Comp 349-001/449-001: Wireless Networks & Security, Fall 2008

Peter Dordal, Loyola University Chicago Dept of Computer Science

Thursday 4:15-6:45, LT-412 (Linux lab)

Text: William Stallings, Wireless Communications & Networks, 2nd Edition, 2005, Pearson Prentice Hall, ISBN 0-13-191835-4

My general course groundrules are here. Exams will count for between 70% to 80% of your grade, with homework and programs making up the rest.

I will be in my office Monday, Dec 8, 10:00-4:00, Wed Dec 10, 1:00-4:00, and Friday Dec 12, 10:00-6:00.

Study guides and materials

Take-home final exam, Due Friday December 12.

Course evaluation link

Midterm study guide is now (mostly) done. The midterm is Oct 23.

Course notes
Week 1: August 28 Week 2: Sept 4 Week 3: Sept 11
Week 4: Sept 18 Week 5: Sept 25 Week 6: Oct 2
Week 7: Oct 9 Week 8: Oct 16 Week 9: Oct 23
Week 10: Oct 30 Week 11: Nov 6 Week 12: Nov 13
Week 13: Nov 20 Thanksgiving Week 14: Dec 4


Program 1: Collision simulation version 1, due Oct 2

Program 2: block codes, due Oct 9; also and

Program 3: Cracking WEP (simulation), due Dec 4

Some links


Wi-fi techniques cartoon, Randall Munroe
Waveguide cantenna, Greg Rehm
More mathematical version, Martti Palomaki
Pringles Yagi, Rob Flickenger
Cantenna Yagi, Andrew Clapp
FCC 15.247 rules
Bay of Fundy, Wikipedia (an example of wave resonance)

IEEE 802.11 MAC & PHYS layers, 1999

802.11 tutorial, Pablo Brenner

packet-types article, Jim Geier

Files for mod2-division: and

Wireless and airplanes (Maybe so. Maybe no.)

some tcpdump sniffs

Notes on sniffing, with annotations of some of the following:

bluebird_conn.text, a sniff of a windows machine connecting to a (blue) wireless router.
bluebird2.text, null packets and ACK packets
bluebird_dis2.text, a disconnection
office2.text, a linux machine in my office trying to connect. Lots of ProbeReqs! Internal annotation.
thursday.text, just in case you thought there was some privacy! See lines 1157, 1923, 2025++, 4036 (sing_Services), 329166 (Peter)

cisco info on Wireless Domain Services, the cisco DS mechanism

Boston MBTA RFID-card hack, from Defcon, with some neat RFID plots

WEP Weaknesses

Fluhrer, Mantin & Shamir, Weaknesses in Key-scheduling for RC-4 The deepest flaw. Longer keys won't fix it.
Stubblefield, Ioannidis, Rubin, Using FMS to break WEP
Tim Newsham, Cracking WEP Keys. Lots on key weakness and brute-force options.
Borisov, Goldberg, Wagner, Intercepting Mobile Communications. An excellent summary of techniques.
Arbaugh, Your 802.11 Wireless Network has No Clothes. WEP authentication is also broken.
Beck and Tews, Practical attacks against WEP and WPA
Tews, Weinmann & Pyshkin, Breaking WEP in 60 seconds, my rc4 demo code
WEP IV-to-keystream calculator

Some last-minute files:, md5demo.out, lc1.html

summary (sort of by week)

1. History of wireless; basic technologies such as FHSS, DSSS
2. Signal issues
3. Antenna issues;
4. Collision detection issues; Ethernet v Wireless
5. 802.11 and its variants
6. Managing wireless networks
7. Wireless authentication, RADIUS
8. midterm exam
9. bluetooth, wi-max, ???
10. Wireless & linux
11. Large-scale wireless design & management
12. WEP, WAP, security
13. continued
14. AirCrack, other attacks


The course addresses how wireless networks (especially IEEE 802.11 "wi-fi") work. Special emphasis is given to wireless security, including how authentication issues are addressed, how to make sure outsiders can't get into your network, how to detect unauthorized wireless access points, and how to monitor wireless traffic.