Wireless Communications Study Notes_B11002027

# Wireless Communications Study Notes Template ###### tags: `Wireless Communications` ## :notebook_with_decorative_cover: Personal Information :::info - Name: 許少凱 - Research ： Wifi, Wireless communication - Briefly summarize your background and why you want to take this course: In my collage experience, communication related courses is a brand new field for me, but I found out it's actually interesting so I decided to enroll this course. And because it's English course so I think it's a good way to improve my English through some professional courses. ::: ## :notebook_with_decorative_cover: Study Notes ### A1: Basic Wireshark :::warning - **A1: Basic Wireshark (12pt)** - **Deadline : 12:00, Oct. 7** - **Goal:** - Students will be able to use Wireshark to perform basic packet capture and analysis, and understand the structure of network packets. - **Requirment and Rule:** - Rule: 1. Please provide proof for each answer using a screenshot or log. 2. Please include the link to your PCAP file (you can upload it to your Google Drive). 3. You will receive full points if you provide the correct answer for each question. 4. Paste your study note link and video link on your personal hackmd home page's `Deliverable`. - Requirment: - Make a wireshark and [KS wireshark](https://drive.google.com/drive/folders/1FiEmKeXc4M7qfkHbAzDjbaQ0Yn-SRcCO?usp=sharing) installation guide - ==Note: KS wireshark only can install in the **Windows** OS== - (1 pt) Capture packets: access the NTUST homepage (https://www.ntust.edu.tw/home.php) and answer the following questions: - What is the IP address and port of the NTUST homepage (https://www.ntust.edu.tw/home.php)? - What is the IP address and port of your PC when initially accessing the page? - What is the process of the TCP three-way handshake? - (1 pt) Use the filter `dns` to find a DNS packet and answer the following questions: - What is the IP address and port of the DNS server? - What is the domain name in this query? - Which protocol(s) does this DNS packet use? (List the protocols from Layer 2 — Link Layer — up to Layer 5 — Application Layer in the TCP/IP five-layer model.) - (1 pt) Access an HTTP page (e.g., http://www.gzxyzn.com/Article/bjrk2/1644.html) and answer the following questions: - Which HTTP page did you access? - What is the IP address and port of the server hosting this page? - What is the request method? - What is the response status code, and what does it mean? - **Deliverable:** - [ ] (4 pts) [Study Note](https://hackmd.io/@2xIzdkQiS9K3Pfrv6tVEtA/ryfyPD3oge): - [ ] (1 pt) Make a wireshark installation guide - [ ] (1 pt) Capture packets: access the [NTUST homepage](https://www.ntust.edu.tw/home.php) and answer the following questions: - [ ] (1 pt) Use the filter `dns` to find a DNS packet and answer the following questions: - [ ] (1 pt) Access an HTTP page (e.g., http://www.gzxyzn.com/Article/bjrk2/1644.html) and answer the following questions: - [ ] (4 pts) Presentation Video (5 mins) - [ ] (1 pt) [Vote the Top3](https://docs.google.com/forms/d/e/1FAIpQLSehUNvidISkA4JD97emaqW53Lze0zSrHqtWIIeSEYrNP1S96A/viewform?usp=header) - Top3: * Top1(3pts): * Top2(2pts): * Top3(1pt): - **Reference:** - [Wireshark-Basics.pdf](https://drive.google.com/file/d/15hqyIT_i-IEboLMnthlA8ZcC5HRLAgtp/view?usp=sharing) - [How to install two different Wireshark versions in same PC](https://drive.google.com/file/d/1xA_2otvBCCxwzFfWDvkX0h_W4tpcdOrB/view?usp=drive_link) - [KS-wireshark for 5G RRC_NAS callflow analysis](https://drive.google.com/drive/folders/1FiEmKeXc4M7qfkHbAzDjbaQ0Yn-SRcCO?usp=drive_link) ::: ## 1.1 Make a wildshark installation guide https://hackmd.io/@kyle0225/BkzBwi22xx ## 1.2 Capture packets: access the NTUST homepage ### 1.2.1 What is the IP address and port of the NTUST homepage Use the following command to search for IP ```sql= dns.qry.name contains "ntust.edu.tw" ``` ![Screenshot 2025-10-07 at 2.01.54 AM](https://hackmd.io/_uploads/S1tSNKbTex.png) This figure shows the DNS response packet captured in Wireshark. The query type is A (Host Address), and the answer section indicates that the domain ntust.edu.tw resolves to the IP address 140.118.242.124. ![Screenshot 2025-10-06 at 10.21.40 PM](https://hackmd.io/_uploads/S12FeUb6ee.png) According to this pic from the first packet, the destination port is 53. As a result: - NTUST homepage: - IP address: `140.118.242.124` - port: `53` ### 1.2.2 What is the IP address and port of