WLAN Security Management With Precise Positioning-FYP-Sajjan Bhattarai-11069720

Islington College
Kamal Marg, Kamal Pokhari

Kathmandu, Nepal
Final Year Project

Report
WLAN Security Management with Precise Positioning
Student Details:
Name: Sajjan Bhattarai
Student ID: 11069720
Group: L3N3
Email: sab1432@my.londonmet.ac.uk
1st Supervisor: Saroj Sharan Regmi
2nd Supervisor: Roshan Chaudhary
Submission Date: 25th April 2014

Sajjan Bhattarai 11069720 Final Year Project - Report
Acknowledgement
I feel blessed for being able to complete my Final Year Project successfully. First, I would like to
thank dear god for providing me with such an enduring strength, patience and consistency.
I would like to acknowledge the encouragement, understanding and support of some really special
people to me. First of all, I would like to heartily thank my first supervisor, Er. Saroj Sharan Regmi.
He has been a very strong pillar to the success of this project by helping me in maintaining
persistency and consistency of my project. I appreciate his guidance and supervision as he has
always corrected me when I made mistakes and helped me to get better.
Secondly, I wish to thank my second supervisor, Mr. Roshan Chaudhary for his continuous
encouragement and guidance. He has always been like an elder brother to me.
Special thanks go to my teachers Dr. Guru Tej and Mrs. Fransisca Tej, for their support and
suggestions. They have helped me during my Survey by reviewing and improving my
questionnaire. They were also the first respondents to my questionnaire. Also I would like to
appreciate and acknowledge the open courses launched in SecurityTube.net and thank Mr. Vivek
Ramachandran, founder of SecurityTube. He is the original source of inspiration for this project.
Last but definitely not the least, I would like to thank my family and friends who have always
supported and understood me. They are the most important entities in my life.
London Metropolitan University

1
Declaration
I Sajjan Bhattarai [11069720] hereby declare that this Final Year Project report is my original
work. All that is in this report was researched and compiled by me. I didnt copy from any one and
no one copied my work.
. .
Signature Date

2
Approval
I , Project Supervisor hereby approve this Research

and Development Report by Sajjan Bhattarai [11069720] that it fulfills all the requirements as
stated by the Faculty of Computing, London Metropolitan University.
Signature Date

3
Abstract/Summary
This is a final report for Bsc Final Year Project titled as WLAN Security Management with
Precise Positioning. The ultimate purpose of this project is to enhance or improve the security
of wireless local area networks through the development of WLAN Monitoring Tool comprising
of graphical user interface and strong backend. This report is broadly categorized into four major
chapters: Introduction, Background/Literature Review, Testing/Evaluation/Conclusion and finally
Social, Legal and Ethical Issues. The Rational Unified Process, which is the chosen methodology
for this project is also widely described throughout this report.
Keywords: WLAN Security, Indoor Positioning System, Rational Unified Process

4
Table of Contents
Table of Contents ............................................................................................................................ 5
Abbreviations .................................................................................................................................. 8
Chapter 1: Introduction ............................................................................................................... 9
1.1 Topic Introduction .......................................................................................................... 10
1.2 Problem Domain ............................................................................................................ 11
1.3 Proposed Solutions ......................................................................................................... 12
1.4 Aim and Objectives ........................................................................................................ 13
1.4.1 Aim ......................................................................................................................... 13
1.4.2 Objectives ............................................................................................................... 13
1.5 Report Structure ............................................................................................................. 15
Chapter 2: Background and Literature Review ...................................................................... 16
2.1 WLAN: In-depth ............................................................................................................ 17
2.1.1 802.11 Standard ...................................................................................................... 17
2.1.2 RF Fundamentals .................................................................................................... 18
2.1.3 Air Scanning/Monitoring ........................................................................................ 18
2.1.4 Wi-Fi Based Positioning ......................................................................................... 19
2.2 Clients/End Users perspective ..................................................................................... 20
2.3 Similar Studies/Projects/Systems ................................................................................... 21
2.3.1 Similar Studies ........................................................................................................ 21
2.3.2 Similar Projects and Systems .................................................................................. 23
2.4 Considerations/Alternatives Implemented Regarding the Solution ............................... 25
2.4.1 Considered Development Methodologies ............................................................... 25
2.4.2 Considered Programming Language....................................................................... 26
2.4.3 Considered Software Dependencies/Libraries ........................................................ 26
Chapter 3: Development............................................................................................................. 28
3.1 Methodology .................................................................................................................. 29
3.1.1 Methodology Justification ...................................................................................... 29
3.1.2 Stages of Rational Unified Process ......................................................................... 30
3.2 Requirement Analysis or Gathering ............................................................................... 32
5
3.2.1 Planning .................................................................................................................. 32

3.2.2 Software Requirement Specification ...................................................................... 34
3.3 Design............................................................................................................................. 37
3.3.1 Event List ................................................................................................................ 37
3.3.2 Data Dictionary ....................................................................................................... 39
3.3.3 Data Modelling ....................................................................................................... 39
3.3.4 Flow Chart .............................................................................................................. 40
3.3.5 Use Case Diagram................................................................................................... 41
3.3.6 Interface Design ...................................................................................................... 43
3.3.7 Mind Map................................................................................................................ 46
3.3.8 Site Map .................................................................................................................. 46
3.3.9 SWOT Analysis Diagram ....................................................................................... 47
3.4 Development of the System ........................................................................................... 47
3.4.1 Modules or Increments ........................................................................................... 48
3.4.2 Class Diagram ......................................................................................................... 50
Chapter 4: Testing, Results, Evaluation and Conclusion........................................................ 52
4.1 Testing ............................................................................................................................ 53
4.1.1 Test Plan.................................................................................................................. 53
4.1.2 Test Results and Logs ............................................................................................. 55
4.1.3 Test Summary ......................................................................................................... 71
4.2 Evaluation....................................................................................................................... 72
4.2.1 Evaluation of Project Deliverables ......................................................................... 72
4.2.2 System Evaluation .................................................................................................. 72
4.2.3 Criteria .................................................................................................................... 72
4.3 Future Work ................................................................................................................... 72
4.4 Conclusion...................................................................................................................... 73
Chapter 5: Social, Ethical and Legal Issues ............................................................................. 74
5.1 Social Issues ........................................................................................................................ 76
5.2 Ethical Issues ....................................................................................................................... 76
5.3 Legal Issues ......................................................................................................................... 76
References and Bibliography ........................................................................................................ 77
6
Appendix A ................................................................................................................................... 81
1.1 Requirement Gathering- Questionnaire Form ................................................................ 81
1.2 Analysis of Questionnaire .............................................................................................. 85
Abstract.................................................................................................................................. 85
Introduction ........................................................................................................................... 86
Analysis ................................................................................................................................. 87
1.3 Final SRS Document ...................................................................................................... 96
1.3.1 Scope of Project ...................................................................................................... 96
1.3.2 Functional Requirements ........................................................................................ 96
1.3.3 Non-Functional Requirements ................................................................................ 97
1.3.4 Use case diagrams ................................................................................................... 98
1.3.5 Usage Scenarios ...................................................................................................... 99
Appendix B ................................................................................................................................. 103
2.1 User Manual ...................................................................................................................... 103
Appendix C ................................................................................................................................. 104
3.1 Work Breakdown Structure .......................................................................................... 104
3.2 Gantt chart .................................................................................................................... 105

7
Abbreviations
Wi-Fi: Wireless Fidelity
RF: Radio Frequency
WEP: Wired Equivalent Privacy
WPA: Wi-Fi Protected Access
(W)LAN: (Wireless) Local Area Network
AP: Access Point
RUP: Rational Unified Process
SDLC: Software Development Life-Cycle
SRS: Software Requirement Specification
GUI: Graphical User Interface
UML: Unified Modeling Language

8
Chapter 1: Introduction

9
1.1 Topic Introduction

In current scenario, Wi-Fi is one of the most widely implemented and preferred network
technologies in the world which provides reliable performance, simplicity and wide availability to
its users (Wi-Fi Alliance, 2012). Among general users, it is mainly used for accessing internet and
sharing LAN resources using mobility devices like laptop, phones, PDAs and so on (WebWise
Team, 2012). In larger places like educational institutes, organizations, public hotspots, and so on,
Wi-Fi is implemented in more advanced way to accommodate large number of users and give them
access to organizations resources. Deployment of mobile applications based on Wi-Fi technology
in enterprises is likely to grow by 30% per year through 2011. Talking about the implementation
of Wi-Fi in public hotspots, it has been estimated to grow to 350% by 2015 which is equivalent to
5.8 million public hotspots throughout the world. (Informa & WBA, 2011)
In Nepal also, Nepal Telecommunications Corporation (NTC) has launched free Wi-Fi hotspots in
major places of the Nepal since the beginning of 2014, with an aim to make Nepal as a Free Wi-
Fi Zone in near future (RSS, 2014). This campaign is aimed to serve internet service among
millions of people in Nepal.
Fig: Wireless Internet Growth (US) (Bridge Ratings, 2011)
Wi-Fi is a wireless broadband network service which contains transmitters (Access Point) to
transmit signal and wireless stations (Laptops, Cell phones, Wi-Fi Adapters, PDA, etc.) to respond
to the signal and communicate with each other. With Wi-Fi, we dont need to have other network
10
devices and expensive cables. This dramatically reduces the cost, installation problems and other
complexities. Anyone within the transmission range having correctly configured wireless devices
can easily connect to the Wi-Fi network. However, along with all these advantages, Wi-Fi
technology also comes up with some disadvantages. The major issues with Wi-Fi are less
reliability, lower data rate and most importantly compromised security. Wi-Fi networks are always
vulnerable towards eavesdropping, intrusion, Denial of Service attacks, phishing, etc. (Bahl, et al,
2006). There are many proposed solutions for these issues among which the authentication and
encryption techniques like WEP, WPA/WPA2, etc. come first. But these alone cannot provide
complete security to Wi-Fi networks. The only feasible and effective solution for Wi-Fi security
is to perform regular Radio Frequency (RF) management.
While viewed from another perspective, Wi-Fi is also an underutilized technology. It possesses
huge potentiality in various fields of technology such as Indoor Positioning, Spatial Computing,
Voice and video streaming, LAN syncing, and so on. Unlike other network technologies which
are costly and complicated enough for implementation, Wi-Fi can provide much cost effective and
simplified services to both general users and high end organizational networks. In this project, the
two important aspects of Wi-Fi technology namely Security and Wi-Fi based positioning system
have been explored and analyzed.
With that said, this project mainly deals with Radio Frequency (RF) management along with
positioning of wireless devices. It consists of two parts: Research and Development. In research
section, the detailed study of project title and significances are studied. It included understanding
of Wi-Fi technology, RF fundamentals, limitations or vulnerabilities of Wi-Fi and their potential
solutions. Research papers, supportive articles, books and reports of similar projects/studies are
also studied during this phase. Then in the next section of project i.e. Development, SDLC is
followed which included feasibility study of software, requirement analysis, design, development,
testing, implementation and maintenance.
1.2 Problem Domain

With increasing implementation of wireless networks and portable devices, maintaining wireless
security has now become one of the most challenging tasks in information system security. From
general users perspective, Wi-Fi is the easiest means of accessing internet through their phones

11
or laptops, however it is equally difficult to manage and monitor their home WLAN. There isnt
any easier way to know who are connected in our home network, what is happening inside it and
is there any potential threat to our network. (Schluting, 2009)
Whereas from the perspective of large enterprises, wireless is a real pain when it comes to network
security. They are tasked with locking down their wireless networks for the purpose of regulatory
compliance (ZDNet, 2008). Wireless networks usually exceed the premises of organizations,
posing threats to information security and network resources. Also, with the use of unidirectional
antenna, attackers can easily access the wireless networks of organizations even sitting miles away
or in some safe places around the organizations.
While viewed from hackers perspective, Wi-Fi networks are like the lowest hanging fruits. There
have been some very high-profit data breaches because of wireless security issues, particularly in
retail sector where lots of credit card and personal account numbers were compromised. Hacking
tools are getting smarter and along with the advancement of technology or protocol, newer ways
of breaking it are also discovered (ZDNet, 2008). Another biggest problem in wireless security is
the lack of proper and easy to use tools which can provide simple yet effective solutions and
preventive measures for wireless security.
1.3 Proposed Solutions

This project proposes a simple and an easy to use tool that will help users to regularly monitor and
analyze their wireless networks. With the help of the tool developed in this project, even home
users who have very little knowledge about networking or security, can easily manage and monitor
their home Wi-Fi networks. The research and findings done during this project along with the
software developed can be very useful to the network administrators in organizations too. In this
project, most of the existing and potential security issues and threats to the wireless networks have
been studied and documented. Most significantly known problems in Wi-Fi networks such as
rogue access-points, unauthorized stations, RF interference, etc. have been well understood during
this project and the software developed is also capable of discovering and presenting these issues
to the users.
In overall, this project can be a solution for those people or organizations who believe that securing
wireless networks is important and are lacking an easy alternative.
12
1.4 Aim and Objectives

1.4.1 Aim
The main aim of this project is to develop a Graphical User Interface (GUI) based WLAN
monitoring software that will help network administrator and home users in easily monitoring and
learning their wireless networks.
1.4.2 Objectives
The major objectives of this project completed according to the selected methodology i.e. Rational
Unified Process are as follows:
Understanding of current scenarios in the field of Wi-Fi technology.

