Estimating completeness

8

Monitor AP

Client

slide-18
SLIDE 18

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Estimating completeness

8

1 1

Monitor AP

Client

slide-19
SLIDE 19

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Estimating completeness

8

1 1 2

Monitor AP Missed

Client

2

slide-20
SLIDE 20

On The Fidelity of 802.11 Packet Traces PAM - April 2008

2 is missing

Estimating completeness

8

1 1 2 3 3

Monitor AP

Client

2

slide-21
SLIDE 21

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Estimating completeness

8

1 1 2 3 4 3 4

Monitor AP Missed

Client

2

Missed

slide-22
SLIDE 22

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Estimating completeness

8

1 1 2 3 4 4 3 4 4

Monitor AP

Client

2

Retransmitted Retransmitted

slide-23
SLIDE 23

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Estimating completeness

8

1 1 2 3 4 4 3 4 4

Monitor AP

Client

2

4 is missing

slide-24
SLIDE 24

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Estimating completeness

8

1 1 2 3 4 4 3 4 4

Monitor AP

Client

2

The sequence number and retransmission bit show packets 2 and 4 are missing.

slide-25
SLIDE 25

On The Fidelity of 802.11 Packet Traces PAM - April 2008

How accurate is the estimate?

  • Start with SIGCOMM ’04 trace CHI
  • Randomly removed packets from trace
  • Compute estimated # of packets missing
  • Relative Error of Method = Estimate - Known

Total packets

9

slide-26
SLIDE 26

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Accuracy of estimate

Relative error Fraction of Non-beacon Packets Removed

Error bars show 95% confidence interval

10

slide-27
SLIDE 27

On The Fidelity of 802.11 Packet Traces PAM - April 2008

The relative error is < 0.02 when up to 55% of the trace is removed.

Accuracy of estimate

Relative error Fraction of Non-beacon Packets Removed

Error bars show 95% confidence interval

10

slide-28
SLIDE 28

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Percentage for trace completeness

SIGCOMM 2004 Dataset Rodrig et al

11

slide-29
SLIDE 29

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Percentage for trace completeness

81%

SIGCOMM 2004 Dataset Rodrig et al

11

Using the estimate the trace has

  • f the packets sent by the AP
slide-30
SLIDE 30

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Percentage for trace completeness

81% 37%

SIGCOMM 2004 Dataset Rodrig et al

11

Using the estimate the trace has

  • f the packets sent by the AP
  • f the AP’s packets were beacon packets

sent when the network was idle

slide-31
SLIDE 31

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Percentage for trace completeness

81% 37% 70%

SIGCOMM 2004 Dataset Rodrig et al

11

Using the estimate the trace has

  • f the packets sent by the AP

Excluding idle beacon packets

  • f packets sent by the AP are in the trace
  • f the AP’s packets were beacon packets

sent when the network was idle

slide-32
SLIDE 32

On The Fidelity of 802.11 Packet Traces PAM - April 2008

One number is not enough

  • Problem: Completeness is only interesting when

the network is under load

  • Example: Capturing a trace

from an AP overnight

  • Solution: Estimate completeness within small

trace intervals

  • Beacons are sent by AP every 100ms

12

slide-33
SLIDE 33

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Packets expectedi Packets collectedi

Trace completeness score

13

slide-34
SLIDE 34

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Packets expectedi Packets collectedi

Trace completeness score

13

For all devices in-range

slide-35
SLIDE 35

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Packets expectedi

Trace completeness score

Packetsi

13

For all devices in-range

slide-36
SLIDE 36

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Trace completeness score

Packetsi Sequence Changei + Retransmissionsi

13

For all devices in-range

slide-37
SLIDE 37

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Trace completeness score

Packetsi Sequence Changei + Retransmissionsi

Quantifies the completeness of interval i

13

For all devices in-range

slide-38
SLIDE 38

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Visualizing trace completeness

14

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

slide-39
SLIDE 39

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Visualizing trace completeness

14

  • Y-Axis: Score
  • Completeness of

an Interval

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

slide-40
SLIDE 40

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Visualizing trace completeness

14

  • Y-Axis: Score
  • Completeness of

an Interval

  • X-Axis: Load
  • Sequence # change

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

slide-41
SLIDE 41

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Visualizing trace completeness

