ABC Amber CHM Converter Trial version, http://www.processtext.com/abcchm.html CWAP Certified Wireless Analysis Professional Official Study Guide (Exam PW0-300) by Devin Akin and Jim Geier ISBN:0072255854 McGraw-Hill/Osborne © 2004 (453 pages) Get the inside track to understanding and diagnosing complex scenarios that require an in-depth knowledge of 802.11 standards and technologies. This comprehensive study guide contains a thorough collection of material on wireless LAN analysis. Table of Contents CWAP Certified Wireless Analysis Professional Official Study Guide (Exam PW0-205) Forward Preface Introduction Ch - Introduction to Wireless LAN Analysis apt er 1 Ch - 802.11 Protocol Architecture apt er 2 Ch - Connectivity and Data Protection apt er 3 Ch - Configuration Options and Protection Mechanisms apt er 4 Ch - 802.11 MAC Frame Format apt er 5 Ch - 802.11 Management Frames apt er 6 Ch - 802.11 Control and Data Frames apt er 7 Ch - 802.11 PHY Layers apt er 8 Ch - 802.11 System Architecture apt er 9 Ch - 802.11 Protocol Analyzers apt er 10 Ch - 802.11 Performance Variables apt er 11 Ch - Additional Information apt er 12 Page 1 ABC Amber CHM Converter Trial version, http://www.processtext.com/abcchm.html Ch - Case Studies apt er 13 Index List of Figures Page 2 ABC Amber CHM Converter Trial version, http://www.processtext.com/abcchm.html Back Cover The only official study guide from the creators of the CWAP exam 100% Complete Coverage – All official test objectives for exam PWO-205 are covered in detail Detailed Frame Analysis – Frame format and frame exchange process diagrams and explanations offer a one-of-a-kind learning experience focused on the analysis of 802.11 technologies Review Questions – Questions at the end of each chapter help you learn and understand the 802.11 frame format The CWAP Official Study Guide is a comprehensive resource to assist the reader in understanding and diagnosing complex scenarios that require an in-depth knowledge of 802.11 standards and technologies. This guide contains the most thorough collection of material on wireless LAN analysis available: Appropriate application of an 802.11a/b/g protocol analyzer Interpretation of 802.11a/b/g protocol traces and frame fields Understanding the common features found in today’s analyzers 802.11b/g mixed mode environments and protection mechanisms PHY layer terminology and details on frame fragmentation The purpose and structure of each 802.11 MAC layer frame type 802.11 frame exchange processes Wireless LAN performance issues and security analysis Wireless LAN system architecture About the Authors Devin Akin is the Chief Technology Officer and co-founder of Planet3 Wireless, Inc., the creators of the CWNP Program. He contributed to the CWAP exam, and is the principal author of the CWNA, CWSP, and CWAP courseware and study guides. He holds many technical certifications including CCNP, CCDP, CCSP, MCNE, and MCSE. Jim Geier is the founder and principal consultant of Wireless-Nets, Ltd., an independent consulting firm assisting companies with the development and deployment of wireless LAN solutions. His 20 plus years of experience includes the analysis, design, installation, and support of numerous wireless network-based products and systems throughout the world. Page 3 ABC Amber CHM Converter Trial version, http://www.processtext.com/abcchm.html Page 4 ABC Amber CHM Converter Trial version, http://www.processtext.com/abcchm.html CWAP Certified Wireless Analysis Professional Official Study Guide (Exam PW0-205) FIRST EDITION McGraw-Hill/Osborne is an independent entity from Planet3 Wireless Inc. and is not affiliated with Planet3 Wireless Inc. in any manner. This publication may be used in assisting students to prepare for the CWAP exam. Neither Planet3 Wireless Inc. nor McGraw-Hill/Osborne warrant that use of this publication will ensure passing the relevant exam. CWAP is a trademark of Planet3 Wireless Inc. in the United States and other countries. Planet3 Wireless McGraw-Hill/Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto McGraw-Hill/Osborne 2100 Powell St. 10th Floor Emeryville, CA 94608 U.S.A. To arrange bulk purchase discounts for sales promotions, premiums, or fund-raisers, please contact McGraw-Hill/Osborne at the above address. For information on translations or book distributors outside the U.S.A., please see the International Contact Information page immediately following the index of this book. CWAP Certified Wireless Analysis Professional Official Study Guide (Exam PW0-205) First Edition Copyright © 2004 by Planet3 Wireless, Inc. All rights reserved. Printed in the United States of America. Except as permitted under the Copyright Act of 1976, no part of this publication may be reproduced or distributed in any form or by any means, or stored in a database or retrieval system, without the prior written permission of publisher, with the exception that the program listings may be entered, stored, and executed in a computer system, but they may not be reproduced for publication. 