Forum

  • Hi all. I know that an RF jammer completely cripples the wireless network, to the point whereby you can no longer see anything wirelessly - even beacons. My question is around what the client/AP see's during an RF jammer attack. For the purpose of this question can we leave out proprietary tools that can see the spectrum (such as Cisco CleanAir technology).

    What I think is happening is this. Before a client transmits it performs a CCA (Clear Channel Assessment) to see if the wireless medium is in use. The CCA consists of a CS (Carrier Sense) which looks for wireless communication and ED (Energy Detect) which looks for raw RF communication. My guess would be therefore, that a client (during CCA ED) would see communication on the RF channel (from the jammer) and would therefore cease any wireless contention.

    Does that understanding correctly explain what the client experiences during a jammer attack? Any thoughts?

    Darren

  • My understanding is that the radios themselves are unable to detect non-802.11 interference; they are only able to see 802.11 frames, so that the problem with non-802.11 interference is that the radio doesn’t see the interference and xmits anyway, when the receiving radio fails to send the ack the xmitter retransmits, and this repeats ad infinitum.

    I’ve seen a 2.4 RFID reader shut down 800,000²/ft of WLAN; and I mean shut it down!

    Chris

  • Thanks for the reply Chris.

    To be honest, that's what I thought (that clients cannot detect non-802.11 transmissions). However, the CWDP book states otherwise and even includes an example of a client (during CCA) detecting a microwave oven which is obviously a non-802.11 device.

    Interesting about the RFID device, that must have been pumping out some serious power!!

    Darren

  • A multitude of interference types can shut down a network.

    It may not matter if a client or AP can identify the device causing the problem.    If it can't communicate, it's generating lots of failures, and therefore knows something is going on.

    Does it tell anyone ?    That's a different question.

  • Hi Howard, thanks for taking the time to comment but my query still remains. Let me address your comments;

    "A multitude of interference types can shut down a network." - this was not my question and your statement is pretty obvious. At no point did I suggest that a jammer was the only interference type to shut down a network...

    "It may not matter if a client or AP can identify the device causing the problem.    If it can't communicate, it's generating lots of failures, and therefore knows something is going on." - this is missing the point of my question. To put it simply, I was asking for the logic behind a jammer attack and how it prevents a client communicating - hence my comment about CCA. You say if it can't communicate it generates lots of failures, surely that is obvious.....

    "Does it tell anyone ?    That's a different question." - not sure what you mean here. Does 'what' tell anyone?

    Darren

  • Good question, Darren. I didn't know if you have read the following article, but i think the answers of your questions are there.

    http://www.revolutionwifi.net/2011/03/understanding-wi-fi-carrier-sense.html

    thanks

  • Darren,

    Your original observation is correct.

    My post was actually in response to your question about whether "detection" occurred.   All  I was trying to get across was that just because it "detects" interference, does not imply that it can "identify" its source.

  • Thanks for the replies guys. The link to the Revolution WiFi website was very useful, thanks.

    Howard, understood and agreed. Detection of interference and identification are completely different animals. In my example I was simply referring to a device detecting interference and therefore not transmitting. To identify the source you could use a spectrum analyser for example (to determine if its bluetooth interference, jammer, etc).

    Thanks

    Darren

Page 1 of 1
  • 1