Study of public Wi-Fi hotspots including the Free Wi-Fi zones hosted by Nepal
Telecommunications authority in Nepal.
In-depth research on Wi-Fi technology to understand Radio Frequency (RF) fundamentals.
Extensive analysis of vulnerabilities present in WLAN architecture and their appropriate
solutions.
Study of users requirements from these types of WLAN monitoring tools by implementing
survey.
Analysis of participants responses to outline the functions and objectives of the intended
system.
Detailed research and analysis of similar systems like Aircrack-ng, WirelessMon and
Wireshark to obtain understand their working mechanism and limitations.
In-depth study of Wireless Frame headers and protocols to understand well about the
wireless traffic.
Analysis of similar projects specializing on WLAN security and Indoor Positioning System
to learn more about these concepts.
The main purpose of the intended system is to monitor the wireless networks and devices
through extensive scans and sniffs and then to display the obtained results in Graphical
User Interface (GUI).

13
Development of a software to easily monitor the wireless premises and to provide well-
structured information for security analysis.
Proper testing of the software to detect and solve existing problems or issues in the system.
It is done using Black Box Testing and White Box Testing.
Implementation of the software among potential users to achieve customer validation.
Evaluation of the programs correctness by comparing its results with that of similar
standard systems like Wireshark and Aircrack-ng.
To perform proper documentation and testing of the tool and the project as a whole.

14
1.5 Report Structure

The report structure depicting the main contents of the project is as follows:
Chapter 2: Background/Context
This chapter includes detailed analysis of the projects background, clients perspective
and comparison of similar studies/projects/systems. This section also deals with the
considerations of the project such as methodology, programming language, libraries, and
so on.
Chapter 3: Development
The development chapter mainly consists of Methodology, Requirement Analysis, Design
and Development activities of the project. It describes the significance and importance of
using the chosen methodology i.e. Rational Unified Process throughout the project. It also
mentions how different phases of the project have been completed during this project for
achieving its main goal.
Chapter 4: Testing, Results, Evaluation and Conclusion
In this chapter, how test cases are developed and used to test the system are explained. It
describes about the baselines for the program, compares the results obtained during the test
with other standard tools and performs its detailed analysis. It finally mentions the
conclusion of the overall Testing.
Chapter 5: Social, Ethical and Legal Issues
In this section, how this project is going to make social, ethical and legal impacts, has been
described. It points out the problems that may arise through the deployment of this project
and also clarifies the feasibility or viability of this project.

15
Chapter 2: Background and

Literature Review

16
2.1 WLAN: In-depth

Over last few decades, the world has become increasingly mobile as a result of which, traditional
methods of networking have proven insufficient to fulfill the newer demands and challenges posed
by the modern world (Gast, 2002, pg. 14). And this issue gave rise to the evolution of Wireless
technology that can provide equivalent performance in more scalable, affordable and mobile way.
Wireless technology is a very broad area in itself and covering everything in this single report isnt
feasible. So, only some of the really important topics have been mentioned and described in this
section. While talking about wireless networking, these following concepts can never be forgotten:
2.1.1 802.11 Standard

The entire wireless networking technology is based on the 802.11 standard. This protocol was
formulated in February of 1980 by IEEE because of which it was named as 802.11 standard.
Every wireless networking enabled devices comply this standard making them interoperable
among each other.
IEEE Speed Frequency Notes

standard band
802.11 1 Mbps 2.4 GHz First standard (1997). Featured both frequency-
2 Mbps hopping and direct-sequence modulation
techniques.
802.11a Upto 54 5 GHz Second Standard (1999), products not released
Mbps until late 2000.
802.11b 5.5 Mbps 2.4 GHz Third Standard, but second wave of products.
11 Mbps
802.11g Upto 54 2.4 GHz Ratified in 2003. Backward compatible with
Mbps 802.11b.
802.11n Approx. 2.4 GHz Not truly compatible with 802.11b and 802.11g.
119 Mbps 5 GHz Adds Multiple-Input Multiple-Output (MIMO).
Table 1: Comparison of 802.11 Standards (Gast, 2002, pg. 19) (Lammle, 2012, pg. 689-694)
The table given above represents the various versions of IEEE 802.11 based standards and their
specifications. This table also indicates the evolution of wireless technology over time. Recently,
17
a newer version of IEEE standard has been released (not included in the table above) called
802.11ac which is claimed to have bandwidth up to 1 Gbps and other many improved features
(Wi-Fi Alliance, 2014). It enables devices to handle demanding applications such as Ultra HD and
4K video, multimedia streaming and rapid file transfer. Wi-Fi CERTIFIED ac devices offer higher
capacity, improved power management, and lower latency to readily handle todays demanding
applications.
2.1.2 RF Fundamentals
Before getting into the management and security analysis of wireless networks, understanding RF
fundamentals is very important. It broadly deals with frequency spectrum, bandwidth, channels,
interference, signal-noise ratio, attenuation, received signal strength, and so on. RF fundamentals
is also the foundation for Site Surveying and management of any wireless networks. Knowledge
of RF fundamentals will allow us to learn about our wireless networks in depth and ultimately
helps in security analysis. For this purpose, a book by Matthew Gath (2002) named as 802.11
Wireless Networks: The Definitive Guide and a report published by IEEE Standard Association
called Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY)
Specifications have been studied.
2.1.3 Air Scanning/Monitoring

Scanning the air surrounding us for monitoring the wireless networks and devices is the main task
of this project. The tool developed during this project scans the wireless premises for discovering
all the wireless access points present (both hidden and shown) and the wireless stations or clients
within the transmission range of scanner device. For this purpose, the pre-requisites are enabling
of monitor mode on wireless interface and running of scanning program in promiscuous mode.
Turning on the monitor mode on interface will allow the scanner machine to capture all the wireless
frames being transmitted in the air which in default case would be discarded if not destined for
scanner device. Another wonderful part of wireless scanning is that we dont need to be connected
to the network or have layer 3 connection with access point in order to sniff for data transmission
occurring in the networks. In case of wired medium, the signal stays across the wire, so it isnt
possible to sniff data traffic without being able to connect to the wire or network itself. Because

18
of this reason, wireless networks are more susceptible to attacks and eavesdropping than wired
networks.
Some of the well-known tools used for air scanning are Aircrack-ng, NetStumbler, Kismet, etc.
Regarding this project, the core of the developed tool is based upon a pythons network
programming library called Scapy. Scapy provides easy and very powerful means to scan and sniff
the air or wireless networks in this tool.
2.1.4 Wi-Fi Based Positioning

Wi-Fi based positioning is another important part of this project. This project has attempted to
develop a basic solution for Wi-Fi based positioning system. The main objective of making a
positioning system is to detect and locate all the wireless devices present in the premises. This can
be very helpful in proper management and security establishment of wireless networks. Through
positioning, better site survey can be performed which is crucial for proper network planning. This
can be used for learning about the signal quality and performance level of wireless networks in
various places within the premises so that the poor signal-receiving positions can be eliminated or
avoided to achieve optimum performance. Another advantage of Wi-Fi based positioning is the
ability to track down the wireless users which can be either used for security purposes or for
implementing some extra features such as spatial computing. Nowadays, this type of positioning
is also popular in the field of Indoor positioning system.
In this project, Received Signal Strength Indicator (RSSI) has been used as a basis for estimating
or calculating the positions of wireless devices detected within the premises. RSSI is represented
in a negative integer value with a unit of dBm like -60 dBm. Wireless signal gets attenuated along
with the distance so, with the proper calculation of attenuation, signal-to-noise ratio, and other
factors, the distance between the transmitter and receiver can be precisely calculated. In case of
having only one scanning device, this distance can be calculated but the estimation of exact
positions of the devices cannot be performed. For evaluating the exact positions of devices, there
must be at least 3 scanners through the help of which more accurate positioning methods like
Triangulation and Trilateration can be performed.
Developing a positioning system involves a very complex mathematical algorithms and concepts
of Physics. So, it is beyond the scope of this project to develop a software that provides complete

19
positioning system. However, this software is capable of calculating the distance between
transmitters and scanner and then plot them accordingly into the graph.
2.2 Clients/End Users perspective

This project is based upon the development of a general purposed software. The main advantages
a user can get from this project are simplicity, interactivity and the power of air-
scanning/monitoring. With the use of this software, people having very little knowledge of
networking (wireless) can also easily monitor their wireless networks and manage them for better
performance and security.
Have you ever configured and/or managed your Wi-Fi network yourself? (Referred to
Appendix A: 1.2 Analysis of Questionnaire)
Yes 62 69%
No 20 22%
I tried but 8 9%
couldn't.
62 among 91 participants have experience of configuring their own Wi-Fi networks. This is a quite
good result from the perspective of wireless networking. The significance of this data is that it
represents the potential users of this system.
Nowadays, Wi-Fi networks are implemented in almost all houses, communities and organizations
in urban and sub-urban places of every country. People are getting increasingly dependent and
habituated with Wi-Fi technology, however there hasnt been adequate tools and methods to
provide them with optimum security and reliability. So, from clients or end users perspective,
this project can be a very useful and easy method to manage and secure their wireless
infrastructure. People who are facing the problem of slow internet connection in their wireless
network because of unwanted users can use this tool to know who are using their network and how
much vulnerable is their network, so that they can configure their network accordingly.

20
Do you use any Wi-Fi monitoring tool to know who are connected in your network and what's
happening in it?
Yes 44 49%
No 36 40%
Never heard of one 10 11%
44 people are using or might have used Wi-Fi monitoring tool. This represented that they are
interested in knowing and learning about what's going on in their networks. This data also implies
that there may be various Wi-Fi monitoring tools but they are either difficult to understand/use or
not freely available. So, there may be a need for this type of project.
2.3 Similar Studies/Projects/Systems

There are numerous studies, projects and systems performed by various people or organizations,
some of which are almost similar and rest are partially similar with this project. Some of the related
works to this project are as follows:
2.3.1 Similar Studies

Some of the studies performed by different researchers and students that are similar to this
project are as follows:
2.3.1.1 Providing Data Security in WLAN by Detecting unauthorized Access

Points and Attacks
2.3.1.1.1 Overview
This study has been done by Snehal S. Behede et al and published through International Journal
of Engineering Science and Technology (IJEST). This study mainly deals with the security of
information systems in WLAN through the effective detection of unauthorized APs and attacks
performed by either rogue APs or authorized APs.