1234567890 JPI JPI 019876543 ISBN 0-07-225585-4 Publisher : Brandon A. Nordin Editorial Director : Gareth Hancock Indexer : Jack Lewis Vice President & Associate Publisher: Scott Rogers Technical Editors : Criss Hyde Computer Designers : Scott Turner Acquisitions Editor : Timothy Green Copy Editor : Kevin Sandlin Illustrator : Scott Turner Authors : Devin Akin Jim Geier Proofreaders : Kevin Sandlin Criss Hyde Series Design : Scott Turner Information has been obtained by McGraw-Hill/Osborne from sources believed to be reliable. However, because of the possibility of human or mechanical error by our sources, McGraw-Hill/Osborne, or others, McGraw-Hill/Osborne does not guarantee the accuracy, adequacy, or completeness of any information and is not responsible for any errors or omissions or the results obtained from the use of such Page 5 ABC Amber CHM Converter Trial version, http://www.processtext.com/abcchm.html information. CWNP ® Certification Program The CWNP Program is the industry standard for wireless LAN training and certification, and is intended for individuals who administer, install, design, troubleshoot, and support IEEE 802.11 compliant wireless networks. Achieving CWNP Certification will help you to design, install, and maintain wireless LANs that are more secure, cost-effective, and reliable. The CWNP Program has three levels of knowledge and certification covering all aspects of wireless LANs. Foundation CWNA covers a broad range of wireless networking topics. CWNA brings those of you who are new to wireless networking up to speed quickly. For those of you already familiar with wireless LANs, earning the CWNA certification fills in any gaps in your knowledge, and officially proves your expertise to help your competitive edge. Advanced CWSP ensures that you understand how to secure a wireless LAN from hackers and protect the valuable information on your network. CWSP offers the most thorough information available on how attacks occur and how to secure your wireless network from them. CWAP focuses entirely on the analysis and troubleshooting of wireless LAN systems. The CWAP certified individual will be able to confidently analyze and troubleshoot any wireless LAN system using any of the market leading software and hardware analysis tools. Expert CWNE credential is the final step in the CWNP Program. By successfully completing the CWNE practical examination, network engineers and administrators will have demonstrated that they have the most advanced skills available in today's wireless LAN market. LICENSE AGREEMENT PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THIS MANUAL (“MATERIALS”). BY USING THE MATERIALS YOU AGREE TO BE BOUND BY THE TERMS AND CONDITIONS OF THIS LICENSE. OWNERSHIP The Study Guide is proprietary to PLANET3 WIRELESS, INC., who retains exclusive title to and ownership of the copyrights and other intellectual property rights in the Study Guide. These rights are protected by the national and state copyright, trademark, trade secret, and other intellectual property laws of the United States and international treaty provisions, including without limitation the Universal Copyright Convention and the Berne Copyright Convention. You have no ownership rights in the Study Guide. Except as expressly set forth herein, no part of the Study Guide may be modified, copied, or distributed in hardcopy or machine-readable form without prior written consent from PLANET3 WIRELESS, INC. All rights not expressly granted to you herein are expressly reserved by PLANET3 WIRELESS, INC. Any other use of the Study Guide by any person or entity is strictly prohibited and a violation of this Agreement. SCOPE OF RIGHTS LICENSED (PERMITTED USES) PLANET3 WIRELESS, INC. is granting you a limited, non-exclusive, non-transferable license to use the Study Guide, in part or in whole, for your internal business or personal use. Any internal or personal use of the Study Guide content must be accompanied by the phrase "Used with permission from PLANET3 WIRELESS, INC." or other phrasing agreed upon in writing by PLANET3 WIRELESS, INC. RESTRICTIONS ON TRANSFER Reproduction or disclosure in whole or in part to parties other than the PLANET3 WIRELESS, INC. client that is the original subscriber to this Study Guide is permitted only with the written and express consent Page 6 ABC Amber CHM Converter Trial version, http://www.processtext.com/abcchm.html of PLANET3 WIRELESS, INC. This Study Guide shall be treated at all times as a confidential and proprietary document for internal use only. Any purported sale, assignment, transfer or sublicense without the prior written consent of PLANET3 WIRELESS, INC. will be void and will automatically terminate the License granted hereunder. LIMITED WARRANTY THE INFORMATION CONTAINED IN THIS STUDY GUIDE IS BELIEVED TO BE RELIABLE BUT CANNOT BE GUARANTEED TO BE CORRECT OR COMPLETE. If the Study Guide's electronic