Initially, it is noted that IEEE Standard 802.11-2012 (Standard) is used as a reference for specifications used in this disclosure, the entire contents of which are incorporated herein by reference.
FIG. 1 is a block schematic diagram of a typical IEEE 802.11 infrastructure network 100. A number of mobile nodes, or mobile stations (STA) 120a, 120b, 120c, 120d, 120e and 120f (collectively referred to herein as “mobile nodes 120”) may or may not be associated with an access point (AP) 110. AP 110 is in communication with a hard-wired distribution system (DS) 130. In such a network, the AP 110 will periodically transmit beacons in order to allow the unassociated mobile nodes 120 to locate and identify the network, and will allow the AP 110 to convey information to the associated mobile nodes 120. In addition, the AP 110 transmits probe responses in reply to probe requests received from unassociated STAs. The information contained within the beacon and probe response management frames are very similar and to a large extent identical. The following background description describing the methods and arrangements of this disclosure will use the beacon as the source for the fingerprinting of AP 110. It is clear to persons skilled in the art that the following background description may also be applied to the probe responses transmitted by the AP 110.
The Standard specifies the information that may be included in the frame body of a Beacon management frame. It should be noted that the IEEE Standard 802.11 (“Standard”) is regularly revised as new amendments are approved. As a result of approved amendments and revisions of the Standard, additional information may be added to the Beacon frame body. It should also be noted that the beacon transmitted by AP 110 may include some or all of the information allowed by the Standard. The determination of what information to include in the beacon frame body is determined by each AP 110 as default settings and then possibly added to or changed by user settings. The information provided in the beacon will, to some extent, reflect the capabilities of the AP 110 as well as specific user settings.
There is no requirement that the information included in the beacon be in a particular order. However, it is common practice that the beacon starts with “Fixed Parameters,” which include, for example, Information, i.e., Timestamp, Beacon Interval, and Capability, followed by “Tagged Parameters,” which are Information Elements (IEs).
One type of tagged parameter that may be included in the beacon information is the “Vendor Specific” IEs. The element format for vendor specific IEs includes an “Organization Identifier” which is the Organizationally Unique Identifier (OUI). The OUI is a 24-bit number that uniquely identifies, for example, a vendor, a manufacturer or other organizations. There are some common vendor specific IEs such as the ones for Wi-Fi Multimedia (WMM) and Wi-Fi Protected Setup (WPS) which are, respectively, the Wi-Fi Alliance IEs for quality of service settings and protected setup. In one embodiment, the present disclosure relates to vendor specific IEs that refer to the chipset and/or firmware vendor.
FIG. 2 shows the management frame format for a typical beacon transmission. When an AP 110 transmits the beacon, the beacon is sent with a particular format. For example, “Address 2” represents the Media Access Control (MAC) address of AP 110. Typically, the first three octets of the MAC address are the OUI. Hence, the OUI of the MAC address typically identifies the identity of the vendor.
FIG. 3 is an example of information obtained in a beacon capture from a known AP 110 using an analyzer tool such as, for example, the WIRESHARK® analyzer tool. The information obtained from the captured beacon may include the following:
Transmitter Address. The first three octets of the address are the OUI.
Capabilities Information: The details of this is the value 0x0c01 (which, in this example, is in hex format).
Supported Rates: Provides the list of supported data rates. Those rates followed by “(B)” are “Base” rates.
Extended Supported Rates: Provides additional list of supported data rates.
Country Information: The presence of this IE is distinctive.
AP Channel Reports: The presence of these IEs is distinctive and indicates that this AP 110 has network management features.
Vendor Specific MICROSOFT® WPS: This indicates that this AP 110 supports “EZ Configuration,” a Wi-Fi Alliance specified feature.
High throughput (HT) Capabilities and HT Information: These tags indicate that the AP 110 supports 802.11n capability.
Overlapping Basic Service Set (BSS) Scan Parameters: The presence of these IEs is distinctive and indicates that this AP 110 has network management features.
Extended Capabilities: This tag indicates extended capabilities.
Vendor Specific MICROSOFT® Wi-Fi Multimedia/Wireless Multimedia Extensions (WMM/WME): This tag indicates that the AP 110 supports the “Wi-Fi Multi Media” features. This is a Wi-Fi Alliance specified feature based upon the Enhanced Distributed Channel Access (EDCA) feature in the 802.11 Standard.
Quality of Service (QoS) Basic Service Set (QBSS) Load Element: The presence of these IEs is distinctive and indicates that this AP 110 has network management features.
Vendor Specific: This indicates the identity of the AP 110 chipset vendor.
Thus, the information provided in the beacon received from a known AP 110 can be used to create a record of information or “fingerprint” for this particular AP 110. Furthermore, from FIG. 3, the order that the tagged parameters are sent is seen as received signal strength indication (RSSI), Supported Rates, distribution system (DS) Parameter Set, Extended Supported Rates, Country Information, AP Channel Report, AP Channel Report, traffic indication map (TIM), Vendor Specific Microsoft Wi-Fi protective setup (WPS), extended rate physical layer (ERP), HT Capabilities, HT Information, Overlapping BSS Scan Parameters, Extended Capabilities, Vendor Specific Microsoft WMM/WME, Quality of service BSS (QBSS) Load Element, Vendor Specific “R . . . ”. The order in which the information in a beacon is transmitted may differ significantly between APs 110. Hence, the order of the received information can also be used as part of the fingerprint for this particular AP 110.
FIG. 4 is also a list of parameters for the AP beacon of FIG. 3, but in this example, the HT Capabilities and HT Information details have been expanded. From the Supported Rates field, and Extended Supported Rates field, the AP 110 indicates that it supports 802.11b and 802.11g modes. In addition, the AP 110 indicates that it also supports 802.11n mode by including the HT Capabilities and HT Information elements in its beacon. In this example, some details within these elements, include:
HT Capabilities Info: a value of 0x0c00
Aggregate-MAC Protocol Data Unit (A-MPDU) Parameters: a value of 0x17
Receiver Modulation Coding Scheme (RX MCS) Set: an examination of the bitmasks indicates that the AP 110 supports the reception of MCS 0 to 15 and MCS 32. Hence, the AP 110 supports two spatial streams. In addition, the transmission (TX) and receiving (RX) MCS Set bit is 0 indicating that this AP 110 also supports two spatial streams on transmit. The Multiple Input and Multiple Output (MIMO) capability of an 802.11n device is termed (a)×(b):(c), where (a) is the maximum number of transmit antennas or TX chains, (b) is the maximum number of receive antennas or RX chains, and (c) is the maximum number of data spatial streams. Hence, by examining the HT Capabilities element, this AP 110 has a MIMO capability of 2×2:2.
HT Information: the three HT Information Subset values are 0x05, 0x000, 0x0000 respectively.
The specific details and breakdown of each of the elements shown in FIGS. 3 and 4 and explanations of each of the values and their corresponding features are not necessary for understanding the present disclosure. For the purposes of this disclosure, the presence of the IE, the corresponding values, and the order in which they are sent are considered. There may be instances, however, when further inspection of the particular features can be useful. Examples of these instances are explained below.