Evento formativo Spring 3 ottobre 2019

Wi-Fi: diagnosi lato client/edge
w i f i p r o b e . i n r e t e . i t
E v e n t o F o r m a t i v o S p r i n g – R h o - 3 O t t o b r e 2 0 1 9

A vendre
Fiat Panda
avec Wi-Fi
3

Feedback
5
"On governors" 1868 - J.C. Maxwell
“Cybernetics" 1948 - Norbert Wiener
Introducono il concetto di feedback e ne
danno la formalizzazione matematica.
Norbert Wiener va oltre creando il nuovo
termine "Cybernetics" ed affermando che:
Ogni comportamento intelligente è il risultato
di un corretto meccanismo di feedback

Electronics: Feedback
6
Ideal feedback model

SNMP non è un end-to-end feedback
7

SNMP non è un appropriato feedback
8

Wi-Fi icon nella status bar rappresenta il Feedback
9
Connesso a Wi-Fi senza accesso a Internet
Connesso a Wi-Fi e Internet
….

RUM and Synthetic Monitoring
10
RUM (Real User Monitoring) e Synthetic Monitoring sono due modalità per avere il corretto feedback
• RUM include del codice all' interno della app utente o webpage, che raccogliere dati sulla
esperienza utente e sulle prestazioni, ha però un accesso limitato alle informazioni più di dettaglio
dagli strati tecnologici sottostanti, che sono determinanti per una diagnosi dell' infrastruttura, è
quindi più utilizzato per gli studi di comportamento degli utenti (A/B testing)
• Synthetic Monitoring si basa su codice sw (scripted test) che riproduce le azioni degli utenti,
tipicamente installato una una sonda dedicata, ha accesso a tutte le informazioni dei differenti
strati tecnologici e della infrastruttura di rete
La attuale evoluzione dell' hardware IoT permette di realizzare Synthetic Monitoring Probe con costi
altamente competitivi.
https://en.wikipedia.org/wiki/Real_user_monitoring https://en.wikipedia.org/wiki/Synthetic_monitoring

Cape Networks https://capenetworks.com/
HP Hewlett Packard Aruba Networks
Cisco Aironet Active Sensor
Epitiro Wi-Fi and Cellular Network Performance Monitoring https://www.epitiro.com/
7SIGNAL Enterprise Wireless Network Monitoring https://7signal.com/
Komodo Systems WiFi Komodowifi https://www.komodowifi.com/
NetBeez Network Monitoring from the User Perspective https://netbeez.net/
Sistemi edge di monitoring e diagnostica WiFi
11

Sonde WiFiProbe: Plug / PoE / Pocket / IP / Lamp
12

Misura e diagnosi WiFi dall’ edge
13
Oggigiorno, data la complessità dei sistemi e dei protocolli,
per diagnosticare una rete WiFi è molto vantaggioso utilizzare gli
stessi tipi di moduli e chipset WiFi presenti negli apparati utente

Misura come esperimento scientifico
14
Misura ≡ Esperimento Scientifico
Spiegabile (documentato)
Ripetibile (confermabile)

Esperienza utente: elementi dello stack
15
• RADIO SPECTRUM
• ACCESS POINT / WPA NEGOTIATIONS
• AUTHENTICATION SYSTEMS (radius...)
• DHCP
• DNS
• SWITCHES & FIREWALL
• CAPTIVE PORTAL
• INTERNET LINK

Connessione con wpa_supplicant
16
wpa_supplicant
https://en.wikipedia.org/wiki/Wpa_supplicant
http://w1.fi
wpa_supplicant -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf -K -t -W -Dnl80211
wpa_cli -p /var/run/wpa_supplicant -i wlan0
wpa_supplicant non è solo un sw Linux che gira su Raspberry Pi, ma è
dentro ogni telefono Android e ogni device Apple con Wi-Fi