delivery format is defective, PLANET3 WIRELESS, INC. will replace it at no charge if PLANET3 WIRELESS, INC. is notified of the defective formatting within THIRTY days from the date of the original download or receipt of Study Guide. PLANET3 WIRELESS, INC., MAKES NO WARRANTY, EXPRESS OR IMPLIED, OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE LIMITATION OF LIABILITY IN NO EVENT WILL PLANET3 WIRELESS, INC. BE LIABLE TO YOU FOR ANY DAMAGES, INCLUDING, WITHOUT LIMITATION, ANY LOST PROFITS, LOST SAVINGS, OR OTHER INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF YOUR USE OR INABILITY TO USE THE STUDY GUIDE REGARDLESS OF WHETHER SUCH DAMAGES ARE FORESEEABLE OR WHETHER SUCH DAMAGES ARE DEEMED TO RESULT FROM THE FAILURE OR INADEQUACY OF ANY EXCLUSIVE OR OTHER REMEDY. IN ANY EVENT, THE LIABILITY OF PLANET3 WIRELESS, INC. SHALL NOT EXCEED THE LICENSE FEE PAID BY YOU TO PLANET3 WIRELESS, INC. We at The CWNP® Program would like to dedicate this book to our Lord Jesus Christ, our friend, our Savior. We have experienced His presence daily since the inception of this company, and owe everything to Him. We would like to thank Jesus for the incredible blessings we have received, including our friend and brother Mark Elliott whose dedication to serving our Lord on the Mercy Ships has inspired us all. We thank Him for our new brothers Scott Williams and Scott Daniel who both recently came to know the Lord. We thank Him for providing for every need since He created this adventure back in 1999. We thank Him for bringing together a group of brothers, each with complimentary talents, who strengthen and support each other in our personal and professional lives. We thank Him for making the seemingly impossible not only possible, but unfolding reality, right before our eyes. Each time He shuts a door, He opens another - encouraging us to boldly walk through it. We don't know what tomorrow holds, but we do know the Lord, who holds tomorrow in His hands. We're excited to see what He's going to do in each of our lives and those lives who we touch by His grace. We claim no honor, but give Him all the glory. 2 Corinthians 12:9 – But he said to me, "My grace is sufficient for you, for my power is made perfect in weakness." Therefore I will boast all the more gladly about my weaknesses, so that Christ's power may rest on me. Acknowledgements Planet3 Wireless, Inc. would like to acknowledge and thank the following people for their contributions to the CWAP Study Guide: Devin Akin, Author: Devin is the Chief Technology Officer of Planet3 Wireless, Inc. Devin has over 10 years of IT experience and holds Cisco’s CCNP, CCDP, and CCSP, Microsoft’s MCSE, Novell’s MCNE, and the esteemed NSA/CNSS INFOSEC certifications among many others. He is the primary author of the CWNA and CWSP Study Guides and CWNA, CWSP, and CWAP Courseware. He was the primary subject matter expert for all CWNP exams and practice exams, holds all CWNP certifications, and teaches wireless courses around the world. Devin has previously worked as a Senior Network Access Design Engineer with EarthLink and BellSouth, and a Senior Systems Engineer for Foundry Networks and Sentinel Technologies. Jim Geier, Co-Author: Jim Geier, Co-Author: Jim Geier is the principal consultant of Wireless-Nets, Ltd. (www.wireless-nets.com), where he provides independent analysis, design, and planning of wireless LANs to product developers, system integrators and large end users throughout the world. Jim is a voting member within the Wi-Fi Alliance, certifying interoperability of 802.11 (Wi-Fi) wireless LANs. He served as Chairman of the IEEE Computer Society, Dayton Section, and Chairman of the IEEE Page 7 ABC Amber CHM Converter Trial version, http://www.processtext.com/abcchm.html International Conference on Wireless LAN Implementation. He has been an active member of the IEEE 802.11 Working Group, developing international standards for wireless LANs. Jim is author of several books on wireless networks, and his education includes a bachelors and masters degree in electrical engineering and a Master’s degree in business administration. You can contact Jim Geier at [email protected]. Criss Hyde, Technical Editor: Criss has over 25 years of IT experience. He has contributed substantially to all the Planet3 products published or republished during 2004. His attention to technical detail simply astounds us. He holds the CWAP and CWSP certifications, as well as Cisco Certified Network and Design Professional, Cisco Wireless LAN Design and Support Specialist, and Sun Certified System and Network Administrator. Criss has earned Engineering and a Law degree from Penn State and George Mason Universities, respectively, worked for 13 years for Raytheon, and is a member of the Virginia Bar. Criss is married, and is the father of eight home schooled children. Criss worked briefly for the Executive Office of the White House. Eric Geier, for testing many of the RF and protocol concepts