21
2.3.1.1.2 Description
This study purposes two online algorithms to detect rogue access points which extend TCP ACK-
pair technique to differentiate between wired traffic and wireless traffic. It compares the sniffed
data with the pre-defined information of authorized APs and if there is found any duplicates, it
makes prompts for rogue APs detection. (Snehal et al, 2011)
2.3.1.1.3 Analysis
In contrast to this paper, this project doesnt perform rogue AP detection by comparing its
information with predefined information, rather it just uses the SSID and BSSID of any access
point to determine if there exists any duplicates or not. Also, this project has ability to gather
information about the clients wireless probe requests and to detect honeypots.
2.3.1.2 A Study of Estimation of AP Position for Improvement of Indoor

Positioning System
2.3.1.2.1 Overview
This research project has been done by Jinhyung Park, Sunghun Kang, Seunghae Kim and
Wonhyuk Lee. It was published in International Journal of Control and Automation. It mainly
deals with the position estimation of access points using various methodologies.
This paper has proposed some different positioning techniques other than the conventional
Triangulation method. It used localization algorithm and changes in the positioning results to
determine the position of devices more accurately and reliably. It has also examined an effect on
the positioning performances when new access points are introduced into the wireless
environment. (Park et al., 2012)
2.3.1.2.3 Analysis
This final year project has followed Triangulation technique and radial distance estimation
methodology for positioning the wireless devices. The main advantage of using Radial distance
estimation is that it doesnt require multiple inter-communicating scanner devices or APs though
it is highly inaccurate for exact position calculation. While Triangulation is useful in case of having

22
at least three access points or devices and it provides much more accurate results than radial
distance calculation. Compared to the study we are talking about, this projects positioning system
is less reliable or accurate however faster in computation and requires less resources.
2.3.2 Similar Projects and Systems

2.3.2.1 Aircrack-ng
2.3.2.1.1 Overview
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once
enough data packets have been captured. In fact, Aircrack-ng is a set of tools for auditing wireless
networks. (Aircrack-ng, 2014)
Our major areas of concern inside Aircrack-ng are its tools called Airmon-ng, Airodump-ng and
Aireplay-ng. Another tools called Airbase-ng and Airdecap-ng are also very useful, however
nothing similar to them have been implemented in this project.
2.3.2.1.3 Analysis
Aircrack-ng has been developed and managed by highly skilled developers and experts, so there
cannot be comparison between Aircrack-ng and this project from development perspective.
However, the tool developed in this project provides better user interface (GUI) to the users and
make it much easier for them to use and understand it. This tool performs the tasks of Airmon-ng,
Airodump-ng and Aireplay-ng in more efficient and easily understandable way.
2.3.2.2 AirMagnet WiFi Analyzer

2.3.2.2.1 Overview
It is developed, sold and managed by Fluke Networks. It is an industry standard tool for mobile
auditing and troubleshooting enterprise Wi-Fi networks (Fluke Networks, 2014). It helps network
administrators solve end-user issues quickly while automatically detecting security threats and
wireless network vulnerabilities. It consists a fully compliant reporting engine that automatically
maps collected network information to requirements for compliance with policy and industry
regulations.

23
It performs real-time, independent and reliable analysis of 802.11a/b/g/n and ac* WLANs. It helps
in reducing IT costs, simplify workload and minimize user complaints. It also strengthens your
WLAN security by detecting and eliminating any threats and vulnerabilities.
2.3.2.2.3 Analysis
AirMagnet WiFi Analyzer is a commercial product developed and distributed by Wi-Fi
management organization following the industrial standards and policies. It has higher quality,
performance and better report generating features to help managers of client organizations
understand the state of their wireless networks. Whereas this final year project is a non-commercial
product and provides less features. The advantage of using this tool over similar projects is its
implementation in small organizations and home networks which cannot afford to buy and
implement expensive solutions like AirMagnet WiFi Analyzer.
2.3.2.3 WirelessMon
2.3.2.3.1 Overview
WirelessMon is a software that enables users to monitor the status of wireless WiFi adapter(s) and
collect information about the nearby wireless access points and hotspots in real time. Till now, the
WirelessMon version 4.0 has been released and it provides 30 day trial period. The professional
and standard versions of this software have to be purchased. (PassMark Software, 2014)
The main features provided by this tool are:
Ability to log information and provide statistical information.

Test WiFi hardware and device drivers are functioning correctly.
Help locate sources of interference in the network.
Scan and detect hotspots in local area.
GPS support for logging and mapping signal strength.
Verify the security settings for available access points in the surrounding.

24
2.3.2.3.3 Analysis
This system is much similar with the final year project. WirelessMon is little ahead than this project
because of its features like GPS integration, measurement of network speed/throughput, locating
of wireless antenna, etc. However, this software is a proprietary tool and charges its customers. In
contrast to WirelessMon, the developed tool has a feature of sniffing over the wireless data traffic.
Some of the features of WirelessMon such as GPS mapping and calculation of network
throughputs can be kept as future aspects of this project.
2.4 Considerations/Alternatives Implemented Regarding the

Solution
In order to complete a project successfully, proper considerations or alternatives for the project
must be identified and formulated. Some of the major considerations made during this project are
as follows:
2.4.1 Considered Development Methodologies

The development methodologies that were considered in this project are:
Enhanced Waterfall Model

Incremental Prototyping Model
The Rational Unified Process Model
Justification of Consideration
The chosen methodology i.e. Rational Unified Process (RUP) is an iterative prototyping
development model. The well-known advantages of using RUP are as follows:
i. It is well-documented and complete methodology.

ii. It is open and publicly available.
iii. Suitable for adapting to changing requirements.
iv. Reduced integration time and effort.
v. Higher level of reuse. (Shahid, 2000)

25
2.4.2 Considered Programming Language

The considered programming languages for the development of the software are:
Java
Python
The main reason behind the selection of Python for the development of this project is its rich
features for network and socket programming. Some of the main advantages of using Python are
as follows:
i. Open Source Roots:

Being the open source programming language, there are vast learning resources
including books, articles, web pages, journals, forums and communities to help
developers code in Python.
ii. Object Oriented Programming:
Python is a very strong object oriented programming language that consists clear and
straight forward syntaxes.
iii. Rapid Development:
Since less amount of code written in Python can fulfill bigger objectives, it can be used
for rapid development of any software. The Python IDLE formulated by the developers
of Python itself provides an easy and simple to use interpreter to fulfill small
programming needs.
iv. Modules:
Another great advantages of Python is that it can be developed as modules and these
modules can be easily re-used or imported into another programs. This helps in making
the project development more dynamic, rigorous and efficient. (Hendrickson, 2014)
2.4.3 Considered Software Dependencies/Libraries

2.4.3.1 Packet Capturing Library
The considered packet capturing and analyzing libraries are:
26
LibPcap
Scapy
Scapy is a python based library or tool for packet manipulation, forging, injecting, capturing and
sniffing (Gift & Jones, 2008, pg. 173-176). This program needs to perform intense scan and
sniffing on wireless networks which requires to have socket layer programming on wireless
network interface. Also, it is important to analyze and present the results (packets list) obtained
through the scan in an understandable form. Both of the above mentioned requirements are easily
handled by Scapy. Hence, Scapy has been chosen as the network programming library.
2.4.3.2 Graphical User Interface Library

The considered GUI libraries for the intended program are:
QT
WxWidgets
Tkinter
Tkinter is GUI library for Python which provides an easy-to-program user interface. It supports a
collection of Tk widgets that support most application needs. It works on all platforms and is also
considered as a simple extension of Python. Python/Tkinter is specifically useful in developing
prototypes for applications or smaller applications themselves. (Grayson, 2000)

27
Chapter 3: Development

28
3.1 Methodology
There have been taken three software development methodologies in consideration for this project
as mentioned in Chapter 2. The justification for choosing Rational Unified Process among them
and avoiding others is mentioned below:
3.1.1 Methodology Justification

3.1.1.1 Enhanced Waterfall Model
In this methodology, SDLC phases are completed one after another and the most important
deliverable from customers perspective is the finished software product. The main reasons for not
using this methodology are:
i. Its phases are disjointed.

ii. Big amount of documentation required and no real output until the end.
iii. Adopting changes in project requirements is very difficult. (Baird, 2003)
3.1.1.2 Incremental Prototyping Model

In this model, the entire system is divided into numerous increments or modules and each
increment is developed one after another according to their priority. The main problem with this
model is that its very difficult and costly to manage increments and integrate them to create the
final working system. It isnt as flexible as Agile methodologies like RUP.
3.1.1.3 Rational Unified Process

RUP provides disciplined approach to development using a standard set of tools, templates and
deliverables. It is also the standardized approach, so adopted by most of the professionals and
organizations. It uses Unified Modeling Language (UML) to communicate requirements,
architectures and designs. (Baird, 2003)
The main reasons for selecting RUP methodology are:
i. It is standardized methodology.
ii. It provides better adaptability with changes in requirements.
iii. It greatly reduces project risks. (Shahid, 2000)
iv. Continuously verify software quality.

29
v. Control changes to software. (Kruchten, 2003)

vi. Many advantages of RUP has also been mentioned in Chapter 2.
Fig: Rational Unified Process Flow (Baird, 2003)
Some of the important features of RUP that are worth mentioning are:
a. The role of Use Cases in driving many aspects of the development.

b. Its use as a process framework which can be tailored and extended by an adopting
organization.
c. The requirement for software development tools to support the process. (Kruchten, 2003)
3.1.2 Stages of Rational Unified Process

The Rational Unified Process can be divided into four stages or phases:
3.1.2.1 Inception
During inception phase, the concept, vision, risks, budgets, and requirements of the project are
analyzed (Prince, 2005). In an annual report, Informa and WBA (2011) reported that the
deployment of mobile applications based on Wi-Fi Technology in enterprises is likely to grow by
30% per year through 2011. Also it is estimated that the public Wi-Fi hotspots will grow by 350%
30
by 2015, which is equivalent to 5.8 million public hotspots throughout the world. In other hand,
this level of growth has pushed the security risks prevalent in wireless technology to the edge.
Realizing this fact, there have been numerous research and study projects to analyze and optimize
the security of Wi-Fi technology. These types of projects are indeed very important and necessary
too. So, doing a project on WLAN security is really viable. This project accomplishes the
requirements of people such as ability to scan wireless premises for identifying available devices
and to view results in more user-friendly environment.
3.1.2.2 Elaboration
During elaboration phase, the requirements gathered from the general (potential) users have been
further refined and based on these requirements, the proposed softwares architecture/model has
been determined. It included extensive study and analysis of similar project and studies. After
analyzing the requirements, similar systems and proper considerations for the project, the system
design was performed. The in-depth analysis of projects implementation aspect was also done in
this phase. At the end of Elaboration stage, the Product Architecture Milestone i.e. proven
architecture was obtained.
3.1.2.3 Construction
This is the stage, in which the system has actually been developed or constructed. The development
of the system was done in modular or iterative incremental basis. The major requirements or
aspects of system were first analyzed and then categorized accordingly to create three main
modules or increments. The user interface (GUI) module, wireless scan module and positioning
module were developed and iterated one after another to obtain the final desired system. In every
iteration of the development, a new prototype was created and reviewed by Supervisor and other
potential users. Based on the feedbacks, suggestions received and test results on that prototype,
changes and adjustments were made to the system in every new iteration to develop another system
prototype.
There have been three iterations or increments in this development project which are as follows:
i. First increment: GUI module