Jouni Malinen (aka Mr. wpa_supplicant/hostapd)
17

wpa_supplicant in Android Open Source Project (AOSP)
18

wpa_supplicant IOS / Apple Legal
19
Jouni Malinen ( hostapd )
Copyright © 2002-2010, Jouni Malinen <j@w1.fi> and contributors.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.
See COPYING for more details. Alternatively, this software may be distributed, used, and modified under the terms of BSD license.
See README for more details. [Apple note: Use and redistribution is under the terms of the BSD license]
Jouni Malinen ( WPA Supplicant / UNIX domain socket -based control interface )
Copyright © 2004-2005, Jouni Malinen jkmaline@cc.hut.fi - See README and COPYING for more details.
Copyright © 2005-2006, Jouni Malinen <j@w1.fi>
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License version 2 as published by the Free Software Foundation.
Alternatively, this software may be distributed under the terms of BSD license.
See README and COPYING for more details. [Apple note: Use and redistribution is under the terms of the BSD license]
Jouni Malinen et al. ( hostapd and wpa_supplicant )
Copyright © 2002-2007, Jouni Malinen <j@w1.fi> and contributors. All Rights Reserved.
These program is dual-licensed under both the GPL version 2 and BSD license. Either license may be used at your option.

# wpa_supplicant -i wlan0 -c/etc/wpa_supplicant/wpa_supplicant.conf -K -t -W -Dnl80211
&
[1] 49
# 1550792472.097997: Successfully initialized wpa_supplicant
#
#
# wpa_cli -p /var/run/wpa_supplicant -i wlan0
wpa_cli v2.6
Copyright (c) 2004-2016, Jouni Malinen <j@w1.fi> and contributors
This software may be distributed under the terms of the BSD license.
See README for more details.
Interactive mode
>