your PC when initially accessing the page? Let's see the previous pic again. We can see that: - My PC: - IP address: `172.20.10.3` - port: `60747` ![Screenshot 2025-10-07 at 2.30.51 AM](https://hackmd.io/_uploads/BJKZjtWalg.png) ### 1.2.3 What is the process of the TCP three-way handshake? First, we have to use this command to filter the information we what: ```sql= ip.addr ==140.118.31.99 && tcp ``` ![Screenshot 2025-10-06 at 10.39.19 PM](https://hackmd.io/_uploads/SJNsELZ6gg.png) The TCP three-way handshake between my PC (172.20.10.3, port 60747) and the NTUST server (140.118.242.124, port 53) was observed as follows: Packet 1: SYN (client → server) Packet 2: SYN-ACK (server → client) Packet 3: ACK (client → server) This establishes a reliable TCP connection before HTTPS data transfer. ## 1.3 Use the filter `dns` to find a DNS packet and answer the following questions: ### 1.3.1 What is the IP address and port of the DNS server? Use command `dns` to find DNS's IP and port ![Screenshot 2025-10-06 at 10.42.21 PM](https://hackmd.io/_uploads/BJiIHLZaxg.png) - DNS: - IP address: `192.168.1.1` - port: `53` ### 1.3.2 What is the domain name in this query? ![Screenshot 2025-10-06 at 10.47.25 PM](https://hackmd.io/_uploads/Sk5qL8Zplx.png) Domain name: `www.ntust.edu.tw` ### 1.3.3 Which protocol(s) does this DNS packet use? (List the protocols from Layer 2 — Link Layer — up to Layer 5 — Application Layer in the TCP/IP five-layer model.) - Layer 2 (Data Link Layer)：Ethernet II - Layer 3 (Network Layer)：IPv6 - Layer 4 (Transport Layer)：UDP - Layer 5 (Application Layer)：DNS ![Screenshot 2025-10-07 at 9.52.44 AM](https://hackmd.io/_uploads/rk0tMxfTgx.png) ## 1.4 Access an HTTP page and answer the following questions: ### 1.4.1 Which HTTP page did you access? http://www.gzxyzn.com/Article/bjrk2/1644.html This https page is provided by TA. ### 1.4.2 What is the IP address and port of the server hosting this page? Use the command below to find IP address: ```sql= dns.qry.name contains "www.gzxyzn.com" ``` ![Screenshot 2025-10-07 at 12.53.56 AM](https://hackmd.io/_uploads/SyaNVdZTgx.png) ![Screenshot 2025-10-07 at 12.59.54 AM](https://hackmd.io/_uploads/SJvaHOW6eg.png) - HTTP page: - IP address: `170.20.10.1` - port: `53` ### 1.4.3 What is the request method? Use this command to ```sql= ip.addr == 61.183.8.129 && http ``` ![Screenshot 2025-10-07 at 2.13.59 AM](https://hackmd.io/_uploads/SyV-wYZ6gx.png) ![Screenshot 2025-10-07 at 2.15.05 AM](https://hackmd.io/_uploads/rJIEvYb6ee.png) - request method - GET ### 1.4.4 What is the response status code, and what does it mean? Refer to this pic: ![Screenshot 2025-10-07 at 2.19.03 AM](https://hackmd.io/_uploads/SJEEuYZplg.png) - response status code: - 200 -> (OK) Request successful - [Presentation Video](https://youtu.be/JvSnC0OzyYA) :::warning - **A2: 5G End-To-End Log Analysis (14pts) -> Provided by Prof. MA** - **Deadline : 12:00, Dec. 9** - **Goal:** - Students will be able to analyze sample pcap traces to understand the 5G End-to-End (E2E) Call Flow, gaining familiarity with the complete procedure from UE through RAN, core network, and user data transmission. - **Rule:** - Rule: 1. Please provide proof for each answer using a screenshot or log. 2. You will receive full points if you provide the correct answer for each question. 3. Paste your study note link on your personal hackmd home page's Deliverable. 4. Please download the PCAP file: 5G E2E CallFlows for HW in NTUST and use KS-wireshark for answering 5G E2E Call Flows Analysis - **Requirment:** - Mult-choice question for 5G E2E SCAS lessons (2 pts) - 5G E2E Call Flows Analysis (8 pts) - Answer the following question from UElog - Answer the following question from 5GClog - **Deliverable:** - (2 pts) Mult-choice question for 5G E2E SCAS lessons - (8 pts) 5G E2E Call Flows Analysis (6 pts) Answer the following question from UElog (2 pts) Answer the following question from 5GClog ::: ## 1. Answer the following question from UElog **1.1 What is the cell PLMN in logs?** Based on the logs, the cell PLMN is 001 01. The MCC 001 indicates that this is a Test Network (lab environment), and the MNC 01 is the network code. ![1](https://hackmd.io/_uploads/SyqDVwbMWe.png) **1.2 What is the cell FR1 band in logs?** Use filter"nr-rrc" and we get freqBandIndicatorNR:79 ![2](https://hackmd.io/_uploads/H14pNvbMZl.png) **1.3 How to check the gNB cellBarred or notBarre?