31
In this increment, the systems front-end layouts, designs and functionalities have been
studied and developed. This module was iterated multiple times to achieve expected
user interface layout. (More details in Section 3.2.3)
ii. Second increment: Wireless Scan module
In this increment, the back-end of system i.e. wireless scanning and sniffing functions
have been developed. It deals with all of the major functional requirements of the
system. (More details in Section 3.2.3)
iii. Third increment: Positioning module
In the third increment, the positioning module has been developed. In this phase, the
Received Signal Strength Indicator (RSSI) value extracted from the scanned results has
been used to calculate the distance between the source device and the scanner device.
(More details in Section 3.2.3)
3.1.2.4 Transition
The developed increments or whole system are tested regularly along with the development
process and the necessary changes are adopted in every iteration of development. The testing
processes known as Verification and Validation have been implemented to check the functionality
and quality of software being developed. After completing earlier stages successfully, the
developed system has been deployed or product released into implementation.
3.2 Requirement Analysis or Gathering

Requirement gathering is the most critical part of every of SDLC because the costs of the
requirement errors are the highest. A correctly done requirement analysis can contribute a lot in
smooth development, testing and implementation of the system. Whereas an incorrect requirement
gathering can result in increased time period, costs, instability, and risks of project failure. So,
special care and technique must be applied while doing requirement gathering. It can be done as
follows:
3.2.1 Planning
Proper planning is very important for correct requirement gathering and it can be done through:

32
3.2.1.1 Review of the Project Scope

The characteristics of this project are as follows:
The main aim of this project is develop a user friendly WLAN monitoring tool to help users
analyze and manage their wireless networks.
This project will help people to understand and maintain security in their wireless
networks.
It is based on the Rational Unified Process so, every project phases should be performed
iteratively to enhance quality and performance.
3.2.1.2 Identification of Interfaces and Constraints

Following interfaces and constraints have been identified throughout this project:
Making a Graphical User Interface for system is necessary to make it easy and simple for
novice users also.
The system should allow user to control the functionalities of the system.
The program output should be displayed in GUI for simplicity and readability.
The runtime, syntax and logical errors should be fixed as much as possible.
The project shouldnt violate or infringe any legal aspects.
3.2.1.3 Planning the Execution Process

The requirement gathering has been done as follows:
Identified the projects scope, aim and objectives.

Created list of questions to be asked to potential users based on the projects objectives.
Published the questionnaire through Google Docs and asked people through social
networking sites and community pages to participate in the survey. The questionnaire form
draft has been placed in Appendix section 1.1.
The responses obtained from the participants was then analyzed to draft a Requirement
Analysis Report and SRS Document. (Referred to Project Folder and Appendix for
final SRS document)

33
3.2.2 Software Requirement Specification

3.2.2.1 System Overview
The system can work in any operating system environment implied that the Python programming
language is installed along with its libraries called Scapy, Tkinter and Pmw. Since installing Scapy
is really hard in Windows platform, it is recommended to use this software in Linux and Unix
based operating systems. In Linux and Unix environment, it should be run using super user
privileges.
Some of the major functional requirements of this system are:
i. Wireless Scanning and Sniffing capabilities

ii. Basic Positioning feature for plotting wireless devices in graph
iii. Graphical User Interface
iv. Managing and displaying program outputs in systematic and easily understandable
form.
3.2.2.2 Dependencies/Requisites
The different types of resources or dependencies the system requires to operate are:
3.2.2.2.1 Software Dependencies

The WLAN monitoring tool is primarily based on Python programming language. This system has
been developed in Python version 2.7 under Linux platform. Its other major software dependencies
are as follows:
S.No. Library Used classes/functions

1. Scapy Dot11, RadioTap, Dot11Beacon,
Dot11ProbeRequest, Dot11ProbeResponse,
sniff(), haslayer()
2. Tkinter Tk(), mainloop(), Frame, Canvas, Label,
Button, ScrollBar, pack(), bind(), etc.
3. Pmw Initialize(), Balloon(), tagbind(), etc.
4. Thread Start(), join()
5. Queue Puts(), gets()
34
6. Subprocess Popen(), process()

7. Time Strftime(), localtime()
3.2.2.2.2 Hardware Requirements

There are no such preliminary hardware requirements because this program can work on almost
all computer hardware. The main important hardware required is Wi-Fi adapter or Wi-Fi NIC.
Some of the recommended hardware configurations are:
100 GB Hard disk

1 GB RAM
Wireless NIC or adapter
Pentium processor or above
3.2.2.3 User Interface Requirements

User Interface or User Experience (UI/UX) is nowadays considered one of the most important
aspect of any software or applications. The user interface requirements in this project are as
follows:
This software is completely GUI based application.

All the user inputs or actions are handled from GUI and the program outputs are also
presented through GUI.
Simplicity is the ultimate objective of this user interface.
3.2.2.4 Functional Requirements

The main functional requirements of this system are as follows:
Ability to detect and display list of available interfaces in the computer system.
Take input or interface to be used selection from user.
Scan the air for identifying the available wireless devices (APs and Stations).
Sniff the wireless vicinity to capture entire wireless traffic including Data, Management
and Control frames.
Stop scan or sniff procedures on clicking Stop button by user.
Analyzing the captured packets or frames and displaying their list in the tabular view.
35
Extracting RSSI value from wireless frames and plot the graph with wireless devices
according to the signal strengths of devices or calculated distances between scanner device
and available devices.
3.2.2.5 Non-Functional Requirements

Some of the major non-functional requirements of this system are as follows:
Improved performance and faster computation.

Simplicity and easy to understand user interface.
The response time of the system should be optimum. The system shouldnt consume much
CPU or other hardware resources.
Lack of software errors or bugs.
Requirement of security to the users.

36
3.3 Design
The System Design can be performed as follows:
3.3.1 Event List

1. System displays list of available interfaces (including wireless interfaces) for scanning and
asks user to select the desired one. -Flow oriented event
2. User selects or inputs (wireless) interface to scan or sniff. Flow oriented event
3. User enters customized options or parameters for wireless scanning as channel, bssid,
promiscuous mode, filter, etc. -Flow oriented event
4. System begins to scan the wireless vicinity. - Flow oriented event
5. System displays alert or warning messages in case of error in scan procedure. Control
event
6. System calculates the positions of the available wireless devices. -Flow oriented event
7. System will check the database containing the pre-evaluated position values for faster and
accurate positioning in case of having well setup network architecture and premises. -
Control event
8. System displays wireless Access points and stations present in the vicinity through
preferably Graphical User Interface or simple command line interface. Flow oriented
event
9. From among the available wireless devices, user can select or specify one and run further
detailed or intense scan on that device. - Flow oriented event
10. System begins to scan or sniff upon the selected wireless device with wireless options in
accordance to the device. - Flow oriented event
11. System generates alerts in case of errors or other unexpected activities. Control event
12. System displays scan results or sniffing outputs in a well formatted form. Flow oriented
event
13. User can save the scan results for future use or reference. Flow oriented event
14. System generates a standard data file containing scan results such as XML, CSV, sqlite or
pcap or some other formats. - Flow oriented event

37
15. System keeps on saving the session and scan results automatically at a certain time interval.
Discovered wireless devices information and their corresponding positions are also stored
in the database for future usage and positioning through fingerprinting. Control event

38
3.3.2 Data Dictionary

1. device_details = MAC address * devices MAC address* + associated_AP * Access Point
to which it is connected* + probe_requests + device_position + signal_strength
2. device_position = MAC_address + time + signal_strength + location_coordinates
3. AP_details = SSID + BSSID + associated_stations + encryption_type + channel +
signal_strength
3.3.3 Data Modelling

Entity Attributes Type Description
AP_ID INT, PK APs serial number
ESSID VARCHAR Access points broadcast name
BSSID/MAC VARCHAR MAC address or BSSID of AP
Access Point Channel INT Radio Frequency based channel
Authentication VARCHAR APs authentication type
Encryption VARCHAR Type of Encryption used
Signal Strength VARCHAR Value of signal strength received
Approx. distance INT Distance from scanner device
Client Client_ID INT, PK Unique ID for each client
MAC address VARCHAR MAC address of NIC
Probe_requests VARCHAR SSIDs client is looking for
Associated_AP VARCHAR Gateway access point
Signal Strength VARCHAR Received signal strength
Approx. distance INT Distance from scanner device
Scan Details Scan_ID INT, PK Scans unique ID
Scan_Date DATE/TIME Date and time of scan
AP_List VARCHAR List of APs discovered
Station_List VARCHAR List of clients discovered
Positions VARCHAR Positions of devices relative to the
scanner device.

39
3.3.4 Flow Chart

40
3.3.5 Use Case Diagram
Fig: Use Case Diagram of System

41
3.1.1.1 Use Case Description

The Use Case Diagram of the system can be described as below:
Use Case Description

Get Interfaces' list The procedure in which all the interfaces connected to the
system are listed.
Choose Interface The procedure in which the user selects the preferred network
interface.
Scan Air The procedure that scans the wireless vicinity to find and
display wireless devices available.
Sniff WiFi traffic The process in which the system sniffs upon the entire wireless
network traffic in promiscuous mode.
View Graph The process in which the scan results are plotted on graphical
view.
Get Positions The procedure to get positions of wireless devices and send
them to graph.
View Table The procedure to display all the sniffed packets list in a tabular
form based on different headers.
Get Packets List The process to get sniffed packets list and send them to table.
De-auth Device The procedure to De-authenticate or kick off access points or
stations from the network connections.
3.1.1.2 Actor Description

Actor Description
User Any person who is interested in WLAN monitoring can be the
user of this system. It may include general novice users managing
their home or small office wireless networks or network
administrators of large organizations.

42
3.3.6 Interface Design

Interface design is one of the most crucial considerations to be made because it is the front end
design. The design of the intended system is expected to be put forward so as to fulfill the basic
needs of user such as user friendliness and user experience. The new interface design is completely
based upon the usability requirements collected in the section Requirement Gathering.
The interface design gives more priority to user than the system functionality so, it can be
considered to be user driven design. The users of this system should find this interface:
i. simple
ii. easy to understand and use
iii. full of graphical aids to enhance user's interactivity
In order to verify the usability requirements, some of the wire-frames of the interface have been
designed which are as follows:
3.3.6.1 Home Screen
Fig: Layout of first page

43
3.3.6.2 Ask for Confirmation window
Fig: Ask for confirmation window
3.3.6.3 Graph view of Scanned Results
Fig: Graph displaying scanned wireless devices

44
3.3.6.4 Tabular view of available devices
Fig: Table representing Scanned devices
3.3.6.5 Sniff Results
Fig: Window showing sniff results

45
3.3.7 Mind Map
Fig: Mind Map of System
3.3.8 Site Map

46
3.3.9 SWOT Analysis Diagram
Fig: SWOT Analysis Diagram
3.4 Development of the System

This section mainly highlights upon the technical or programming activities of the project. The
software development phase has also been performed according to the selected methodology i.e.
47
Rational Unified Process. Since RUP is an iterative prototyping model, this software has numerous
iterations and prototypes.
3.4.1 Modules or Increments

Object Oriented Programming has been implemented in this program. This software has been
developed in three incremental prototypes or iterations which are as follows:
3.4.1.1 First increment: GUI module

In this increment, the systems front-end layouts, designs and functionalities have been studied
and developed. This part of development has a very important role because it bridges between the
user and the back-end architecture of the system. So, the system interface has been made very
simple and easy to use. The GUI library called Tkinter has been used in this system and it has been
made more interactive through the use of Python Mega Widgets (Pmw) extension.
User interface related tests were performed along with or after completion of this module. Test
Case number 7, 8 and 9 were performed along with the development of this module. While Test
cases 10 and 11 were done during iterations of development after the completion of all three
modules. (Referred to Section 4.1: Testing for details)
3.4.1.2 Second increment: Wireless Scan module

In this increment, the back-end of system i.e. wireless scanning and sniffing functions have been
developed. The network packet analyzing tool called Scapy has been used in the core of this
module. After developing the wireless scan module, there was a challenge in integrating it with
the GUI module developed earlier in first increment. So, both of these increments were iterated to
accommodate connections and functionalities between each other. In this iteration, the Multi-
threading and Queuing concepts have been extensively studied and implemented.
Tests specific to Wireless Scanning were performed along with the development of this module.
Success of Test Cases 4, 5 and 6 were the pre-requisites for this development phase. Test Cases
12, 13 and 14 have been performed during its development. Then, the test cases 10, 11, 15 and 16
were done in next iterations after the completion of both GUI and Wireless Scan modules.

