Prism Strip

Prism-strip is a part of Airbase suite of products, which strips the prism header from IEEE 802.11 wireless frames. Along with removing the prism header, prism-strip also strips the checksums present at the trailing end of the wireless packet. Airbase is a collection of wireless utilities and libraries for crafting, parsing , injecting wireless 802.11 packets.

IEEE 802.11 wireless packets contain different headers. Prism header is inserted into the packet by the driver while sniffing wireless packets. Prism header contains the information like the time at which driver received the packet, the time at which the packet was delivered to MAC layer, the channel on which the packet was received, the signal strength and noise level while receiving the packet etc. This is actually not a part of IEEE 802.11 wireless standard. Different driver might put different information headers in prism header there by complicating the parsing. Prism strip tool helps to standardize the traces to contain header from IEEE 802.11 onwards. Prism strip tool also removes the FCS (Frame Check Sequence) and other check sums present at the end of the packet. The network protocol analyzers like wireshark or ethereal parse all the packet in sequence and cannot differentiate between actual packet headers and FCS, thus classifying correct packet as malformed packet sometimes. Prism-strip helps to remove such checksums.

Enable Javascript or Download Flash Playe if you see this!

The Airbase suite provides other tools like simple-replay, pcap2air, lorcon and some libraries for wireless packet capture and wireless packet injection along with simple-replay.

Links

1. Prism-strip download

Amit Vartak, 27 is working in wired and wireless security fields since last 3-4 years. His current area of interest includes IEEE 802.11 (Wi-Fi) suite of protocols, vulnerabilities in these protocols and countermeasure for those vulnerabilities. Working on cutting edge tools and technology always keeps him busy. He has contributed from concept level to final prototyping for the presentations in Defcon 2007 (The Emperor Has No Cloak - WEP Cloaking Exposed) and Toorcon 2007 (Caffe latte attack). He holds 2 patents with USPTO (current status: Patent Pending) and a few papers in IEEE journals on wireless protocol vulnerabilities. Prior to this, he was working on MEMS (Micro Electro Mechanical Systems) and has published a few papers in SPIE and ICMAT. (Yeah… kindda orthogonal fields… but technology really doesn’t limit the talent :) He did his masters in Electrical Engineering from one of the premier institutes in India, Indian Institute of Technology, Bombay (IIT-Bombay) and his under graduation, from University of Mumbai in Electronics and Telecommunication Engineering. He is currently working with AirTight Networks Inc. as a team lead in technology group since last 3 years.You can get in touch with him at amitcv[at]gmail[dot]com