** To check the cell status, we use the nr-rrc filter to locate the MIB (Master Information Block) packet. By expanding the path BCCH-BCH-Message -> message: mib -> pdcch-ConfigSIB1, we can find the cellBarred field. As shown in the log, the value is notBarred (1), indicating that the gNB cell is not barred and is accessible to UEs. ![3](https://hackmd.io/_uploads/BkFaNDZMZx.png) **1.4 What is the MSIN of UE/Subscriber in log?** To identify the MSIN (Mobile Subscriber Identification Number), we can filter for nas-5gs to locate the Registration request packet. By expanding the path 5GS Non Access Stratum -> 5GS mobile identity, we can find the MSIN field. As shown in the log, the MSIN value is 1234567890. ![4](https://hackmd.io/_uploads/ByeAEPZGZl.png) **1.5 What is the registration type and FOR?** To determine the registration details, we filter for nas-5gs and inspect the Registration request packet. By expanding the 5GS registration type field, we can see two key pieces of information: the FOR (Follow-on request) is set to pending (1), and the Registration type value is Initial registration (1). ![5](https://hackmd.io/_uploads/r1SCNDZGbe.png) **1.6 What is the DNN?** To determine the DNN (Data Network Name), we filter for nas-5gs and inspect the PDU session establishment request packet. By expanding the path 5GS Non Access Stratum -> PDU session establishment request -> DNN, we can clearly see the value. As shown in the log, the DNN is internet. ![6](https://hackmd.io/_uploads/S101SPbz-g.png) **1.7 What is the SCC mode in 5G?** To determine the SSC (Session and Service Continuity) mode, we filter for nas-5gs to locate the PDU session establishment accept packet. By expanding the path 5GS Non Access Stratum -> PDU session establishment accept -> Selected SSC mode, we can verify the configured mode. As shown in the log, the value is SSC mode 1 (1). ![7](https://hackmd.io/_uploads/SJAbSv-GZe.png) **1.8 What is the PDU address?** To find the PDU address, we filter for nas-5gs to locate the PDU session establishment accept packet. By expanding the path 5GS Non Access Stratum -> PDU session establishment accept -> PDU address, we can see the assigned IP address. As shown in the log, the PDU address is 172.16.0.1. ![8](https://hackmd.io/_uploads/Bk-GBPZMbe.png) **1.9 What is the 5QI for this session?** To find the 5QI (5G QoS Identifier) for this session, we filter for nas-5gs and inspect the PDU session establishment accept packet. By expanding the path Authorized QoS flow descriptions -> QoS Flow Description -> Parameter, we can locate the specific QoS setting. As shown in the log, the 5QI value is 9. ![9](https://hackmd.io/_uploads/B1wMrwbzZg.png) **1.10 What is the destination address of ICM?** The destination is 22.22.22.22, source from 172.16.0.1. ![10](https://hackmd.io/_uploads/Sy9zBDbM-g.png) **1.11 What is the period of MIB or SIB1?** According to the time on the left, we can get the gap between two SIB1 packet is 20ms, between two MIB is 20ms as well. ![11](https://hackmd.io/_uploads/rJAMBwWzWg.png) **1.12 What is the Network Slicing (S-NSSAI) in UE?** To determine the Network Slicing (S-NSSAI) requested by the UE, we filter for nas-5gs and inspect the Registration request packet. By expanding the path 5GS Non Access Stratum -> Registration request -> Requested NSSAI -> S-NSSAI Value, we can see the Slice/Service Type. As shown in the log, the SST is 1, which generally corresponds to eMBB (enhanced Mobile Broadband). ![12](https://hackmd.io/_uploads/H1f7Bv-Mbx.png) ## 2. Answer the following question from 5GClog **2.1 What is the cell AllowedNSSAI in logs?** In the 5GC log (NGAP), the AllowedNSSAI sent from the Core Network to the Cell (gNB) contains SST: 01, SD: 030609. SST 01 means the service type is eMBB. ![Screenshot 2025-12-06 at 1.09.30 PM](https://hackmd.io/_uploads/ryvZAVWMZg.png) **2.2 What is the RRCEstablishmentCause?** The RRCEstablishmentCause is mo-Signalling(3), which means the UE is initiating the connection for Mobile Originating Signalling purposes. This typically indicates the UE needs to send a NAS message (Control Plane), such as performing an Initial Registration. ![Screenshot 2025-12-06 at 4.43.43 PM](https://hackmd.io/_uploads/Hy6pnD-G-g.png) **2.3 What is the PDU address?** The PDU address is 172.16.0.1. ![Screenshot 2025-12-06 at 4.48.33 PM](https://hackmd.io/_uploads/rkylAD-GZe.png) **2.4 What is the MSIN of UE/Subscriber in 5GC log?** The MSIN of 5GC log is 1234567890. ![Screenshot 2025-12-06 at 4.50.42 PM](https://hackmd.io/_uploads/HJkO0PWMWe.png)