48
3.4.1.3 Third increment: Positioning module

In the third increment, the positioning module has been developed. In this phase, the Received
Signal Strength Indicator (RSSI) value extracted from the scanned results has been used to
calculate the distance between the source device and the scanner device. Computing distance from
RSSI is a difficult task in itself as it involves understanding communication science and
mathematics. However, even harder part was the plotting of the available devices in the graph
based on their distances from the scanner device. It required me to write a new algorithm that could
plot devices in graph. After completing the positioning module, all the increments were iterated
and integrated to work together as a single complete system.
Test Cases ID 18, 19 and 20 have been performed during the development of this module. In every
new iterations of the program, the features related with all the three modules were tested and
corrected repeatedly.

49
3.4.2 Class Diagram

As a part of the Systems Architecture Design, Class Diagram is to be designed with the objective
of identifying classes/objects and to determine their relationships among each other. The Class
Diagram can provide the high level overview of the entire program.
Before modeling a Class Diagram, a Textual Analysis of the Software Requirements have to be
performed.
Textual Analysis:
Identification of possible classes, attributes, variables and methods.
Nouns:
Wi-Fi
Access Points
Stations
SSID
BSSID
Channel
Signal Strength
Packets/Frames
Wireless Interface
Sniffer
Air Scanner
Positioning
Graphical Plot
Security
User Interface
Verbs:
Select interface
Start
Scan air
Sniff wireless networks
Identify devices
List devices
Extract frame headers
Calculate distance
Plot graph
Stop
50
Fig: Class Diagram of System

51
Chapter 4: Testing, Results,

Evaluation and Conclusion

52
4.1 Testing
Software Testing (Verification and Validation) is a set of activities whose objective is to promote
the software quality during the development life cycle. Verification detects and corrects mistakes
committed within each step of development. While Validation determines whether the software
meets the requirements for its intended use. (Fuhrman; Djlive; Palza, 2003) The testing of the
system can be performed as follows:
4.1.1 Test Plan

4.1.1.1 Program Execution Test Plan
Test Case Objectives
1 To test the suitable operating system.
2 To test the availability of required dependencies or libraries.
3 To check whether the program is exiting properly.
4.1.1.1 Wireless Interface Test Plan

4 To check the presence of wireless interface(s) connected to the system.
5 To test whether the selected interface is up or down.
6 To test the ability to turn on monitor/promiscuous mode on wireless
interface.
4.1.1.2 User Interface Test Plan

7 To test the ability of system to create graphical user interface.
8 To test the layout of user interface.
9 To test the correct binding of required event handlers to widgets.
10 To test if the GUI and backend architecture are communicating properly.
11 To check if the multi-threading and queuing are working correctly.

53
4.1.1.3 Wireless Scan Test Plan

12 To test whether the chosen interface supports channel hopping.
13 To test if the program is scanning the air properly.
14 To check if the program is scanning wireless devices according to users
choice (AP/Station/Both).
15 To test whether the scan results are being queued correctly for displaying in
GUI.
16 To verify the scan results obtained by comparing them with outputs of
standard tools.
17 To check if the backend sniffing function has ended properly.
4.1.1.4 Positioning Test Plan

18 To test the availability of devices Received Signal Strengths values.
19 To test the correctness of calculation of distance from RSSI.
20 To check the plotting mechanism of program in graph.

54
4.1.2 Test Results and Logs

The test cases of above mentioned test classes and their corresponding results are illustrated
below:
Test Case: 1
Objective: To test the suitable operating system environment.
Test Data: Program execution in different operating systems
Expected Test Program should run on Linux based operating systems.
Result:
Actual Test Program worked well in Linux platform.
Result:
Conclusion: Successfully done.
Proof:
Analysis:
This program works well and without error in Linux platform (tested on Ubuntu). This can also
be used in Windows or other platforms but the necessary dependencies must be met first.

55
Test Case: 2
Objective: To test the availability of required dependencies or libraries.
Test Data: Python Import status
Expected Test Program should run smoothly in case of import successful or terminate with
Result: ImportError Message.
Actual Test Program started normally as all dependencies were installed in testing
Result: system.
In different system, program terminated with ImportError message.
Proof:
Case 1: Import Successful
Case 2: Import Failure
Analysis:
Since this program cannot run without its dependencies i.e. Scapy, Tkinter and Pmw, the
program must test whether these dependencies are met or not. If any of the dependencies isn't

56
met, the program should display suitable error message and terminate the program without
processing the program.
Test Case: 3
Objective: To check whether the program is exiting properly.
Test Data: Program's exit status
Expected Test Program should close safely when clicked close button on window or clicked
Result: Exit from File on Menu bar.
Actual Test Program terminated properly. No error messages in terminal.
Result:
Analysis:
Safe termination of a program is equally important as successful initiation of the program. This
program also exits properly on clicking close button of window.
Test Case: 4
Objective: To check the presence of wireless interface(s) connected to the system.
Test Data: Network interfaces
Expected Test Program should automatically detect and display network interfaces on
Result: startup.
Actual Test Program identified and displayed interfaces correctly. But when the wireless
Result: interface is connected to any other network, issues were raised.

57
Proof:
Case 1: Not connected to any network.
Case 2: Connected to wireless network
Analysis:
When the computer isn't connected to any wireless network, the program correctly detects and
displays the list of available network interfaces. However when the computer is connected to

58
wireless network, the code cannot process the information about interface and fails to detect and
display them correctly.
Test Case: 5
Objective: To test whether the selected interface is up or down.
Test Data: Network interface's state
Expected Test Program should identify interface's mode and turn in on if down initially.
Result:
Actual Test Program identified the interface's state and turned it on when found down.
Result:
Analysis:
Whenever the network interface is selected for use and the scan or sniff functions are called, the
program automatically checks whether that interface is up or not. If not, it attempts to turn on the
interface and then only it will allow the scan or sniff processes to be executed.
Test Case: 6
Objective: To test the ability to turn on monitor/promiscuous mode on wireless
interface.
Test Data: Wireless interface's mode
Expected Test Program should detect the operating mode of wireless interface and if in
Result: managed mode, ask user's permission to change it into Monitor.
Actual Test Program identified the interface's mode and turned it into Monitor on user's
Result: permission.
Proof:
59
Fig: Before turning monitor mode on
Fig: Asking users permission
Fig: After turning monitor mode on
Analysis:
The wireless interface must be changed to Monitor mode in order to sniff wireless traffic through
it. But by default, all the wireless interfaces are in Managed mode. So, as soon as the interface is
selected by the user, the program should prompt the user asking permission for converting it into
monitor mode. After the interface is converted into monitor mode, the description of interface is
also automatically changed into Monitor mode.
Test Case: 7
Objective: To test the ability of system to create graphical user interface.
Test Data: GUI
Expected Test Program should present graphical user interface.
Result:

60
Actual Test Program properly displays GUI.

Result:
Analysis:
This system is a Graphical User Interface based software so, displaying graphical display is
must. And this program is capable of presenting the GUI properly.
Test Case: 8
Objective: To test the layout of user interface.
Test Data: GUI's layout
Expected Test Program should have proper GUI layout.
Result:
Actual Test Program correctly displays GUI layout.
Result:
Proof:

61
Analysis:
The GUI layout of this program is displayed as planned in the design of the system. It is based on
minimal and simple interface.
Test Case: 9
Objective: To test the correct binding of required event handlers to widgets.
Test Data: Event binding
Expected Test Program should correctly bind events to the Tkinter Widgets. Eg. Scroll
Result: canvas with mousewheel, display help message on hovering mouse cursor on
widgets, right click menu options, etc.
Actual Test Program correctly binds event handlers to the widgets.
Result:

62
Analysis:
Event handling is an inseparable part of GUI based softwares because without them the program
cannot be interactive with the users. This program also contains lots of event handlers
implemented on various widgets to make them responsive such as hyperlinks, buttons, help
message, right click menu, scrolling on mouse-wheel-move and so on. All of these event
handlers are working correctly in this system.
Test Case: 10
Objective: To test if the front-end and back-end architecture are communicating
properly.
Test Data: Communication between user interface and system
Expected Test Program should have proper communication between front layout and inner
Result: functioning program.
Actual Test Program have good communication or interaction between user interface and
Result: system core.
Analysis:
Simultaneous and regular communication between front-end interface and back-end architecture
of the system is gist of any dynamic software. This software provides efficient communication
between these two.
Test Case: 11
Objective: To check if the multi-threading and queuing are working correctly.
Test Data: Threads and Queues.
Expected Test Program should be able to multi-task using Threads and pass data across
Result: processes using Queue.

63
Actual Test Program efficiently performs multi-tasking and queuing of data.

Result:
Analysis:
This program also requires the multi-tasking feature to enable it to run multiple processes at the
same time. The data flow across these processes is also equally important. This system
accomplishes these roles successfully through Threads and Queue.
Test Case: 12
Objective: To test whether the chosen interface supports channel hopping.
Test Data: Channel hopping
Expected Test System should test whether the wireless interface selected for use supports
Result: channel or frequency hopping to scan over all channels in frequency band.
Actual Test System efficiently tests and performs channel hopping. But sometimes, the
Result: system generates Device or resource busy message.
Proof:
Analysis:
During channel hop process, in every 100 ms, the program switches among 1 to 14 channels. So, sometimes
the device driver gets too busy and the device or resource busy warning message gets displayed.

64
Test Case: 13
Objective: To test if the program is scanning the air properly.
Test Data: Scan air
Expected Test System should scan the air properly for identifying wireless devices present
Result: in the surrounding.
Actual Test System efficiently scans the air and obtains list of available wireless devices.
Result:
Proof:
Analysis:
This test validates the results obtained from wireless scan. The program is successfully scanning
the air and displaying the results in systematic and easily understood form.

65
Test Case: 14
Objective: To check if the program is detecting wireless devices according to users
choice (AP/Station/Both).
Test Data: Scan for AP/Station/Both.
Expected Test System should scan the air to find devices according to the user's choice. If
Result: user chooses to scan for AP, only Aps should be displayed and if clients are
chosen, only client device should be scanned.
Actual Test System scans for wireless devices according to the choice of user.
Result:
Proof:
Fig: Scanning for stations only
Analysis:
This program enables user to choose and scan for wireless devices they are interested in. Users can
choose between access points, stations and both. The program successfully scans for chosen
devices.
Test Case: 15
Objective: To test whether the scan results are being queued correctly for displaying in
GUI.

66
Test Data: Queue

Expected Test System should queue the output generated by wireless scan and send it to
Result: GUI for displaying.
Actual Test System effectively queues outputs and displays dynamically updated results.
Result:
Analysis:
Queuing is implemented in this program to transfer data across different processes of program.
This test checks the validity and correctness of this queuing mechanism.
Test Case: 16
Objective: To verify the scan results obtained by comparing them with outputs of
standard tools.
Test Data: Scan results
Expected Test System should generate correct results from both wireless scanning and
Result: sniffing.
Actual Test System generated similar information to that of standard tools like Wireshark
Result: but packets were redundant in this tool.
Proof:

67
Fig: Sniff output of this tool
Fig: Sniff output of Wireshark
Analysis:
In this test, the output of this programs sniff function and the output of tool called Wireshark are
compared. Both tools obtained the same result, however this program is displaying some duplicate
packets while Wireshark is disabling duplicates.
Test Case: 17
Objective: To check if the back-end sniffing function has ended properly.