> help
commands:
status [verbose] = get current WPA/EAPOL/EAP status
ifname = get current interface name
ping = pings wpa_supplicant
relog = re-open log-file (allow rolling logs)
note <text> = add a note to wpa_supplicant debug log
mib = get MIB variables (dot1x, dot11)
help [command] = show usage help
interface [ifname] = show interfaces/select interface
level <debug level> = change debug level
license = show full wpa_cli license
quit = exit wpa_cli
set = set variables (shows list of variables when run without arguments)
dump = dump config variables
get <name> = get information
driver_flags = list driver flags
logon = IEEE 802.1X EAPOL state machine logon
logoff = IEEE 802.1X EAPOL state machine logoff
pmksa = show PMKSA cache
pmksa_flush = flush PMKSA cache entries
reassociate = force reassociation
reattach = force reassociation back to the same BSS
preauthenticate <BSSID> = force preauthentication
identity <network id> <identity> = configure identity for an SSID
password <network id> <password> = configure password for an SSID
new_password <network id> <password> = change password for an SSID
pin <network id> <pin> = configure pin for an SSID
otp <network id> <password> = configure one-time-password for an SSID
passphrase <network id> <passphrase> = configure private key passphrase
for an SSID
sim <network id> <pin> = report SIM operation result
bssid <network id> <BSSID> = set preferred BSSID for an SSID
blacklist <BSSID> = add a BSSID to the blacklist
blacklist clear = clear the blacklist
blacklist = display the blacklist
log_level <level> [<timestamp>] = update the log level/timestamp
log_level = display the current log level and log options
list_networks = list configured networks
select_network <network id> = select a network (disable others)
enable_network <network id> = enable a network
disable_network <network id> = disable a network
add_network = add a network
remove_network <network id> = remove a network
set_network <network id> <variable> <value> = set network variables (shows
list of variables when run without arguments)
get_network <network id> <variable> = get network variables
dup_network <src network id> <dst network id> <variable> = duplicate network variables
list_creds = list configured credentials
add_cred = add a credential
remove_cred <cred id> = remove a credential
set_cred <cred id> <variable> <value> = set credential variables
get_cred <cred id> <variable> = get credential variables
save_config = save the current configuration
disconnect = disconnect and wait for reassociate/reconnect command before
connecting
reconnect = like reassociate, but only takes effect if already disconnected
scan = request new BSS scan
scan_results = get latest scan results
abort_scan = request ongoing scan to be aborted
bss <<idx> | <bssid>> = get detailed scan result info
get_capability <eap/pairwise/group/key_mgmt/proto/auth_alg/channels/freq/modes> = get capabilities
reconfigure = force wpa_supplicant to re-read its configuration file
terminate = terminate wpa_supplicant
interface_add <ifname> <confname> <driver> <ctrl_interface> <driver_param>
<bridge_name> <create> <type> = adds new interface, all parameters but
<ifname> are optional. Supported types are station ('sta') and AP ('ap')
interface_remove <ifname> = removes the interface
interface_list = list available interfaces
ap_scan <value> = set ap_scan parameter
scan_interval <value> = set scan_interval parameter (in seconds)
bss_expire_age <value> = set BSS expiration age parameter
bss_expire_count <value> = set BSS expiration scan count parameter
bss_flush <value> = set BSS flush age (0 by default)
stkstart <addr> = request STK negotiation with <addr>
ft_ds <addr> = request over-the-DS FT with <addr>
wps_pbc [BSSID] = start Wi-Fi Protected Setup: Push Button Configuration
wps_pin <BSSID> [PIN] = start WPS PIN method (returns PIN, if not hardcoded)
wps_check_pin <PIN> = verify PIN checksum
wps_cancel Cancels the pending WPS operation
wps_nfc [BSSID] = start Wi-Fi Protected Setup: NFC
wps_nfc_config_token <WPS|NDEF> = build configuration token
wps_nfc_token <WPS|NDEF> = create password token
wps_nfc_tag_read <hexdump of payload> = report read NFC tag with WPS data
nfc_get_handover_req <NDEF> <WPS> = create NFC handover request
nfc_get_handover_sel <NDEF> <WPS> = create NFC handover select
nfc_report_handover <role> <type> <hexdump of req> <hexdump of sel> = report completed NFC handover
wps_reg <BSSID> <AP PIN> = start WPS Registrar to configure an AP
wps_ap_pin [params..] = enable/disable AP PIN
wps_er_start [IP address] = start Wi-Fi Protected Setup External Registrar
wps_er_stop = stop Wi-Fi Protected Setup External Registrar
wps_er_pin <UUID> <PIN> = add an Enrollee PIN to External Registrar
wps_er_pbc <UUID> = accept an Enrollee PBC using External Registrar
wps_er_learn <UUID> <PIN> = learn AP configuration
wps_er_set_config <UUID> <network id> = set AP configuration for enrolling
wps_er_config <UUID> <PIN> <SSID> <auth> <encr> <key> = configure AP
wps_er_nfc_config_token <WPS/NDEF> <UUID> = build NFC configuration token
ibss_rsn <addr> = request RSN authentication with <addr> in IBSS
sta <addr> = get information about an associated station (AP)
all_sta = get information about all associated stations (AP)
deauthenticate <addr> = deauthenticate a station
disassociate <addr> = disassociate a station
chan_switch <cs_count> <freq> [sec_channel_offset=] [center_freq1=] [center_freq2=] [bandwidth=] [blocktx] [ht|vht] = CSA parameters
suspend = notification of suspend/hibernate
resume = notification of resume/thaw
roam <addr> = roam to the specified BSS
p2p_find [timeout] [type=*] = find P2P Devices for up-to timeout seconds
p2p_stop_find = stop P2P Devices search
p2p_asp_provision <addr> adv_id=<adv_id> conncap=<conncap> [info=<infodata>] = provision with a P2P ASP Device
p2p_asp_provision_resp <addr> adv_id=<adv_id> [role<conncap>] [info=<infodata>] = provision with a P2P ASP Device
p2p_connect <addr> <"pbc"|PIN> [ht40] = connect to a P2P Device
p2p_listen [timeout] = listen for P2P Devices for up-to timeout seconds
p2p_group_remove <ifname> = remove P2P group interface (terminate group if GO)
p2p_group_add [ht40] = add a new P2P group (local end as GO)
p2p_group_member <dev_addr> = Get peer interface address on local GO using peer Device Address
p2p_prov_disc <addr> <method> = request provisioning discovery
p2p_get_passphrase = get the passphrase for a group (GO only)
p2p_serv_disc_req <addr> <TLVs> = schedule service discovery request
p2p_serv_disc_cancel_req <id> = cancel pending service discovery request
p2p_serv_disc_resp <freq> <addr> <dialog token> <TLVs> = service discovery response
p2p_service_update = indicate change in local services
p2p_serv_disc_external <external> = set external processing of service discovery
p2p_service_flush = remove all stored service entries
p2p_service_add <bonjour|upnp|asp> <query|version> <response|service> = add a local service
p2p_service_rep asp <auto> <adv_id> <svc_state> <svc_string> [<svc_info>] = replace local ASP service
p2p_service_del <bonjour|upnp> <query|version> [|service] = remove a local service
p2p_reject <addr> = reject connection attempts from a specific peer
p2p_invite <cmd> [peer=addr] = invite peer
p2p_peers [discovered] = list known (optionally, only fully discovered) P2P peers
p2p_peer <address> = show information about known P2P peer
p2p_set <field> <value> = set a P2P parameter
p2p_flush = flush P2P state
p2p_cancel = cancel P2P group formation
p2p_unauthorize <address> = unauthorize a peer
p2p_presence_req [<duration> <interval>] [<duration> <interval>] = request GO presence
p2p_ext_listen [<period> <interval>] = set extended listen timing
p2p_remove_client <address|iface=address> = remove a peer from all groups
vendor_elem_add <frame id> <hexdump of elem(s)> = add vendor specific IEs to frame(s)
0: Probe Req (P2P), 1: Probe Resp (P2P) , 2: Probe Resp (GO), 3: Beacon (GO), 4: PD Req, 5: PD Resp, 6: GO Neg Req, 7: GO Neg Resp, 8: GO Neg Conf, 9: Inv Req, 10: Inv Resp, 11: Assoc Req (P2P), 12: Assoc Resp (P2P)
vendor_elem_get <frame id> = get vendor specific IE(s) to frame(s)
vendor_elem_remove <frame id> <hexdump of elem(s)> = remove vendor specific IE(s) in frame(s)
wfd_subelem_set <subelem> [contents] = set Wi-Fi Display subelement
wfd_subelem_get <subelem> = get Wi-Fi Display subelement
sta_autoconnect <0/1> = disable/enable automatic reconnection
tdls_discover <addr> = request TDLS discovery with <addr>
tdls_setup <addr> = request TDLS setup with <addr>
tdls_teardown <addr> = tear down TDLS with <addr>
tdls_link_status <addr> = TDLS link status with <addr>
wmm_ac_addts <uplink/downlink/bidi> <tsid=0..7> <up=0..7> [nominal_msdu_size=#] [mean_data_rate=#] [min_phy_rate=#] [sba=#] [fixed_nominal_msdu] = add WMM-AC traffic stream
wmm_ac_delts <tsid> = delete WMM-AC traffic stream
wmm_ac_status = show status for Wireless Multi-Media Admission-Control
tdls_chan_switch <addr> <oper class> <freq> [sec_channel_offset=] [center_freq1=] [center_freq2=] [bandwidth=] [ht|vht] = enable channel switching with TDLS peer
tdls_cancel_chan_switch <addr> = disable channel switching with TDLS peer <addr>
signal_poll = get signal parameters
signal_monitor = set signal monitor parameters
pktcnt_poll = get TX/RX packet counters
reauthenticate = trigger IEEE 802.1X/EAPOL reauthentication
autoscan [params] = Set or unset (if none) autoscan parameters
raw <params..> = Sent unprocessed command
flush = flush wpa_supplicant state
radio_work = radio_work <show/add/done>
vendor <vendor id> <command id> [<hex formatted command argument>] = Send vendor command
neighbor_rep_request [ssid=<SSID>] [lci] [civic] = Trigger request to AP for neighboring AP report (with optional given SSID in hex or enclosed in double quotes, default: current SSID; with optional LCI and location civic request)
erp_flush = flush ERP keys
mac_rand_scan <scan|sched|pno|all> enable=<0/1> [addr=mac-address mask=mac-address-mask] = scan MAC randomization
get_pref_freq_list <interface type> = retrieve preferred freq list for the specified interface type
p2p_lo_start <freq> <period> <interval> <count> = start P2P listen offload
p2p_lo_stop = stop P2P listen offload
wpa_cli help: 139 commands

