Wireless Communications Study Notes Template

# Wireless Communications Study Notes Template ###### tags: `Wireless Communications` ## :notebook_with_decorative_cover: Personal Information :::info - Name: Januar Evan Zuriel Banjarnahor - Research Direction: AI Implementation (Deep Learning) - Briefly summarize your background and why you want to take this course: - I am intrigued in AI Application and there are opportunities doing this in Wireless Communication ::: ## :notebook_with_decorative_cover: Study Notes ### A1: Basic Wireshark :::warning - **A1: Basic Wireshark (12pt)** - **Deadline : 12:00, Oct. 7** - **Goal:** - Students will be able to use Wireshark to perform basic packet capture and analysis, and understand the structure of network packets. - **Requirment and Rule:** - Rule: 1. Please provide proof for each answer using a screenshot or log. 2. Please include the link to your PCAP file (you can upload it to your Google Drive). 3. You will receive full points if you provide the correct answer for each question. 4. Paste your study note link and video link on your personal hackmd home page's `Deliverable`. - Requirment: - Make a wireshark and [KS wireshark](https://drive.google.com/drive/folders/1FiEmKeXc4M7qfkHbAzDjbaQ0Yn-SRcCO?usp=sharing) installation guide - ==Note: KS wireshark only can install in the **Windows** OS== - (1 pt) Capture packets: access the NTUST homepage (https://www.ntust.edu.tw/home.php) and answer the following questions: - What is the IP address and port of the NTUST homepage (https://www.ntust.edu.tw/home.php)? - What is the IP address and port of your PC when initially accessing the page? - What is the process of the TCP three-way handshake? - (1 pt) Use the filter `dns` to find a DNS packet and answer the following questions: - What is the IP address and port of the DNS server? - What is the domain name in this query? - Which protocol(s) does this DNS packet use? (List the protocols from Layer 2 — Link Layer — up to Layer 5 — Application Layer in the TCP/IP five-layer model.) - (1 pt) Access an HTTP page (e.g., http://www.gzxyzn.com/Article/bjrk2/1644.html) and answer the following questions: - Which HTTP page did you access? - What is the IP address and port of the server hosting this page? - What is the request method? - What is the response status code, and what does it mean? - **Deliverable:** - [ ] (4 pts) [Study Note](https://hackmd.io/@2xIzdkQiS9K3Pfrv6tVEtA/ryfyPD3oge): - [ ] (1 pt) Make a wireshark installation guide - [ ] (1 pt) Capture packets: access the [NTUST homepage](https://www.ntust.edu.tw/home.php) and answer the following questions: - [ ] (1 pt) Use the filter `dns` to find a DNS packet and answer the following questions: - [ ] (1 pt) Access an HTTP page (e.g., http://www.gzxyzn.com/Article/bjrk2/1644.html) and answer the following questions: - [ ] (4 pts) Presentation Video (5 mins) - [ ] (1 pt) [Vote the Top3](https://docs.google.com/forms/d/e/1FAIpQLSehUNvidISkA4JD97emaqW53Lze0zSrHqtWIIeSEYrNP1S96A/viewform?usp=header) - Top3: * Top1(3pts): * Top2(2pts): * Top3(1pt): - **Reference:** - [Wireshark-Basics.pdf](https://drive.google.com/file/d/15hqyIT_i-IEboLMnthlA8ZcC5HRLAgtp/view?usp=sharing) - [How to install two different Wireshark versions in same PC](https://drive.google.com/file/d/1xA_2otvBCCxwzFfWDvkX0h_W4tpcdOrB/view?usp=drive_link) - [KS-wireshark for 5G RRC_NAS callflow analysis](https://drive.google.com/drive/folders/1FiEmKeXc4M7qfkHbAzDjbaQ0Yn-SRcCO?usp=drive_link) ::: :::warning - **A2: 5G End-To-End Log Analysis (13pt) -> Provided by Prof. MA** - **Deadline : 12:00, Nov. 18** - **Goal:** - Students will be able to analyze sample pcap traces to understand the 5G End-to-End (E2E) Call Flow, gaining familiarity with the complete