China
Africa
Explore chapters and articles related to this topic
Network Security
Published in Mário Marques da Silva, Cable and Wireless Networks, 2018
A wireless access point (AP) of an IEEE 802.11 network acts similar to an Ethernet hub for wireless devices that join a basic service set (BSS). This means that the NIC of a wireless device receives the signals sent by an AP, regardless of their destinations. In case the AP transmissions are in clear mode (open) or use a cipher common to all wireless devices (WEP), the frames sent to all BSS wireless devices are monitored by all other stations. Then, in normal mode, the NIC discards the frames whose destination address is not this wireless device. When the NIC is placed in promiscuous mode, and with the aid of a packet sniffing software, the wireless device can capture all the traffic, and eavesdropping can be executed. Therefore, a major concern in IEEE 802.11 networks relies on executing authentication of wireless devices that want to join the BSS. Moreover, data encryption is also an important requirement. Otherwise, the data exchanged with the AP will be available not only to those wireless devices that are part of the BSS but also to other terminals that can listen to the AP transmissions.
Introduction to Wireless Mesh Networking
Published in Gilbert Held, Wireless Mesh Networks, 2005
Dynamic source routing is similar to IP source routing. Under dynamic source routing, a route request is used to determine the path from the source to the destination. The destination issues a route reply, which provides the reverse path. Although the route between source and destination does not need to be a reverse image of the path between destination and source, some protocols require bidirectional connections. One such protocol is the IEEE 802.11 standard, which enables a destination station on a wireless LAN using dynamic source routing to simply reverse the route to itself to determine the route to the source. In a dynamic source routing environment, each node examines every packet it receives, an operating method referred to as promiscuous mode. As the node examines the addresses in each packet, it learns where other devices are located relative to the node examining packets. Due to this, nodes do not need to transmit periodic routing advertisements, such as Routing Information Protocol (RIP) transmissions that are used to inform other nodes of the state of the network.
Mapping Network Device Functions to the OSI Reference Model
Published in James Aweya, Designing Switch/Routers, 2023
Each port of a bridge operates in promiscuous mode (also called the monitor mode); it receives and examines every frame transmitted on the connected LAN segment. In promiscuous mode, the MAC copies all received frames regardless of a frame’s destination address. This behavior is key to the operations of a bridge where it receives frames on a bridge port and decides whether to filter or forward them. This decision-making process is possible because a bridge learns the MAC addresses that are on the LAN segment connected to each port. The promiscuous mode is also called the monitor mode because this is the mode used by network traffic analyzers to monitor and record all received network traffic.
RTP Timestamp Steganography Detection Method
Published in IETE Technical Review, 2018
Wanxia Yang, Shanyu Tang, GuanPing Wang
The data collection platform used in this experiment includes a switch used in a local area network (LAN), a normal user, and a pair of covert communicators. All the local network traffic goes through the switch; by configuring a switch mirror port, all data packets entering and leaving the mirror port are copied and sent to a monitoring port. The experimental data are obtained from the monitoring port using the WinPcap data collection structure in a Windows environment. First, the network card is put into promiscuous mode to receive all the data packets on the network. The main task is to filter, statistically analyze, and cache the RTP packets in the netgroup packet filter (NPF) through the definition of rue base. The specific steps are as follows: Normal data: 10001 normal channel timestamp segments of RTP data packets are collected using the above described experiment platform.Hidden data: by random bit replacement of the LSB of the RTP timestamp header field on both sides of the hidden communication using the collection platform, 10001 hidden data packets are obtained.The difference histogram of the RTP timestamps of normal and steganography data packets are calculated using the method and steps in section 3.2; from this, avector for the monitoring subject, u∈R10, is generated. Then, the cosine of the 2 vectors is calculated, and cosine similarity is applied. If the similarity to a normal data packet is less than 0.95, then the packet is steganographic. The experimental results are shown in Figure 7.The results are fitted to a 5th-order polynomial, and the RTP timestamp sequence is optimized using thmethod in section 4.1; the area between the 2 best-fit curves is selected as the clustering subject.Use the steps in section 4.3 to perform clustering. In the experiment, the value of the curve-fitted message window w has a significant influence on the modeling and clustering results; this study includes experiments for w values of 20, 50, 100, 150 and 200. The focus of the comparison is on the time required to extract the characteristics of each cluster, the rate of change of the average distance between a data point and each cluster center, the accuracy of the initial and final clustering results, and the rate of false positives in the initial clustering results for different values of w. The results are shown in Table 2. In addition, the curves of initial and final clustering results are performed to compare the detection results of in Table 2. As shown in Figure 8. And the training time 13.2 s of the algorithm in this paper is compared with the training time 14.7 s of the algorithm in [6]. The detection algorithm in this paper has the advantage of in training time.