> scan
OK
<3>CTRL-EVENT-SCAN-STARTED
<3>CTRL-EVENT-SCAN-RESULTS
<3>WPS-AP-AVAILABLE
>
> scan_results
bssid / frequency / signal level / flags / ssid
14:da:e9:fa:4e:14 5180 -62 [WPA2-PSK-CCMP][ESS] ASUSTEST-5GHZ
14:da:e9:fa:4e:10 2417 -65 [WPA2-PSK-CCMP][ESS] ASUSTEST
40:a5:ef:de:ec:8e 2462 -28 [WPA2-PSK-CCMP][ESS] LOAD1
00:18:e7:bb:1f:45 5200 -72 [WPA-PSK-TKIP][WPA2-PSK-CCMP][ESS] Loescher2
b6:b6:86:9a:6a:a1 2412 -75 [WPA2-PSK-CCMP][WPS][ESS] DIRECT-A1-HP ENVY 5000
series
40:a5:ef:de:ed:fd 2462 -72 [WPA-PSK-TKIP][WPA2-PSK-CCMP][ESS] MyNetESSID
60:e3:27:4d:a3:26 2437 -78 [WPA2-PSK-CCMP][ESS] IMMI_SABELT
00:11:6b:ea:84:d0 2447 -76 [WPA2-PSK-CCMP][ESS] IGAP
60:e3:27:4d:a3:8a 2462 -82 [WPA2-PSK-CCMP][ESS] IMMI_SABELT
00:18:e7:bb:e4:3f 2462 -82 [WPA-PSK-TKIP][WPA2-PSK-CCMP][ESS] ISPAP
3c:ce:73:71:10:02 2462 -80 [WPA-EAP-CCMP][WPA2-EAP-CCMP][ESS] IMMIcert
3c:ce:73:71:10:01 2462 -80 [WPA-PSK-CCMP+TKIP][WPA2-PSK-CCMP+TKIP][ESS]
IMMImobile
>

