B. Rogue AP Detection Performed One

B. Rogue AP Detection Performed One Hop Away
Aggregating the responsibility of monitoring rogue APs on
several segments into a central location is an obvious need.
We attempt to take a step in that direction by testing our
approach one hop downstream from the monitored node.
Specifically, we test to see if the inter-packet spacing
characteristic will hold, once the flows traverse a loaded
switch and once potentially variable queuing delays are
introduced. To more accurately model a congested
intermediate switch, we generated different levels of cross
traffic at the intermediate switch. The purpose of the cross
traffic is to place a load on the intermediate switch, not to
inject packets into the experiment flow stream. Thus, the
testbeds shown in Figures 1 and 2 were expanded to include
an additional router with two machines connected. The
additional components were injected at the point “β” shown
in Figures 1 and 2.
Figure 5 shows that the basic premise of using inter-packet
spacing to detect unwanted wireless traffic holds with an
additional hop placed in the network. The intermediate node
is lightly loaded with TCP cross traffic traversing the switch
simultaneous with the experiment traffic.
Figures 6 & 7 illustrate the resilience of the schemes and
show that inter-packet characteristics can be preserved even
when traversing an intermediate switch which was mildly to
heavily loaded with aggressive UDP traffic.