68
Test Data: Sniff function termination

Expected Test System should end the sniffing function as soon as the Stop button is clicked
Result: or program is executed.
Actual Test System ended the sniffing function on clicking Stop button but the sniff
Result: function wasn't automatically stopped on closing the window itself.
Analysis:
Since the sniff function is running a separate thread, terminating the program directly wouldnt
end the thread or sniff function. So, in order to end this function properly after the program is
terminated, an end application routine is defined which will be activated and kill the sniffer thread
when the Stop button is clicked.
Test Case: 18
Objective: To test the availability of devices Received Signal Strengths values.
Test Data: RSSI of wireless devices
Expected Test System should extract the signal strength value from the beacon and probe
Result: request frames.
Actual Test System correctly extracted the RSSI values of all the available wireless
Result: devices.
Proof:

69
Analysis:
This test checks the validity of the RSSI extraction mechanism in this software. The above figure
represents the successful operation and correctness of the program. This program extracts the RSSI
value from the wireless frames and displays the signal strength in the GUI.
Test Case: 19
Objective: To test the correctness of calculation of distance from RSSI.
Test Data: Distance from RSSI
Expected Test System should calculate the distance between scanner device and other
Result: devices through RSSI values.
Actual Test System calculated distance from RSSI values but there is huge fluctuation
Result: and inaccuracy in this result.
Analysis:
This test checks the correctness of the calculated distance between the scanner device and other
devices by using the RSSI values. It has been found in the test that distance obtained isnt much
reliable and accurate.
Test Case: 20
Objective: To check the plotting mechanism of program in graph.
Test Data: Graphical Plot
Expected Test System should plot the available wireless devices on the graph according to
Result: their signal strength or distance.
Actual Test System properly plotted the identified devices on the graph.
Result:

70
Proof:
Analysis:
The software successfully plots the wireless devices present in the wireless vicinity according to
their distances from the scanner device or their signal strength. The graphical plot procedure is
doing exactly what it needs to do.
4.1.3 Test Summary

In this way, the entire testing of the system has been successfully completed. Since the project is
based upon the Rational Unified Process, testing has also been considered as the integral part of
development and was performed along with the development itself rather than doing it after the
completion of development phase as in traditional methodologies. The test classes mentioned in
the above section provided the basis for validating and verifying the quality and correctness of the
system. After performing those tests, the software has been further more improved and enhanced.

71
4.2 Evaluation
In this section, the evaluation of the project has been done against the proposed aim and objectives.
The main aim of the project was to develop a GUI based WLAN monitoring software that would
help its users in enhancing security and management of their wireless networks. In overall, the
project has met all the aim and requirements of the intended system.
It can be further evaluated as follows:
4.2.1 Evaluation of Project Deliverables

In RUP, at the end or completion of every iteration or phase, there must be a deliverables (Prince,
2005). The major deliverables of this projects were feasibility report, Software Requirement
Specification, System Design Specification, Developed code, Test Cases and Results and final
working system. All of these deliverables have been completed successfully during this project,
so from the perspective of project deliverables, this project has been accomplished.
4.2.2 System Evaluation

The system evaluation is done by comparing the developed systems functionalities with those
proposed earlier and learnt during the Requirement Gathering phase. In this process, the functional
analysis of project is undertaken to calculate the functional requirements of the system and their
correctness. Almost all of the functional requirements of the system has been achieved in this
project. Regarding the security of wireless networks, this system doesnt provide direct security
solutions however it provides necessary information and foundations for maintaining security of
Wi-Fi networks.
4.2.3 Criteria
While evaluating the system from the criteria such as projects scope, current needs, fulfillment of
all requirements, future work, user interface, etc., this project has accomplished its goals.
4.3 Future Work

Wi-Fi technology is a vast subject area and there are lots of different possibilities. This project can
be an initiation of something really big. In current scenario, there are some large organizations
such as AirDefense, Fluke Networks, Aruba Airwaves, etc. providing WLAN security services to
their customers. Fundamentally, the products or solutions of these organizations also work in
similar manner with this system. This project can also be developed as a commercial solution or
product.
Some of the features that could be added to this system in future are as follows:
i) Embedding the system in specialized hardware such as Arduino and Raspberry Pi so that
they can be used for continuous wireless network monitoring and positioning.
72
ii) Using a network of at least three Wi-Fi sensors (Arduino/Raspberry Pi based Wi-Fi
monitoring tool) and installing them in pre-defined places of organizational premises.
These Wi-Fi sensors would scan and send the captured information to the centralized server
or console, which would analyze security status of organizations wireless networks. This
method will be highly useful for Indoor positioning system as well. And the indoor
positioning system can be further implemented in spatial computing.
4.4 Conclusion
Wi-Fi is an increasingly growing network technology that has a very huge potentiality and scope
in todays world. Wi-Fi is also going to be the future of networking. Population of people using
Wi-Fi for accessing the Internet is growing day-by-day. Along with this rapid growth of Wi-Fi
technology, there have been some issues related to security, performance, interference and so on.
This project also attempted to address these same issues and developed a WLAN monitoring
software as an output of project. This tool can be used by general users and network administrators
to regularly scan and analyze their wireless networks and get overview of whats going on in their
networks. From that perspective, this project is very useful and viable among potential users. Some
of the new features are yet to be added to this system to provide even better solutions to the users.
(Referred to Section: Future Works)

73
Chapter 5: Social, Ethical and

Legal Issues

74

75
5.1 Social Issues

The developed system is a WLAN monitoring tool which means that it is capable of scanning the
wireless environment for detecting and identifying the wireless devices (APs and stations) present
in the surrounding. One may wonder about how this system can have impacts or issues in society.
The social issues of this project are as follows:
i. People can use this tool to scan and sniff over the wireless networks of other people or
their neighbors.
ii. When put on wrong hands, this tool or its outputs can be used to perform attacks on
others wireless networks. Using this tool, attackers can de-authenticate valid users
from their own network. Attackers can use the output of this program to crack Wi-Fi
passwords and decrypt wireless traffic.
iii. Privacy of people will be in risk because while using Wi-Fi, all our data transmissions
are going through air and this type of tools can capture them.
iv. Positioning system though intended to use for better purposes, may also be misused for
personal benefits and criminal activities. This will ultimately lead to conflicts and
instability in society.
v. Connecting to or using neighbors wireless network without permission is like stealing
from them.
5.2 Ethical Issues

The ethical issues that may arise with this project or the developed tool are as follows:
i. This is a kind of hacking tool and people may find ways to use it for their personal
benefits and harm others. In that case, the ethical values of the people will be affected.
ii. It is much easier to capture wireless data traffic using tools like this. Sometimes, this
may result in stealing of peoples intellectual property or some other sensitive
information. This is also an ethical issue of the project.
5.3 Legal Issues

This project might have numerous legal issues as it is directly related with wireless network
scanning and sniffing. Few years back, Google sniffed over hundreds of thousands citizens
internet traffic through their Wi-Fi while operating its Street View Map project. This act of Google
led it into a lot of controversial lawsuits (McMillan, 2010). Though Google later won the case and
judge even ruled that sniffing over open Wi-Fi networks is legal, there are still some portion of
Wi-Fi sniffing that is illegal.
Some of the legal issues that may arise with this project are:
i. Enabling monitor mode on some wireless NIC or adapter isnt legal.
ii. Operating wireless network in unauthorized signal strength is illegal. There are
regulations for Wi-Fi transmission in every country and we all must comply with that.

76
iii. Wireless scanning may or may not be illegal depending upon where you are and why
are you scanning the air.
iv. Sniffing over open Wi-Fi networks is legal because technically, its not stealing.
However sniffing over WEP or WPA networks isnt legal because thats much
intentional and is much like stealing.
v. Positioning of other peoples Wi-Fi enabled devices without their concession may not
be legal depending upon your purpose and your location.
References and Bibliography

1. Aircrack-ng, 2014. Aircrack-ng: Description. [online] Available from: www.aircrack-
ng.org [Accessed on 18th April 2014].
2. Bahl, P., Chanra, R., Padhye, J., Ravindranath, L., Singh, M., Wolman, A. and Zill, B.,
2006. Enhancing the Security of Corporate Wi-Fi Networks Using DAIR. [e-book]
Uppsala: Association for Computing Machinery, Inc. Available at: Google Books
https://www.usenix.org/legacy/events/mobisys06/full_papers/p1-bahl.pdf [Accessed on
23rd September 2013].
3. Baird, S., 2003. SAMS Teach Yourself: Extreme Programming in 24 Hours. Sams
Publishing.
4. Fluke Corporation, 2014. AirMagnet WiFi Analyzer: Anytime, Anywhere, WLAN

Monitoring and Troubleshooting. [online] Available from:
http://www.flukenetworks.com/enterprise-network/wireless-network/AirMagnet-WiFi-
Analyzer [Accessed on 10th April 2014].
5. McMillan, R., 2010. Lawsuits mount over Google Wi-Fi sniffing. PCWorld, [online] 4
June Available from:
http://www.pcworld.com/article/197985/lawsuits_mount_over_google_wifi_sniffing.htm
l [Accessed on 26 September 2013].
6. Fuhrman, C., Djlive, F., Palza, E., 2003. Software Verification and Validation within the
(Raitonal) Unified Process, IEEE Computer Society, [Journal]. Available from: IEEE.
77
7. Gast, M., 2002. 802.11 Wireless Networks: The Definitive Guide. OReilly.
8. Gift, N., Jones, J.M., 2008. Python for Unix and Linux System Administration. OReilly
Media.
9. Grayson, J.E., 2000. Python and Tkinter Programming: Graphical user interfaces for
Python Programs. Greenwich: Manning Publications Co.
10. Hendrickson, T., 2014. Advantages of Python as a programming language, Inside

Technology 360, [online]. Available from:
http://www.insidetechnology360.com/index.php/advantages-of-python-as-a-
programming-language-3948/ [Accessed on 5th December 2013].
11. Informa Telecoms and media (ITM) & Wireless Broadband Alliance (WBA), 2011. WBA
Industry Report 2011, Global Developments in Public Wi-Fi, [online] Available from:
http://www.wballiance.com/wba/wp-content/uploads/downloads/2012/07/16_WBA-
Industry-Report-2011-_Global-Developments-in-Public-Wi-Fi-1.00.pdf [Accessed on 19th
September 2013].
12. Kruchten, P., 2003. The Rational Unified Process: An Introduction, 3rd Edition. Addison
Wesley.
13. Lammle, T., 2012. CCNA Cisco Certified Network Associate: Study Guide. 7th Ed. New
Delhi: Wiley India Pvt. Ltd.
14. Park, J., Kaung, S., Kim, S., and Lee, W., 2012. A Study of Estimation of AP Position for
Improvement of Indoor Positioning Performance, International Journal of Control and
Automation, [Journal]. Available from: Korea Institute of Science and Technology
Information and Kyungpook National University.