> add_network
0
> set_network 0 ssid "MyNetESSID"
OK
> set_network 0 key_mgmt WPA-PSK
OK
> set_network 0 psk "MYPASSWORD"
OK
>
> list_network
network id / ssid / bssid / flags
0 MyNetESSID any [DISABLED]
>

> select_network 0
OK
<3>Trying to associate with 40:a5:ef:de:ed:fd (SSID='MyNetESSID' freq=2462 MHz)
<3>Associated with 40:a5:ef:de:ed:fd
<3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
<3>WPA: Key negotiation completed with 40:a5:ef:de:ed:fd [PTK=CCMP GTK=TKIP]
<3>CTRL-EVENT-CONNECTED - Connection to 40:a5:ef:de:ed:fd completed [id=0 id_str=]
<3>WPA: Group rekeying completed with 40:a5:ef:de:ed:fd [GTK=TKIP]
>
>
> signal_poll
RSSI=-73
LINKSPEED=54
NOISE=9999
FREQUENCY=2462
>

> select_network 0
OK
<3>WPS-AP-AVAILABLE
<3>CTRL-EVENT-NETWORK-NOT-FOUND
<3>WPS-AP-AVAILABLE
<3>WPS-AP-AVAILABLE
<3>WPS-AP-AVAILABLE
<3>WPS-AP-AVAILABLE
<3>WPS-AP-AVAILABLE

> select_network 0
OK
<3>Authentication with 40:a5:ef:de:ed:fd timed out.
<3>CTRL-EVENT-DISCONNECTED bssid=40:a5:ef:de:ed:fd reason=3 locally_generated=1
<3>WPA: 4-Way Handshake failed - pre-shared key may be incorrect
<3>CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="MyNetESSID" auth_failures=1 duration=10
reason=WRONG_KEY
<3>CTRL-EVENT-SSID-REENABLED id=0 ssid="MyNetESSID"
<3>Authentication with 40:a5:ef:de:ed:fd timed out.
<3>CTRL-EVENT-DISCONNECTED bssid=40:a5:ef:de:ed:fd reason=3 locally_generated=1
<3>WPA: 4-Way Handshake failed - pre-shared key may be incorrect
reason=WRONG_KEY
reason=CONN_FAILED
>

> add_network
0
OK
OK
OK
> set_network 0 bgscan "simple:5:-60:30"
OK
>

#
# bgscan: Background scanning
# wpa_supplicant behavior for background scanning can be specified by
# configuring a bgscan module. These modules are responsible for requesting
# background scans for the purpose of roaming within an ESS (i.e., within a
# single network block with all the APs using the same SSID). The bgscan
# parameter uses following format: "<bgscan module name>:<module parameters>"
# Following bgscan modules are available:
# simple - Periodic background scans based on signal strength
# bgscan="simple:<short bgscan interval in seconds>:<signal strength threshold>:
# <long interval>"
# bgscan="simple:30:-45:300"
# learn - Learn channels used by the network and try to avoid bgscans on other
# channels (experimental)
# bgscan="learn:<short bgscan interval in seconds>:<signal strength threshold>:
# <long interval>[:<database file name>]"
# bgscan="learn:30:-45:300:/etc/wpa_supplicant/network1.bgscan"
# Explicitly disable bgscan by setting
# bgscan=""
#
https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf

wpa_supplicant releases
32

> add_network
0
OK
OK
OK
> set_network 0 bssid 00:1e:52:6c:91:5f
OK
>

Complete multi ESSID/BSSID coverage
35
Probe Test Schedule Cycle
AP_102 PublicNetwork 2412
AP_103 PrivateNetwork 2462