14

  • Y-Axis: Score
  • Completeness of

an Interval

  • X-Axis: Load
  • Sequence # change
  • Color: Frequency

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

slide-42
SLIDE 42

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness with T

  • Fi plot

15

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

slide-43
SLIDE 43

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness with T

  • Fi plot

15

  • Complete loaded

trace has dark area

  • n top

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

slide-44
SLIDE 44

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness with T

  • Fi plot

15

  • Complete loaded

trace has dark area

  • n top
  • Incomplete trace has

lower dark areas

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

slide-45
SLIDE 45

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness with T

  • Fi plot

15

  • Complete loaded

trace has dark area

  • n top
  • Incomplete trace has

lower dark areas

  • Low load trace does

not have dark color

  • n right

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

slide-46
SLIDE 46

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plots focus on load

1 10 100 1000 10000 100000 1e+06 1e+07 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

16

SIGCOMM 2004 AP

slide-47
SLIDE 47

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plots focus on load

1 10 100 1000 10000 100000 1e+06 1e+07 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

16

  • Low load

intervals are relegated to the left side

SIGCOMM 2004 AP

slide-48
SLIDE 48

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plots focus on load

1 10 100 1000 10000 100000 1e+06 1e+07 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

16

  • Low load

intervals are relegated to the left side

SIGCOMM 2004 AP

slide-49
SLIDE 49

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plots focus on load

1 10 100 1000 10000 100000 1e+06 1e+07 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

16

  • Low load

intervals are relegated to the left side

SIGCOMM 2004 AP

slide-50
SLIDE 50

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plots focus on load

1 10 100 1000 10000 100000 1e+06 1e+07 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

16

  • Low load

intervals are relegated to the left side

SIGCOMM 2004 AP

slide-51
SLIDE 51

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plots focus on load

1 10 100 1000 10000 100000 1e+06 1e+07 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

16

  • Low load

intervals are relegated to the left side

SIGCOMM 2004 AP

slide-52
SLIDE 52

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plots focus on load

1 10 100 1000 10000 100000 1e+06 1e+07 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

16

  • Low load

intervals are relegated to the left side

  • High load

intervals have low score

SIGCOMM 2004 AP

slide-53
SLIDE 53

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plot comparison

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score 1 10 100 1000 10000 IETF 2005 chan. 11 ple 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

17

Portland PDX Dataset Phillips et al IETF 2005 Dataset Jardosh et al

slide-54
SLIDE 54

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plot comparison
  • 1. Portland “ug” is more complete in 1 - 25 load intervals

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score 1 10 100 1000 10000 IETF 2005 chan. 11 ple 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

17

Portland PDX Dataset Phillips et al IETF 2005 Dataset Jardosh et al

slide-55
SLIDE 55

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plot comparison
  • 1. Portland “ug” is more complete in 1 - 25 load intervals

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score 1 10 100 1000 10000 IETF 2005 chan. 11 ple 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

17

Portland PDX Dataset Phillips et al IETF 2005 Dataset Jardosh et al

slide-56
SLIDE 56

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plot comparison
  • 1. Portland “ug” is more complete in 1 - 25 load intervals

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score 1 10 100 1000 10000 IETF 2005 chan. 11 ple 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

17

Portland PDX Dataset Phillips et al IETF 2005 Dataset Jardosh et al

slide-57
SLIDE 57

On The Fidelity of 802.11 Packet Traces PAM - April 2008

  • 2. IETF “chan. 11 ple” has more 30 - 50 load intervals

T

  • Fi plot comparison
  • 1. Portland “ug” is more complete in 1 - 25 load intervals

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score 1 10 100 1000 10000 IETF 2005 chan. 11 ple 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

17

Portland PDX Dataset Phillips et al IETF 2005 Dataset Jardosh et al

slide-58
SLIDE 58

On The Fidelity of 802.11 Packet Traces PAM - April 2008

  • 2. IETF “chan. 11 ple” has more 30 - 50 load intervals

T

  • Fi plot comparison
  • 1. Portland “ug” is more complete in 1 - 25 load intervals

1 10 100 1000 10000 100000 Portland ug 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score 1 10 100 1000 10000 IETF 2005 chan. 11 ple 10 20 30 40 50 Load (change in sequence number) 0.2 0.4 0.6 0.8 1 Score

17

Portland PDX Dataset Phillips et al IETF 2005 Dataset Jardosh et al

slide-59
SLIDE 59

On The Fidelity of 802.11 Packet Traces PAM - April 2008

T

  • Fi plots
  • T
  • Fi Plots can show other completeness

measures

  • Completeness of a trace when there are

many unique senders

  • Replace Load with # of unique senders

18

slide-60
SLIDE 60

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness Accuracy

Did we capture all of the packets? Did we timestamp the packets correctly?