78
15. PassMark Software, 2014. WirelessMon: Monitor Wireless 802.11 WiFi. [online]
Available from: http://www.passmark.com/products/wirelessmonitor.htm [Accessed on
12th April 2014].
16. Prince, R., 2005. Using RUP/UP: 10 Easy Steps, Kansas:X-tier SAE Inc.
17. RSS, 2014. Taskforce to study feasibility for making country free wifi zone. Republica
[online] 1st January. Available at:
http://www.myrepublica.com/portal/index.php?action=news_details&news_id=67202
[Accessed on 5th January 2014].
18. Schluting, C., 2009. Understanding Your WLAN Management Options, Enterprise
Networking Planet, [online]. Available from:
http://www.enterprisenetworkingplanet.com/netsysm/article.php/3855716/Understanding
-Your-WLAN-Management-Options.htm [Accessed on 18th April 2014].
19. Shahid, N., Khan, O.A., Anwar, S.K., Pirzada, U.T., 2000. Rational Unified Process, [pdf].
Available from: http://www.ovais.khan.tripod.com/papers/Rational_Unified_Process.pdf
[Accessed on 5th December 2013].
20. Snehal, S.B., Vanjale, S.B., and Mane, P.B., 2011. Providing Data Security in WLAN by
Detecting Unauthorized Access Points and Attacks, 3(5), International Journal of
Engineering Science and Technology (IJEST), [Journal]. Available from: Viswakarma
Institute of Information Technology: Maharastra.
21. Webwise Team, 2012. What is wireless internet (Wi-Fi)? [online] Available from:
http://www.bbc.co.uk/webwise/guides/about-wifi [Accessed on 19 September 2013].
22. Wi-Fi Alliance, 2014. Discover Wi-Fi: Wi-Fi CERTIFIED ac, Wi-Fi Alliance, [online].
Available from: http://www.wi-fi.org/discover-wi-fi/wi-fi-certified-ac [Accessed on 17th
April 2014].
79
23. Wi-Fi Alliance, 2012. The State of Wi-Fi Security: Wi-Fi Certified WPA2 Delivers
Advanced Security to Homes, Enterprises and Mobile Devices, 2012 [online] Available
from: http://www.wi-fi.org/knowledge-center/white-papers/state-wi-fi%C2%AE-
security-wi-fi-certified%E2%84%A2-wpa2%E2%84%A2-delivers-advanced [Accessed
on 22nd September 2013].
24. ZDNet, 2008. Walking the WLAN wire: Interview with Amit Sinha, CTO of AirDefense.
[online] Available from: www.eweek.com on 14th January 2008. [Accessed on 28th
November 2013].

80
Appendix A
1.1 Requirement Gathering- Questionnaire Form

The main objective of this questionnaire is to collect and understand the common practices
of people while using wireless technologies like Wi-Fi.
1. Which type of network connection you generally use to access internet?

o Wired
o Wireless
o Both
2. In your opinion or experience, which one is more reliable and convenient for your
way-to-day life?
o Wired
o Wireless
o Not sure
3. You feel more secured while accessing internet using ...... connection(s).
o Wired
o Wireless
o Both
o No idea
4. You use internet for:

Social networking
E-banking
Online shopping
Online education

81
Online job or any job requiring internet access

Entertainment
5. You use WiFi mostly at:

Home
College/University/School
Office
Public places (cafe, airport, stadium, etc.)
6. Which type of authentication you generally find in the WiFi networks you connect
to?
o Open
o WEP
o WPA/WPA2
o Don't know
7. You find the necessity of entering a password to connect to WiFi network or Hotspot
as a........... Process.
o Cumbersome or time consuming
o useful and protecting
o don't know
8. If you find an open Wi-Fi (Wi-Fi not asking for password) in your neighborhood or
some other places, will you connect to it?
o Yes
o No
o It Depends.

82
9. You use Wi-Fi mostly for.......

accessing Internet
file sharing
local resources sharing
managing workgroups
10. Have you ever configured and/or managed your Wi-Fi network yourself?
o Yes
o No
o I tried but couldn't.
11. Do you use any Wi-Fi monitoring tool to know who are connected in your network
and what's happening in it?
o Yes
o No
o Never heard of one.
12. Lately, an effort is being made on developing an indoor positioning system using
Wi-Fi technology which will allow us to locate the Wi-Fi enabled devices inside
our premises. Would you like to use this type of service from your existing Wireless
infrastructure?
o Yes
o No
o Don't know.
Submit
83

84
1.2 Analysis of Questionnaire

Abstract
This report presents the analysis of the results obtained from the questionnaire done with the
purpose of gathering requirements of the project. Since the main aim of this project is to develop
a tool and methodology for proper WLAN security management, this questionnaire mainly
contains the questions related to common understanding and common practices of people
regarding the usage of Wi-Fi technology. The main targeted audiences of this questionnaire are
students, professionals and general people in overall. The responses given by these people towards
the questions asked, have been analyzed in this report.

85
Table of Contents
Abstract ............................................................................................................................................1
Introduction ......................................................................................................................................3
Analysis............................................................................................................................................3
Question No. : 1 ..........................................................................................................................4
Question No. : 2 ..........................................................................................................................4
Question No. : 3 ..........................................................................................................................5
Question No. : 4 ..........................................................................................................................5
Question No. : 5 ..........................................................................................................................6
Question No. : 6 ..........................................................................................................................6
Question No. : 7 ..........................................................................................................................7
Question No. : 8 ..........................................................................................................................7
Question No. : 9 ..........................................................................................................................8
Question No. : 10 ........................................................................................................................8
Question No. : 11 ........................................................................................................................9
Question No. : 12 ........................................................................................................................9
Introduction
The questionnaire contained twelve questions and all of them were directly or indirectly related to
people's understanding and usage of Wi-Fi technology. Since the targeted audience of this
questionnaire were non-technical or general public, every question was prepared and structured in
such a way that it was simple to understand and easy to answer. Avoiding technical terms and
complex concepts was the first priority while preparing the questionnaire. But it was also very
important to obtain information about however complex concept called Wireless security, so the
questions had to be made with great care. Despite being simple to understand, these questions also
had to be capable of collecting appropriate information from the audiences regarding the subject
matter. Hopefully, this questionnaire has fulfilled this requirement.
Among 12 questions, the first 3 questions are much similar. It has been done so in order to make
the participants get comfortable with the questionnaire and get started easily. Then, from fourth

86
question, the questions are more specific towards the subject matter. The questions and their
answers have been created with the objective of accommodating all the possible reactions of the
targeted audience. In order to validate the effectiveness and approachability of the questionnaire,
Dr. Guru Tej and Fransisca Tej, lecturers at Islington College, were requested to review the
questionnaire. They acknowledged that the questionnaire was easy to understand and they
themselves also filled up the form. They also quoted that it took less than 2 minutes for them to
complete this questionnaire which was actually a very good characteristic of a questionnaire
according to them. They too supported the similarity and easiness of the first three questions. They
suggested to work on question no. 12 to make it further simple and elaborative for general people.
In overall, they found it easy to understand and answer as well as rated it as a good questionnaire.
After being reviewed and acknowledged by Dr. Guru Tej and Fransisca Tej, the questionnaire was
published in google docs for participants' response. People were requested to participate in the
questionnaire through social networking sites like Facebook. Most of the participants were
students from Islington College, Microsoft Student Partners (MSPs) from Microsoft Innovation
Centre (Kathmandu, Chitwan), and some of my friends studying in other colleges in different
faculties.
Analysis
In total, 91 people responded to the questionnaire. Though majority of the respondents were among
the targeted audiences of the survey, the result obtained from the questionnaire is somehow
unexpected and varying. It was expected that most of the educated people in present scenario are
well aware about the issues of cyber security, privacy and protection of Intellectual rights, but
however this survey has shown a bit different result. The detailed analysis of responses to every
question of the questionnaire is as follows:
Question No. : 1
Which type of network connection you generally use to access internet?

87
Wired 9 10%
Wireless 57 63%
Both 25 27%
This denotes that wireless technology is the most widely used and popular means of
communication among the people.
Question No. : 2
In your opinion or experience, which one is more reliable and convenient

for your day-to-day life?
Wired 15 16%
Wireless 74 81%
Not sure 2 2%
74 out of 91 participants chosed wireless communication for their day-to-day operations. This
clearly indicates that people prefer and find it comfortable to use wireless technology like Wi-Fi.
It may be because of the mobility and flexibility provided by wireless communication. Whereas
15 people chosed wired network maybe because they find it more secure, reliable and quality
assuring. It might have also happened due to unavailability of wireless coverage or older network
infrastructure.
88
Question No. : 3
You feel more secured while accessing internet using ...... connection(s).
Wired 37 41%
Wireless 18 20%
Both 24 26%
No idea 12 13%
The responses to this question are distributed almost equally among all the options provided. This
indicates that there's varying understanding in people about the security related issues of any
technology. It can be assumed that 37 people answer with wired connection are more or less
security aware than those answering differently. While 12 respondents have no idea about the
question and this is actually a serious matter because it implies that these people don't have proper
knowledge on security which makes them vulnerable to potential threats.

89
Question No. : 4
You use internet for:
Social Networking 81 26%
E-banking 24 8%
Online shopping 23 7%
Online Education 67 22%
Online job or any job 41 13%

requiring internet access
Entertainment 71 23%
This represents the priorities and activities of people while connecting to internet. This can be
helpful in identifying and understanding the requirements and expectations of people from network.
This information can be useful for wireless security management and risk assessment.
Question No. : 5
You use WiFi mostly at:
Home 82 47%
College/University/Scho 55 31%
ol
Office 16 9%
Public places (cafe, 23 13%

airport, stadium, etc.)

90
This information can be useful for identifying and site surveying of the Wi-Fi networks. Based on
this information, the appropriate working fields of a Wi-Fi security managing and positioning tool
can be determined. According to the responses received, home and colleges/universities are the
places where Wi-Fi is implemented most widely.
Question No. : 6
Which type of authentication you generally find in the WiFi networks you
connect to?
Open 5 5%
WEP 10 11%
WPA/WPA2 65 71%
Don't know 11 12%
This is one of the most important questions in this questionnaire because it deals with a very
sensitive and critical aspects of security which are encryption and access control. 5 out of 91 use
open Wi-Fi networks, 10 out of 91 use WEP networks. Using open or WEP encrypted Wi-Fi
networks is highly risky and insecure action. It's very good thing that 65 out of 91 people use
WPA/WPA2 authentication. While 11 people don't know about the authentication in Wi-Fi network,
which doesn't indicate whether they are vulnerable to wireless security threats or not. But they
definitely require awareness on this matter.
Question No. : 7
You find the necessity of entering a password to connect to WiFi network

91
or Hotspot as a ........... process.
cumbersome or time 7 8%
consuming
useful and protecting 75 85%
don't know 6 7%
The responses received to this question are as expected. Majority of the people (75/91) think
password protected Wi-Fi networks are safe and useful. This denotes that most of the people
understand the importance of using passwords.
Question No. : 8
If you find an open Wi-Fi (Wi-Fi not asking for password) in your
neighborhood or some other places, will you connect to it?
Yes 32 36%
No 4 4%
It Depends. 54 60%
This question was intended to be a sort of psychological one. It was expected that most of the
people are aware about the security risks that come along with the use of open Wi-Fi networks, so
most of them weren't supposed to be using them. But surprisingly, 32 among 91 people, answered
Yes to this question. And 54 people preferred to choose It depends. This justifies why Wi-Fi

92
security is so critical and important topic in network security and management. People can be
easily lured to connect to the fake access points or honeypot networks created by attackers simply
through the use of open Wi-Fi networks. And until people won't stop to connect to unknown open
Wi-Fi networks, any approach to Wi-Fi security cannot obtain considerable success.
Question No. : 9
You use Wi-Fi mostly for.......
Accessing internet 86 64%
File sharing 25 19%
Local resources sharing 14 10%
Managing workgroups 9 7%
This information can be useful for identifying the targeted network traffic in the wireless networks
while using the wireless monitoring tools.
Question No. : 10
Have you ever configured and/or managed your Wi-Fi network yourself?
Yes 62 69%
No 20 22%
I tried but 8 9%
couldn't.