Parametri di rete con DHCP
36
DHCP client
https://en.wikipedia.org/wiki/Dynamic_Host_Configuration_Protocol
https://roy.marples.name/projects/dhcpcd
https://www.isc.org/dhcp/
dhclient -d -v -1 wlan0
ISC dhcp e dhpcd non solo due sw Linux, ma sono i due codici inclusi
dentro ogni telefono Android e ogni device Apple con Wi-Fi

dhcpcd in Android Open Source Project (AOSP)
37

DHCP code in IOS / Apple Legal
38
Internet Systems Consortium ( iscdhcp )
Copyright © 2004-2010 by Internet Systems Consortium, Inc. ("ISC")
Copyright © 1995-2003 by Internet Software Consortium
Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN
NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Internet Systems Consortium, et al. ( ISC DHCP Server code )
Copyright © 2004-2010 by Internet Systems Consortium, Inc. ("ISC")
Copyright © 1995-2003 by Internet Software Consortium
Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN
NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
Internet Systems Consortium, Inc.
950 Charter Street
Redwood City, CA 94063
<info@isc.org>
https://www.isc.org/.

# dhclient -d -v wlan0
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/wlan0/40:a5:ef:48:47:92
Sending on LPF/wlan0/40:a5:ef:48:47:92
Sending on Socket/fallback
DHCPREQUEST for 10.111.111.82 on wlan0 to 255.255.255.255 port 67
DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 1
DHCPOFFER of 192.168.255.219 from 192.168.255.1
DHCPACK of 192.168.255.219 from 192.168.255.1
bound to 192.168.255.219 -- renewal in 3261 seconds.

# dhcpcd -d -B wlan0
dhcpcd-7.1.0 starting
wlan0: executing `/lib/dhcpcd/dhcpcd-run-hooks' PREINIT
wlan0: executing `/lib/dhcpcd/dhcpcd-run-hooks' CARRIER
DUID 00:03:00:01:40:a5:ef:48:47:92
wlan0: IAID ef:48:47:92
wlan0: delaying IPv4 for 0.0 seconds
wlan0: soliciting a DHCP lease
wlan0: sending DISCOVER (xid 0x1d51dacd), next in 3.5 seconds
wlan0: sending Router Solicitation
wlan0: offered 192.168.255.219 from 192.168.255.1
wlan0: sending REQUEST (xid 0x1d51dacd), next in 3.3 seconds
wlan0: acknowledged 192.168.255.219 from 192.168.255.1
wlan0: leased 192.168.255.219 for 7200 seconds
wlan0: renew in 3600 seconds, rebind in 6300 seconds
wlan0: writing lease `/var/lib/dhcpcd/wlan0-IPAP.lease'
wlan0: IP address 192.168.255.219/24 already exists
wlan0: adding route to 192.168.255.0/24
wlan0: adding default route via 192.168.255.1
wlan0: ARP announcing 192.168.255.219 (1 of 2), next in 2.0 seconds
wlan0: executing `/lib/dhcpcd/dhcpcd-run-hooks' BOUND
wlan0: ARP announcing 192.168.255.219 (2 of 2)
wlan0: sending Router Solicitation

# dhclient -d -v wlan0
Internet Systems Consortium DHCP Client 4.4.1
Copyright 2004-2018 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/wlan0/40:a5:ef:48:47:92
Sending on LPF/wlan0/40:a5:ef:48:47:92
Sending on Socket/fallback
No DHCPOFFERS received.
No working leases in persistent database - sleeping.

Check raggiungibilità di Internet
42
Android, IOS, Windows e MacOs appena una connessione Wi-Fi viene
attivata, controllano se la rete Internet è raggiungibile oppure devono
mostrare una pagina intermedia di login via Captive Portal.
Android check: http://connectivitycheck.gstatic.com/generate_204
IOS check: http://captive.apple.com/hotspot-detect.html

Risoluzione nome host con DNS
43
Non esiste un vero e proprio DNS client, la risoluzione dei
nomi DNS è embedded nelle librerie di base (libc o bionic)
del sistema operativo
Esistono però due comandi che aiutano nel analisi e nel
debug della risoluzione DNS, nslookup e dig.