Trace Fidelity

19

slide-61
SLIDE 61

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness Accuracy

Did we capture all of the packets? Did we timestamp the packets correctly?

Trace Fidelity

19

T

  • Fi plots show trace

completeness

slide-62
SLIDE 62

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness Accuracy

Did we capture all of the packets? Did we timestamp the packets correctly?

Trace Fidelity

19

T

  • Fi plots show trace

completeness

slide-63
SLIDE 63

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Merging traces using packet timestamps

  • Monitor applies timestamps to packets

when it receives them

  • Problem: Multiple monitors may not have

synchronized clocks

  • AP timestamps beacon packets before it

sends them

  • Solution: Synchronize monitors using

beacon timestamps (Mahajan et al)

20

slide-64
SLIDE 64

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Synchronizing traces with beacon timestamps

21

Beacon 1 Beacon 1 Beacon 2 Beacon 2 Packet 1 Packet 2

Trace 1 Trace 2

slide-65
SLIDE 65

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Synchronizing traces with beacon timestamps

21

Beacon 1 Beacon 1 Beacon 2 Beacon 2 Packet 1 Packet 2

Trace 1 Trace 2 Scale monitor timestamps to equal the interval from beacon timestamps

slide-66
SLIDE 66

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Synchronizing traces with beacon timestamps

21

Beacon 1 Beacon 1 Beacon 2 Beacon 2 Packet 1 Packet 2

Trace 1 Trace 2 Scale monitor timestamps to equal the interval from beacon timestamps

slide-67
SLIDE 67

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Synchronizing traces with beacon timestamps

21

Beacon 1 Beacon 1 Beacon 2 Beacon 2 Packet 1 Packet 2

Trace 1 Trace 2 Scale monitor timestamps to equal the interval from beacon timestamps

slide-68
SLIDE 68

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Synchronizing traces with beacon timestamps

21

Beacon 1 Beacon 1 Beacon 2 Beacon 2 Packet 1 Packet 2

Trace 1 Trace 2 Scale monitor timestamps to equal the interval from beacon timestamps

slide-69
SLIDE 69

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Compare monitor and beacon timestamps

  • We measure the difference between beacon

and monitor timestamps

  • Is there clock skew at the monitor and/or AP?
  • Clock diff. = Beacon Interval - Beacon Interval

22

Monitor AP

slide-70
SLIDE 70

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Accuracy is load-dependent

23

SIGCOMM 2004 Dataset Rodrig et al.

slide-71
SLIDE 71

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Does clock difference exist inside beacon intervals?

24

slide-72
SLIDE 72

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Does clock difference exist inside beacon intervals?

24

slide-73
SLIDE 73

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Does clock difference exist inside beacon intervals?

Significant clock differences can exist inside 100ms intervals

24

slide-74
SLIDE 74

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness Accuracy

Did we timestamp the packets correctly?

Trace Fidelity

25

Did we capture all of the packets?

slide-75
SLIDE 75

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness Accuracy

T

  • Fi plots show trace

completeness Did we timestamp the packets correctly?

Trace Fidelity

25

Did we capture all of the packets?

slide-76
SLIDE 76

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness Accuracy

T

  • Fi plots show trace

completeness Did we timestamp the packets correctly?

Trace Fidelity

25

Did we capture all of the packets? Load increases frequency of timestamp error

slide-77
SLIDE 77

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Completeness Accuracy

T

  • Fi plots show trace

completeness Did we timestamp the packets correctly?

Trace Fidelity

25

Did we capture all of the packets? Load increases frequency of timestamp error Merging algorithms have a faulty assumption

slide-78
SLIDE 78

On The Fidelity of 802.11 Packet Traces PAM - April 2008

Conclusions

  • Completeness and accuracy

depend on load

  • The fundamental assumption behind

merging algorithms is flawed

  • Future Work: Identifying the fidelity of a

trace in real-time

26

http://www.cs.umd.edu/projects/wifidelity