explained in this book. Eric is a member of the technical staff of Wireless-Nets, Ltd., where he researches and analyzes wireless network technologies, performs wireless LAN analysis, and develops training media. Scott Daniel, for relentlessly configuring endless complex lab scenarios to prove concepts explained in this book. Scott is a lab engineer and courseware designer at the CWNP Program with a diverse background in systems, network, and security engineering across a wide variety of platforms. Page 8 ABC Amber CHM Converter Trial version, http://www.processtext.com/abcchm.html Forward Data communication networks are, at their most fundamental level, the exchange of bits, grouped into units and sub-units, and exchanged in accordance with a predefined set of rules we call protocols. Understanding the operation of any data communication system may be decomposed into understanding the bits, the units, and the protocols. Troubleshooting, optimizing, and securing a network is accomplished by comparing and contrasting the observed behavior of these bits and data units with the established protocol rules, restrictions, and capacity requirements. The process of observing the internal operations in a communication network is the process of "protocol analysis", and, in the realm of the IEEE 802.11 wireless LAN (WLAN) standards, that's what this book is all about. My first exposure to WLAN technology was through the draft 802.11 standards document from the Institute of Electrical and Electronics Engineers (IEEE). The 802.11b draft standards soon followed, and were ratified in the second half of 1999. Since there were few practical implementations of the 802.11 standard it was too early to know what was going to be important, what was going to be found to be flawed, and what would never be widely implemented. Those of us in the RF engineering space watched this new "wireless LAN" technology explode into the marketplace with unprecedented growth. Today you have the benefit of the past five years of industry experience with 802.11 technology, and The CWAP Study Guide has distilled key concepts and facts into a very readable volume. You're not going to be struggling to understand a sometimes seemingly cryptic IEEE standard. You're going to learn how this new, pivotal technology works and how you can confirm its efficiency, security, and correct operation. You're going to be able to demonstrate your knowledge and expertise through professional certification in the Certified Wireless Network Professional (CWNP ® ) program, the accepted industry standard for 802.11 engineering expertise. When we consider the bits in a WLAN, we're thinking in terms of the binary 1's and 0's that are represented by the wiggling and jiggling of electromagnetic energy transmitted through space. There are many different ways that a radio circuit and an antenna can cause an electromagnetic wave to wiggle, and different bit representations offer different advantages along with different disadvantages. The consideration of the representation of bits based on some particular way of jiggling the electromagnetic wave is the physical (PHY) layer of communication. You'll be introduced to the various 802.11 PHY standards and you'll see how they've evolved and how they differ. There are a number of behavioral rules that an 802.11 WLAN communicator must follow, and these rules, along with various PHY standards, are stipulated by working groups within the IEEE. The 802.11 group is subdivided with letters of the alphabet to form the 802.11a, b, c, d, e, f, etc., all the way up to 802.11k and beyond! To be an expert in the analysis of WLAN communication, it's necessary to understand the expected rules of protocol behavior, and you will be introduced to those rules, and the associated 802.11 standards, as you read through this book. Of course, a WLAN doesn't operate apart from some type of wired network infrastructure. 802.11 radios ("access points") are typically connected together through Ethernet cables, switches, and routers. There can be wireless "backhaul" connections between access points, but you're going to encounter a cable somewhere along the line. As you read, you'll be introduced to these infrastructure components, and you'll see how the whole system fits together. The very thing that makes a wireless network attractive also creates a security exposure. Since users don't need to physically "plug in" (an attractive feature), it's possible for an unauthorized person to gain access to the wireless network (a security exposure). Prior to 2004 the only security options that were part of the 802.11 standard ("Wired Equivalent Privacy, WEP") were determined to be flawed. Today, new recommendations and standards ("Wi-Fi Protected Access, WPA" and the 802.11i standards) have provided the capability to effectively secure a wireless network. Security is a crucial part of wireless network design and administration and awareness of security issues is a