procedure from UE through RAN, core network, and user data transmission. - **Reference:** - **Deliverable:** - Study Note: Analyze 5G E2E Log (7pts) - A clear summary of the entire 5G E2E Call Flow - Log analysis highlighting key parameters (e.g., Registration, Authentication...) - Presentation Video (5 mins) (6pts) ::: :::success ### A1 Basic Wireshark ([Video Presentation](https://youtu.be/BVrs-ruwXGI)) #### 1. Installation Guidelines ##### 1a. KS Wireshark Installation (Windows) - Click this [link](https://drive.google.com/drive/folders/1FiEmKeXc4M7qfkHbAzDjbaQ0Yn-SRcCO) to get the installation package - Download the `.exe` file inside of the google drive - If it's finished downloading, open the installer - Go through the setup wizard and wait until it's completed [Setup Wizard Start Up Image](https://drive.google.com/file/d/1W50dT4sUFsdhov74D99O0tn4190g7Z45/view?usp=drive_link) [Setup Wizard Finish Image](https://drive.google.com/file/d/1PAVmVsoCeiYrW3StciSQdnAG_t7j9taB/view?usp=drive_link) ##### 1b. KS Wireshark Installation (Linux) - Open Terminal - run this command inside the terminal ``` sudo apt update sudo apt install wireshark ``` [Image 1 : Ongoing](https://drive.google.com/file/d/1MVyJB2VjR54hOVcFJcrTdYKNF773C7sQ/view?usp=drive_link) [Image 2 : Finished Updating](https://drive.google.com/file/d/1C2UmgAehGRINhul-v9rYD_IPvpoRTZ4v/view?usp=drive_link) [Image 3 : Installing Wireshark](https://drive.google.com/file/d/1E-U-SpwSmFkqQGTcCdSnKF-w1QAdDIkm/view?usp=drive_link) - To open the wireshark run ``` wireshark ``` [Image : Opening Wireshark](https://drive.google.com/file/d/1QS9vINdjq18lTN8a8MNcjzQfH_3K-aS0/view?usp=drive_link) #### 2. Capture packets: access the NTUST homepage - Open Wireshark ([Image of KS Wireshark Menu](https://drive.google.com/file/d/1K74yK4_t5kDDUSF35UFJG5bKegN-bfc_/view?usp=drive_link)) - Choose your interface you use to connect to internet (Wifi or Ethernet) - Click Start, it will start capturing packets - Open [NTUST homepage](https://www.ntust.edu.tw/home.php) - Click Red Square on the top left to stop tracing packets - To check packets from [NTUST homepage](https://www.ntust.edu.tw/home.php), we need to find the IP Address from DNS lookup - type `dns.qry.name == "www.ntust.edu.tw"` in Filter box and get the IP Address from query result ([Image of running filter](https://drive.google.com/file/d/1JWimNI93wmuvXnztHEmvzHKC1HSOU-Bd/view?usp=drive_link)) - After getting the IP Address, type `ip.addr == <The IP Address Result>` in this case, it will be `ip.addr == 140.118.242.124` and the port of the server is is `443` - From the result of the filter, we can see our source ip address, in this case it's `140.118.243.229` and the port will be `57484` ([Image of one of the packets](https://drive.google.com/file/d/1vI7zisraaTa0R-ZIDK3m7_cHIb1oTL6J/view?usp=drive_link)) - The TCP Three Way handshake is a protocol to synchronize and confirmation of the connection between client and server. It happens before the TLS Handshake (for encryption) happens - You can get the pcap file for this question in this [link](https://drive.google.com/file/d/1ZhFRdypjqO1jLr2zYO2gcGdMvdw_ZpnQ/view?usp=drive_link) #### 3. Use the filter dns to find a DNS packet and answer the following questions: - The IP Address and Port of the DNS Server is `1.1.1.1` and `53`. We can get the information by looking at User Datagram Protocol on one of the packet ([Image of one of the packets](https://drive.google.com/file/d/1v1w62Jebjavd3IGPP8KHx-mTitNIY5fE/view?usp=drive_link)). - The domain of [NTUST homepage](https://www.ntust.edu.tw/home.php) is `www.ntust.edu.tw` - Protocols they use in DNS lookup ([Image of one of the packets](https://drive.google.com/file/d/1v1w62Jebjavd3IGPP8KHx-mTitNIY5fE/view?usp=drive_link)) - Layer 