93
62 among 91 participants have experience of configuring their own Wi-Fi networks. This is a quite
good result from the perspective of wireless networking.
Question No. : 11
Do you use any Wi-Fi monitoring tool to know who are connected in your
network and what's happening in it?
Yes 44 49%
No 36 40%
Never heard of one 10 11%
44 people are using or might have used Wi-Fi monitoring tool. This represent that they are
interested in knowing and learning about what's going on in their networks. For whatever purpose
they use these tools, but it ultimately helps in securing Wi-Fi networks. While rest of the others
don't use them or haven't even heard of it. This means they have no way of monitoring and
analyzing network activities. This might have happened because of lack of knowledge, lack of
concern about security, complexity of the tools and so on.
Question No. : 12
Lately, an effort is being made on developing an indoor positioning system

using Wi-Fi technology which will allow us to locate the Wi-Fi enabled
devices inside our premises. Would you like to use this type of service

94
from your existing Wireless infrastructure?
Yes 66 73%
No 5 6%
Don't know. 19 21%
This is helpful in determining the need and enthusiasm of people about the Wi-Fi based indoor
positioning system. 66 people are interested about it, which is very encouraging.

95
1.3 Final SRS Document

Title: WLAN SECURITY MANAGEMENT WITH PRECISE POSITIONING
Version number: 2.0
Date: 1 January 2014
Group ID: L3N2
Supervisors:
First Supervisor: Saroj Sharan Regmi
Second Supervisor: Roshan Chaudhary
Revision History
SRS document version 1:
The first SRS document was reviewed by first Supervisor, Saroj Sharan Regmi. He suggested to
give more priority to wireless scanning and positioning modules than to GUI. Also, he advised to
put legal issues which may arise while performing wireless scanning and device tracking.
1.3.1 Scope of Project

This system will have a desktop based Graphical User Interface. There would open a prompt
window asking user to choose the interface to use and its mode as soon as the program is run. After
the interface is selected, the program will start scanning the wireless vicinity and then will plot the
wireless devices in the graphical UI based on their proximity with the scanning device. Then the
user will be able to select particular client device or AP and scan it more intensely. User would be
capable of saving the session or current information anytime.
1.3.2 Functional Requirements

This system fulfills following functional requirements:
1.3.2.1 Wireless Scan

The first function of this system is to correctly scan the wireless vicinity in as less time as possible.
For this purpose, the system must successfully put the wireless interface into monitor mode. It is
also important to save the scan results after the scan is completed so that it can be retrieved later
96
for analysis. The legal policies should also be taken into consideration while performing this
activity because every country have their own laws regarding the wireless signal transmission and
wireless data collection. And, it is also essential to ensure whether the wireless adapter being used
allows and supports wireless scanning in promiscuous mode or not.
1.3.2.2 Positioning
This is one of the main objective of this project. After the program will perform its initial scan for
identifying wireless devices in the vicinity, the discovered devices will be plotted in the window
based on the received signal strength from those devices and their calculated distance from the
scanning device.
1.3.2.3 Security Analysis

This is the ultimate goal of this entire project. All the scans and positioning activities performed
by this system is for analyzing and managing the security of the wireless network. Through
wireless scanning, this program will be able to discover security vulnerabilities in the wireless
network and detect certain types of malicious activities occurring in the vicinity. This program will
also recommend possible solutions for those problems.
1.3.2.4 Graphical Plot

This is an optional functionality in this project. It will be done if there will be sufficient time to do
it. Otherwise, a command line interface is preferred for successful completion of the project in
case there's no enough time. In this section, the system will redirect all the scan results from the
Wireless Scan to be displayed in the Graphical User Interface. Initially, the system will just scan
for the existence of the wireless devices inside the vicinity and plot them in the window. Then, the
user can select the particular device and perform further more scans on it to obtain detailed
information from that device. The results obtained from the later scan will be plotted in the new
window.
1.3.3 Non-Functional Requirements

The non-functional requirements of the system can be broadly categorized as follows:
1.3.3.1 Hardware requirements

It mainly involves wireless 802.11 compatible devices or adapters and a working computer. Having

97
extra antenna either omni-directional or bi-directional or uni-directional antenna is recommended.

Especially for positioning purpose, it is recommended to have at least three wireless scanning
devices for triangulation.
1.3.3.2 Software requirements

Software based requirements can be described as:
i. Performance Requirements
This program should perform its functionalities in less time, as much as possible. This software
will not also consume huge CPU and memory resources.
ii. Usability Requirements
To improve usability of the system from the point of view of the users, this program should be
developed in simple, easy to use and effective Graphical User Interface. And the steps and time
required to do a particular action with the program should also be as much less as possible.
iii. Security Requirements
This system will be storing information collected through the sniffing of the network which will
include information related to the vulnerabilities in the scanned network and devices. So,
maintaining the security which will ensure the confidentiality of the information and logs, is
essential in this system. Also, the security policies and law enforcements related to Wireless
security should be studied and implemented in this project in order to avoid any possible law
infringement by this system.
1.3.4 Use case diagrams

This is a standalone desktop based application, thats why there are no multiple actors or user
categories. The user requiring to scan the wireless environment simply runs this program and the
program performs its predefined functionalities according to the user's needs. The image given
below illustrates the use case diagram of this system:

98
Fig: Use Case Diagram
1.3.5 Usage Scenarios

The usage scenarios for this system are as follows:
1.3.5.1 Wireless Scan

Use Case ID: 1
Use Case Title: Wireless Scan
Actions: i. User selects the wireless interface to scan with.
ii. System changes the interface into monitor mode.
iii. As an advanced setup, user can customize the scanning parameters

or simply use the default ones.

99
iv. System begins to scan the wireless vicinity and regularly dumps the
result for future reference.
Description: During wireless scanning, user can
i. Scan and sniff all the wireless traffic going through the wireless
coverage area.
ii. Customize the scanning parameters like channel, interface, BSSIDs,

probes, beacons, and so on.
iii. Dump scan result into a file which can be opened and analyzed later.
Alternative Paths: N/A
Pre-conditions: Wireless interface for scanning has not been already selected.
Post-conditions: The user can perform the actions mentioned in the description.
Authors: Anyone using the system.
Exceptions: An error message is displayed in case of invalid or unavailable wireless

interface. Sometimes, incompatible wireless driver can also result in
warning. Lack of permissions would be another case for error message.
1.3.5.2 Positioning
Use Case ID: 3
Use Case Title: Positioning
Actions: i. System evaluates the Received Signal Strength from the wireless
devices and on the basis of that, an approximate distance is
calculated.

100
ii. In case of triangulation (in case of three Aps or scanning devices),

almost accurate position can be calculated.
iii. Sends the position to GUI and devices are plotted accordingly.
Description: The system uses certain algorithm for positioning the wireless devices and
redirect their output to Graphical Plot for representing them properly.
Pre-conditions: Wireless Scan and Graphical plot should be working properly.
Post-conditions: N/A
Authors: System user
Exceptions: Alerts are displayed if positioning doesn't work properly.
1.3.5.3 Security Analysis

Use Case ID: 4
Use Case Title: Security Analysis
Actions: i. Program lists the wireless traffics.
ii. User can choose the wireless device or network to sniff upon.
iii. User can also select the type of traffic to listen to.
Description: i. User can filter specific type of network traffic and then analyze
them.
ii. User can view details about certain activity in wireless network.

101
iii. Type of authentication or encryption implemented in the network,

types of probes sent from wireless clients, wireless handshaking
procedures, etc. can be captured and evaluated.
Pre-conditions: Wireless Scan should be working properly.
Post-conditions: User can do all the actions mentioned earlier in actions and descriptions.
Authors: System User
Exceptions: Alerts on failure of wireless scanning or sniffing.
1.3.5.4 Graphical Plot

Use Case ID: 2
Use Case Title: Graphical Plot
Actions: i. System redirects all the scan output to the graphical user interface
of the program for simple and easy to understand result.
ii. Represents all the Access points and clients available in the vicinity.
Description: Using graphical user interface, user can
i. easily understand and use the system
ii. Navigate deeper by clicking wireless devices represented.
iii. View properties of the device or data traffic on mouse hover.
Alternative Paths: Command line interface for Linux users.
Pre-conditions: Wireless scan should be successfully running or completed.

102
Post-conditions: The user can perform the actions mentioned in description.
Authors: Anyone using the system.
Exceptions: An error message if wireless scan is not working properly.
Appendix B
2.1 User Manual
The main objective of this user manual is to help users get easily started with the system. Below
are the steps to be followed in order to use this system:
i. First of all, get either the source code or compiled version of the program and save it
in your computer hard disk.
ii. Install Python programming language, and third party libraries for python known as
Scapy, Tkinter and Pmw. Which operating system you are using doesnt matter until
you have got all these libraries installed and working properly. The recommended OS
for this program is Linux based OS because Scapy works best in linux. In Windows,
Tkinter comes by default with Python.
iii. Then you need a wireless NIC embedded in most of the laptops or external wireless
adapter to be used with this software.
iv. After the runtime environment and the wireless interface are ready, go to the programs
folder and then the program can be executed simply by using the command python
index.py in command prompt or terminal or console.
v. Now, you are ready to start using this software. The program provides a very simple
and minimal display, so there shouldnt be any problem in using this program.
vi. If you have got any confusion about the usage of the program or anywhere else, you
may just read the documentation of the program.

103
Appendix C
3.1 Work Breakdown Structure
The entire project has been divided into multiple tasks and sub-tasks and certain time period has
been allocated for each task or sub-task. The WBS is as follows:
Fig: Work Breakdown Structure

104
3.2 Gantt chart

The Gantt chart of the project is given below:
Fig: Gantt chart of the project

105
The author has requested enhancement of the downloaded file. All in-text references underlined in blue are linked to publications on ResearchGate.

WLAN Security Management With Precise Positioning-FYP-Sajjan Bhattarai-11069720

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WLAN Security Management With Precise Positioning-FYP-Sajjan Bhattarai-11069720

Uploaded by

Copyright:

Available Formats

Islington College

Kamal Marg, Kamal Pokhari

Final Year Project

WLAN Security Management with Precise Positioning

1st Supervisor: Saroj Sharan Regmi

2nd Supervisor: Roshan Chaudhary

Submission Date: 25th April 2014

London Metropolitan University

London Metropolitan University

I , Project Supervisor hereby approve this Research

London Metropolitan University

Keywords: WLAN Security, Indoor Positioning System, Rational Unified Process

London Metropolitan University

3.2.1 Planning .................................................................................................................. 32

London Metropolitan University

RF: Radio Frequency

WEP: Wired Equivalent Privacy

WPA: Wi-Fi Protected Access

(W)LAN: (Wireless) Local Area Network

AP: Access Point

RUP: Rational Unified Process

SDLC: Software Development Life-Cycle

SRS: Software Requirement Specification

GUI: Graphical User Interface

UML: Unified Modeling Language

London Metropolitan University

London Metropolitan University

1.1 Topic Introduction

Fig: Wireless Internet Growth (US) (Bridge Ratings, 2011)

1.2 Problem Domain

London Metropolitan University

1.3 Proposed Solutions

1.4 Aim and Objectives

Understanding of current scenarios in the field of Wi-Fi technology.

London Metropolitan University

London Metropolitan University

1.5 Report Structure

London Metropolitan University

Chapter 2: Background and

London Metropolitan University

2.1 WLAN: In-depth

2.1.1 802.11 Standard

IEEE Speed Frequency Notes

2.1.3 Air Scanning/Monitoring

London Metropolitan University

2.1.4 Wi-Fi Based Positioning

London Metropolitan University

2.2 Clients/End Users perspective

London Metropolitan University

Never heard of one 10 11%

2.3 Similar Studies/Projects/Systems

2.3.1 Similar Studies

2.3.1.1 Providing Data Security in WLAN by Detecting unauthorized Access

London Metropolitan University

2.3.1.2 A Study of Estimation of AP Position for Improvement of Indoor

London Metropolitan University

2.3.2 Similar Projects and Systems

2.3.2.2 AirMagnet WiFi Analyzer

London Metropolitan University

Ability to log information and provide statistical information.

London Metropolitan University

2.4 Considerations/Alternatives Implemented Regarding the

2.4.1 Considered Development Methodologies

Enhanced Waterfall Model