# ping -c 1 PLUTOPAPERINO.gstatic.com
ping: PLUTOPAPERINO.gstatic.com: Temporary failure in name resolution
#
# ping -c 1 PLUTOPAPERINO.gstatic.com
ping: PLUTOPAPERINO.gstatic.com: Name or service not known
#
#
#
#
# ping -c 1 connectivitycheck.gstatic.com
PING connectivitycheck.gstatic.com (216.58.205.131) 56(84) bytes of data.
64 bytes from mil04s27-in-f131.1e100.net (216.58.205.131): icmp_seq=1 ttl=53 time=8.22
ms
--- connectivitycheck.gstatic.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 8.220/8.220/8.220/0.000 ms
#

# dig @8.8.8.8 -4 -t A connectivitycheck.gstatic.com +time=10 +qr
; <<>> DiG 9.11.5-P1-1-Debian <<>> @8.8.8.8 -4 -t A connectivitycheck.gstatic.com +time=10 +qr
; (1 server found)
;; global options: +cmd
;; Sending:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41694
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: ddf36ba13790caed
;; QUESTION SECTION:
;connectivitycheck.gstatic.com. IN A
;; QUERY SIZE: 70
;; Got answer:
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; ANSWER SECTION:
connectivitycheck.gstatic.com. 168 IN A 216.58.205.35
;; Query time: 40 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Feb 22 00:46:17 UTC 2019
;; MSG SIZE rcvd: 74

# dig @1.8.8.8 -4 -t A connectivitycheck.gstatic.com +time=10 +qr
; <<>> DiG 9.11.5-P1-1-Debian <<>> @1.8.8.8 -4 -t A connectivitycheck.gstatic.com
+time=10 +qr
; (1 server found)
;; global options: +cmd
;; Sending:
;; flags: rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
; COOKIE: a632d9dbf8bb39a7
;; QUERY SIZE: 70
;; connection timed out; no servers could be reached
#

Controllo http con cURL
47
Per verificare il successo ed il dettaglio di un dialogo HTTP, è più conveniente
utilizzare la linea comandi invece del browser.
cURL è il comando per il debug HTTP più utilizzato, è disponibile come default
su Windows 10, MacOs, Android
https://en.wikipedia.org/wiki/CURL

# curl --url 'http://connectivitycheck.gstatic.com/generate_204' -v -sS --ipv4 -w 'SESSION TIME :
%{time_total}n'
* Trying 216.58.205.131...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x14b2770)
* Connected to connectivitycheck.gstatic.com (216.58.205.131) port 80 (#0)
> GET /generate_204 HTTP/1.1
> Host: connectivitycheck.gstatic.com
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 204 No Content
< Content-Length: 0
< Date: Wed, 27 Feb 2019 14:22:18 GMT
<
* Connection #0 to host connectivitycheck.gstatic.com left intact
SESSION TIME : 0.067276
#

# curl --url 'http://captive.apple.com/hotspot-detect.html' -v -sS --ipv4 -w 'SESSION TIME : %{time_total}n'
* Trying 17.253.37.210...
* TCP_NODELAY set
* Expire in 149973 ms for 3 (transfer 0x10e6770)
* Expire in 200 ms for 4 (transfer 0x10e6770)
* Connected to captive.apple.com (17.253.37.210) port 80 (#0)
> GET /hotspot-detect.html HTTP/1.1
> Host: captive.apple.com
> Accept: */*
>
< HTTP/1.1 200 OK
< x-amz-id-2: TZtjOQGvfqZuvB0Eh4Bi2/yCGF6Bi39BQYWNjIc+tTcEKjtsjmlPWhkXXIpQ6KzbaXxqkI4AjNU=
< x-amz-request-id: 28820D6F0EA2B200
< Date: Wed, 27 Feb 2019 14:23:06 GMT
< Last-Modified: Fri, 17 Feb 2017 20:36:28 GMT
< Cache-Control: max-age=300
< Accept-Ranges: bytes
< Content-Type: text/html
< Content-Length: 69
< Server: ATS/8.0.2
< Via: http/1.1 uklon6-edge-lx-010.ts.apple.com (ApacheTrafficServer/8.0.2), http/1.1 uklon6-edge-bx-
034.ts.apple.com (ApacheTrafficServer/8.0.2)
< CDNUUID: 00f706fe-7a17-4df0-8419-6c16853f4785-2131150787
< X-Cache: hit-fresh, hit-fresh
< Etag: "41ba060eb1c0898e0a4a0cca36a8ca91"
< Age: 73
< Connection: keep-alive
<
<HTML><HEAD><TITLE>Success</TITLE></HEAD><BODY>Success</BODY></HTML>
* Connection #0 to host captive.apple.com left intact