2 (Link) : MAC Address - Layer 3 (Internet) : IPv4 - Layer 4 (Transport) : User Datagram Protocol - Layer 5 (Application) : Domain Name System Response - You can get the pcap file for this question in this [link](https://drive.google.com/file/d/1ZhFRdypjqO1jLr2zYO2gcGdMvdw_ZpnQ/view?usp=drive_link) #### 4. Access an HTTP page (e.g., http://www.gzxyzn.com/Article/bjrk2/1644.html) and answer the following questions - By typing `http` in the filter box, we can get the packets with HTTP protocol only ([Image of filtering HTTP protocol packet only](https://drive.google.com/file/d/1m9es4y5eEdzxGzWwWQC_nujHRE0KH1Px/view?usp=drive_link)) - The URL of the site is `http://www.gzxyzn.com/Article/bjrk2/1644.html` - The IP Address and Port of the server is `61.183.8.129` and `80` ([Image of one of the packet detail](https://drive.google.com/file/d/141h-X5TGanscQ_-SZY8oSH0cPKCrRT8Q/view?usp=drive_link)) - The request method will be `GET` - The response status code is `200` and it means it is able to send the packets successfully (OK) - You can get the pcap file for this question in this [link](https://drive.google.com/file/d/1YlqDXXQTBVzg-6jWWIEHpQlyt9gk8cZ-/view?usp=drive_link) ::: :::info Add the hyperlink of your study note when available. During your studying, try to address the key tasks/knowledge identified by [IEEE WCET Handbook](https://www.comsoc.org/media/6771/download). ::: ### A2: 5G End-To-End Log Analysis :::success ### a. Mult-choice question for 5G E2E SCAS lessons Here is the proof of me answered the questions via screenshots ![image](https://hackmd.io/_uploads/HyA2ABVM-g.png) ### b. 5G E2E Call Flows Analysis #### 1. Answer the following question from UElog ##### 1.1. What is the cell PLMN in logs? You can use the filter to get packets which contains PLMN info by typing `nr-rrc.plmn_IdentityList` The result would be like this in the wireshark : ![image](https://hackmd.io/_uploads/HJPNHX7fWx.png) Choose one of the packet then you will see the MCC and MNC values. Here is the screenshot of one of the packet ![image](https://hackmd.io/_uploads/HJFKBmmGbx.png) It's shown that `MCC-MNC` values would be `001-01` ##### 1.2. What is the cell FR1 band in logs? In order to know which FR1 band, we can do a `CTRL+F` search for `frequencyInfoDL` and make sure that the packet is not UE capability packet. Make sure that it's searched by `String` and `Packet details`. ![image](https://hackmd.io/_uploads/HJeL07QGWl.png) As the result from the search (screenshot above), we can get `frequencyInfoDL` value which contains `freqBandIndicatorNR` and 79 is its value. Therefore, the FR1 band is `n79` which is working in a 4.4–5.0 GHz (specifically, 4.4–4.9 GHz for DL/UL) frequency range. ##### 1.3 How to check the gNB cellBarred or notBarre? You can use the `nr-rrc.cellBarred` filter to check specifically `cellBarred` field inside of the packet and it's shown from the screenshot below that it's `notBarred` ![image](https://hackmd.io/_uploads/B1mb-4mGbe.png) ##### 1.4 What is the MSIN of UE/Subscriber in log? If you search `IMSI` using CTRL+F string search, you will find `MSIN` field and its value, which is `1234567890`. However, this is a bit misleading since the protection scheme id (from the screenshot) that was being used is `Null scheme`, which didn't obfuscate the value of MSIN. Therefore, this method is valid ![image](https://hackmd.io/_uploads/HyOIr4mM-e.png) ##### 1.5 What is the registration type and FOR? For searching the value of these two field, you can use this `nas_5gs.reg_type` filter and find `FOR` and `Registration type` description inside of the `IE V: 5Gs registration type` ![image](https://hackmd.io/_uploads/H1kPaEXfZg.png) The value of the example packet is `FOR=1` and `Registration