key part of any WLAN engineer's education. Today there are two groups of engineers in the communications arena who are converging into the WLAN space. Neither group brings with them the knowledge necessary to successfully design, implement, secure, manage, and troubleshoot an 802.11 wireless LAN. Both groups have things to Page 9 ABC Amber CHM Converter Trial version, http://www.processtext.com/abcchm.html learn, and both groups are actively moving towards WLAN expertise. The first group consists of the legacy Ethernet LAN engineers. These are the “wireline” folks who know about switches, routers, and firewalls. They know how to move data through wires, but moving it through the air is new territory. The second group consists of the telephony folks who have been creating the cellular phone network for many years. They know how to move signals through the air, but moving data is new territory. Today there are a number of tools available to help engineers observe the behavior of communicating devices in the air. These "wireless LAN analyzers" offer a broad range of features and capabilities, and a WLAN engineer must be knowledgeable in the use of an analysis tool, and in the interpretation of the packet level decodes that the analyzer presents. In this book you'll see examples of frame level traces that will show the behavior of wireless communicators in action. Why should you learn about the 802.11 standards? Why should you challenge yourself to demonstrate your knowledge through professional certification? The answer is that 802.11 WLAN technology is, today, the focal point in an almost unimaginable global technology convergence, and, without an 802.11 foundation, communication engineers (LAN and telephony) are going to be at a shocking disadvantage in the years to come. Now, this statement should not be taken to mean that the 802.11 standards are going to become universal and pervasive the way TCP/IP and the Internet did during the 1990's. Perhaps they will, and perhaps they won't. There are many other competing standards in the field today: 802.16 WiMAX, 802.20, 3G cellular with EV-DO, UltraWideband, and more. However, as of the publication of this book, the 802.11 standards have risen to a position of prominence and they're going to serve, at the least, as a springboard into an evolving set of future communication systems. We're going to see a convergence of cell phone and WLAN networking over the next several years. When you're inside a building your cell phone will roam onto the in-building 802.11 network and realize highspeed data transfer capabilities. In your car you'll roam back onto the cellular network. This is the realm of Voice-over-WLAN (also called wireless Voice-over-IP). It's here today as a proprietary offering from many vendors and convergence with the global cellular network is right around the corner. You've got to be on top of the 802.11 engineering issues to be on top of wireless voice. In the retail and commercial sector, Radio Frequency Identification (RFID) is emerging as an alternative to bar code scanning. Management of the inventory supply chain from manufacture, through shipping, through merchandising, to ultimate product end-of-life can be tracked with tiny RFID "tags". A little bit of web searching on "RFID" will reveal just how pervasive this new technology is going to be. Where is 802.11 in all this? It's the 802.11 WLAN that's going to connect the hand-held RFID scanners and "smart shelves" back to the store database. We're talking about every retail store that uses bar code scanning today – it’s going to be RFID right around the corner. You've got to be on top of the 802.11 engineering issues to be on top of RFID. There are very few times in the course of human history when it's been evident that a new technology would dramatically change the way society functions. What if you knew where the automotive industry was heading when Carl Benz championed the internal combustion engine in his 3-wheeled car in 1885. What if you could have foreseen the aviation industry when the Wright's flew at Kitty Hawk? How about a crystal ball on the computer industry in the 1960's or 1970's? What if you could have foreseen the Internet? Well, you're right there again, and this time the technology falls under the umbrella of wireless convergence: data, voice, video - and today they all revolve around 802.11 WLAN technology. You've got to be on top of the 802.11 engineering issues to be on top in technology in the coming years. Between the covers of this book you'll find a wealth of information that will be a basis for your understanding of wireless data networking, 802.11 protocol analysis, and WLAN management. You may find, as I have often discovered, that "the more you know, the more you know that you don't know", and, at the end of the day, have fun learning new things and never stop challenging yourself. -Joseph Bardwell Chief Scientist and President of Connect802 Corporation Page 10