# curl --url 'http://captive.gapple.com/WHATEVER' -v -sS --ipv4 -w 'SESSION TIME :
%{time_total}n'
* Trying 185.53.178.9...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x11eb770)
* Connected to captive.gapple.com (185.53.178.9) port 80 (#0)
> GET /WHATEVER HTTP/1.1
> Host: captive.gapple.com
> Accept: */*
>
< HTTP/1.1 403 Forbidden
< Server: nginx
< Date: Wed, 27 Feb 2019 14:28:35 GMT
< Content-Type: text/html
< Content-Length: 162
< Connection: keep-alive
<
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
<hr><center>nginx</center>
</body>
</html>
* Connection #0 to host captive.gapple.com left intact
#

Ping
51
Il comando ping è molte volte utilizzato per controllare lo stato di un link, ma
come «una rondine non fa primavera» un ping non fa una rete funzionante
Occorre usare uno «stormo» di ping rappresentativo di un traffico reale
Sono da evitare strumenti quali Iperf, Netperf, TRex, che durante la loro
misura danneggiano gravemente tutte le utenze sullo stesso canale

# ping -c 20 -i 0.5 -n -s 512 -w 15 -W 2 -O 192.168.255.1
PING 192.168.255.1 (192.168.255.1) 512(540) bytes of data.
520 bytes from 192.168.255.1: icmp_seq=1 ttl=64 time=0.750 ms
--- 192.168.255.1 ping statistics ---
20 packets transmitted, 20 received, 0% packet loss, time 552ms
rtt min/avg/max/mdev = 0.546/1.389/1.756/0.459 ms
#

Vista Multi Access Point
54

Grafici visibili con
differenti risoluzioni
temporali
ore/giorni /settimane...
55

Preview degli step della misura
56

Dettaglio step di misura
57

PCAP
58

Analisi di spettro
59
La funzionalità di Analisi di Spettro permette di visualizzare
lo spettro radio analogico con diagrammi “in cascata” e
“per densità” nel contesto della misura
Visualizzazione dello spettro radio durante un test di misura:
sono visibili delle interferenze esterne al canale misurato

Non solo
Wi-Fi
60

AS transit network check
61

End-to-End: web browser
62

Step di una
interazione
web banking
63

Errore su un web banking
64

Chrome DevTools Network Log Info
65

Script di misura personalizzati
66

WiFiProbe / NetProbe
67
Verifica il funzionamento dei servizi di rete:
• senza la presenza di un tecnico specializzato
• per giorni o settimane
• in luoghi non presidiati
Permette di:
• aumentare la qualità di servizio
• diminuire i costi operativi
WiFiProbe / NetProbe è:
• un dispositivo hardware
• un servizio cloud

Edge & Cloud
68
I dati delle misure sono salvati su memoria flash di ogni Probe e sincronizzati sul Cloud:
questa operazione può essere attivata durante la misura senza ulteriori collegamenti
La stessa interfaccia utente è disponibile sia dal Cloud che direttamente dal dispositivo
Gli allarmi generati possono essere inviati a sistemi di monitoraggio già esistenti
Si possono anche creare file .pcap per essere poi analizzati con strumenti appositi, tipo
Wireshark

Machine Learning e integrazione AI
69
WiFiProbe può lavorare come sonda a sè stante, oppure unitamente ad un potente servizio
Cloud che acquisice i dati per fornire una diagnostica avanzata generata tramite i moderni
algoritmi di Machine Learning
L’Intelligenza Artificiale sul Cloud si integra con l’infrastruttura presente per operare sui
componenti in errore, al fine di correggerne automaticamente le anomalie

Prezzi
70
Le sonde WiFiProbe sono costruite per essere direttamente impiegate in siti remoti, per cui
la loro robustezza ed efficienza sono di fondamentale importanza.
• Singola sonda WiFiProbe: 480 Eu
• Servizi cloud (per sonda): 9.90 Eu/mese

Tel. +39 011 6811590
Mail: info@inrete.it
Web: www.inrete.it
Grazie !! INRETE S.r.l.
I-10024 Moncalieri (TO)
Via Fortunato Postiglione, 29

Evento formativo Spring 3 ottobre 2019

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (18)

Semelhante a Evento formativo Spring 3 ottobre 2019

Semelhante a Evento formativo Spring 3 ottobre 2019 (20)

Último

Último (20)

Evento formativo Spring 3 ottobre 2019