type=001` ##### 1.6 What is the DNN? DNN is an abbreviation of Data Network Name, which is the way to tell the 5G network which external network the device wants to reach. It is sent inside of the PDU Session Establishment Request. In order to find this, you can `CTRL+F` to search by string `DNN`. In this particular case, the value is `internet`. ![image](https://hackmd.io/_uploads/S106MbSMWx.png) ##### 1.7 What is the SCC mode in 5G? SCC or Secondary Component Carrier is the method of using a secondary carrier in 5G Carrier Aggregation (CA) to increase bandwidth and speed. You can get the value of the SCC mode from the log using `CTRL+F String Search` and type `SCC` to find the value. ![image](https://hackmd.io/_uploads/rkuslHQGWx.png) ##### 1.8 What is the PDU address? PDU is the IP address assigned to the phone (or device) by the 5G core network so it can use the internet or other data services. PDU address can be in IPv4 and IPv6. One way to find the address is you can search `PDU session establishment accept` message and it will lead you to one of the packet. From the detail, you will find PDU address description and you will get the PDU address (whether it's in IPv4 or IPv6) ![image](https://hackmd.io/_uploads/rJS9MBmf-g.png) ##### 1.9 What is the 5QI for this session? You can search 5QI value by `CTRL+F`. The value from the packet is `9` ![image](https://hackmd.io/_uploads/ryDdrsmfZg.png) ##### 1.10 What is the destination address of ICM? ICM is not possible obtained from UE logs. If the question refers to ICMP, then here is how: - Filter the packet using `icmp` filter for only showing ICMP - then look at the column destination for address - In this case, the value is `22.22.22.22` ![image](https://hackmd.io/_uploads/SJDNgUEGbg.png) ##### 1.11 What is the period of MIB or SIB1? After applying `nr-rrc.mib_element` filter, you can see for each packet which contains `systemFrameNumber` and its values stays the same every 8 packet sequence. Each 8 packet sequence difference if you look on the time column, the difference is `160 ms`. Therefore, the SIB1 period is `160 ms`. ![image](https://hackmd.io/_uploads/S1mpp2mzWg.png) ##### 1.12 What is the Network Slicing (S-NSSAI) in UE? ![image](https://hackmd.io/_uploads/r1RmQamfWx.png) First, you can use `nas_5gs` filter to get the S-NSSAI from NAS. Then, click over the packet which is specifically for registration and then you can check `IE TLV: Allowed NSSAI` field and you will find the value of NSSAI in UE ![image](https://hackmd.io/_uploads/H1pUXT7fbx.png) In this case, the value will be `{SST:1, SD:198153 (0x030609 in hex)}` #### 2. Answer the following question from 5GClog ##### 2.1 What is the cell AllowedNSSAI in logs? Using filter `ngap.InitialContextSetupRequest_element`, you can get the AllowedNSSAI value. In this case, the value will be `{SST:1, SD:198153 (0x030609 in hex)}` ![image](https://hackmd.io/_uploads/r1pti7NG-l.png) ##### 2.2 What is the RRCEstablishmentCause? First, apply `ngap.InitialUEMessage_element` and CTRL+F `RRCEstablishmentCause` and you will find id-RRCEstablishmentCause. The value from this packet is `RRCEstablishmentCause: mo-Signalling (3)` ![image](https://hackmd.io/_uploads/rJw1RX4Mbg.png) ##### 2.3 What is the PDU address? First, use the `nas_5gs` filter and `CTRL+F` to search `PDU address` to get the value. In this pcap file, the value would be `172.16.0.1` ![image](https://hackmd.io/_uploads/BywhONEfZl.png) ##### 2.4 What is the MSIN of UE/Subscriber in 5GC log First, use the `nas_5gs.nas_message` to get only messages from NAS, then search by string `IMSI` and you will find MSIN underneath `IE LV-E: 5GS mobile identity` field. In this pcap, the MSIN is `1234567890` ![image](https://hackmd.io/_uploads/BkHj644MWe.png) :::