Workshop Presentation Chapter4 Yosuke TANAKA
Agenda(Framing in Detail) Data Frames Control Frames type RTS Duration CTS Addressing (!!important!!) Variation on Data Frame Theme Applied Data Framing ACK PS-Poll
Data Frames Octets: 2 2 6 6 6 2 6 0-2312 4 Frame Duration/ Address Address Address Sequence Address Frame FCS Control ID 1 2 3 Control 4 Body type Duration Addressing MAC Header Variation on Data Frame Theme Applied Data Framing Figures are from nakaji's presentation
See Table4-1 Destinct 1 Type of Data Frame Contention-free service (no fear of contention) Contention-based service (some probability ) Destinct 2 Carry data or not
Duration It carries Network Allocation Vector(NAV) There are 4 rules 1. Transmit during contention-free period Set 32,768 Any data frames transmitted during this period 2. Broadcast/Multicast destination No need atomic exchange, no need ACK by receivers Set 0
Duration 3 More Fragment bit is 0 -> Figure 4-2 no more fragment Set 1 SIFS + 1 ACK 4 More Fragment bit is 1 -> Figure 4-3 More fragment remain Set 3 SIFS + 2 ACK + time for next fragment
Before explaining Addressing BSSID Each BSS has a BSSID (48 bit) In infrastructure BSS, BSSID = MAC-addr of AP In IBSS, Universal/Local bit for new BSSID Set 1 -> local address Set 0 -> Universal address Individual/Group bit Set 0 in IBSS And generate random 46 bits All 1s BSSID is the Broadcast BSSID pass through any BSSID Used only when sta try to locate a Network by sending probe requests
Addressing See Table 4-2 Address1 receiver Address2 transmitter = put frames onto radio link Also served Address3,4 There are 4 cases
Addressing Case 1 IBSS No AP, only mobile station Address1 -> dst-addr(sta) Address2 -> src-addr(sta) Address3 -> BSSID (random 46 bits + 2 optional bits)
Addressing Case 2 To AP (Infrastructure BSS) See Figure 4-4 Address1 -> BSSID(AP's interface MAC-addr) Address2 -> src-addr Address3 -> dst-addr
Addressing Case 3 From AP (Infrastructure BSS) See Figure 4-5 Address1 -> dst-addr Address2 -> BSSID(AP's interface MAC-addr) Address3 -> src-addr
Addressing Case 4 WDS (bridge) See Figure 4-6 Address1 -> ReceiverAP-addr (server side AP) Address2 -> TransmitterAP-addr (client side AP) Address3 -> dst-addr (server) Address4 -> src-addr (client)
Variation on the Data Frame Theme Depends on contention-based or contention-free service Contention-based Data Simple frames to move the body from one sta to another Null -> Figure 4-7 Consists of MAC header + FCS trailer e.g. When sta inform AP of changes in power-saving status. Then, AP must begin buffering frames for sleeping sta. Contention-free -> detail in chapter9
Applying Data Framing MAC header format of Previous 4 cases IBSS frames Frames From AP Frames To AP Frames in WDS already explain in previous pages(in Addressing) SEE Figure 4-8 - 4-11
Agenda(Framing in Detail) Data Frames Control Frames type RTS Duration CTS Addressing (!!important!!) Variation on Data Frame Theme Applied Data Framing ACK PS-Poll
Control Frames
Request to Send (RTS) Only header, no data transmitted Frame Control = 1011 Duration -> figure 4-14 Time require = 3 SIFS + 1 CTS + 1 ACK + frametime Address1 dst-addr Address2 src-addr
Clear to Send (CTS) Generated only to answer for RTS Frame Control = 1100 Duration -> figure 4-16 Time require = 2 SIFS + frametime + 1 ACK = subtract 1CTS and 1 SIFS from Duration in RTC
Acknowledgement (ACK) Positive ACK (received a frame -> send ack) Frame Control = 1101 Duration -> figure 4-18 ACK for final fragment or a complete data Duration = 0 ACK for not final fragment (there are more fragment) Duration = subtract 1CTS and 1 SIFS from most recent Duration
Power-Save Poll (PS-Poll) When station wake from power-save mode, this frame is transmitted to AP Frame Control = 1010
Workshop presentation 11/24 Hongguang Jia
Management Frames Establishing the identity 3 procedures locate a network be authenticated by network associate with an access point
The Structure of Management Frames MAC header is same information elements
Address fields(1/2) destination address Stations check BSSID to limit broadcast and multicast management frames Exception: Beacon frames
Address fields(2/2) BSSIDs Access points: Interface MAC address Stations In BSS access point s BSSID In IBSS random BSSID Exception: seeking network BSSID broadcast BSSID
Duration calculations in contention-free period 32,768 in contention-based access periods broadcast or multicast 0 If a nonfinal fragment is part of a multiframe exchange microseconds taken up by three SIFS intervals + the next fragment and its acknowledgment Final fragments the time required for one acknowledgment + one SIFS
Frame body fixed-length fields: fixed fields variable-length fields: information elements
Fixed-Length Management Frame Components 10 fixed-length fields may appear do not have a header
Authentication Algorithm Number Authentication Algorithm Number 2 bytes Value 0 meaning Open System authentica tion 1 Shared Key authentica tion 2-65,535 Reserved
Authentication Transaction Sequence Number track progress through authentication exchange 2 bytes 1 ~ 65,535
Beacon interval Beacon transmissions announce the network existence at regular intervals Beacon frames BSS parameters and the buffered frames 2 bytes TU: 1024 ms
Capability Information 2 bytes
Capability Information ESS/IBSS 10: access point is part of an infrastructure network 01: IBSS Privacy requires the use of WEP Short Preamble Use of the short preamble PBCC Use of the packet binary convolution coding modulation scheme
Capability Information Channel Agility use of the Channel Agility option Short Slot Time use of the shorter slot time DSSS-OFDM use of DSSS-OFDM frame construction Contention-free polling bits Stations and access points use these two bits as a label Read 86-87 pages for label s meaning
Current AP Address 5 bytes Listen Interval 2 bytes number of Beacon intervals Association ID 2 bytes the two most significant bits are set to 1 1-2,007
Timestamp 8 bytes allows synchronization between the stations in a BSS master timekeeper for a BSS periodically transmits the number of microseconds it has been active
Reason Code 2 bytes disassociation or deauthentication reason Status code 2 bytes indicate the success or failure of an operation 0: success nonzero: fail Read 89-91 page for detailed status code meaning
Management Frame Information Elements variable-length components ID number, a length, and a variable-length component Read 92 page for details
Service Set Identity (SSID) a string of bytes that labels the BSSID 0-32 bytes 0 byte: broadcast SSID
Supported Rates a string of bytes Each byte seven low-order bits: data rate the most significant bit: whether the data rate is mandatory 1: mandatory 0: optional Extended Supported Rates handles more than eight data rates multiple of 500 kbps, max is 63.5Mbps
Read 94-95 page for details
FH Parameter Set Dwell Time time spent on each channel in the hopping sequence Hop Set the set of hop patterns Hop Pattern hopping pattern Hop Index the current point in the hop sequence
DS Parameter Set channel number
Traffic Indication Map (TIM) which stations have buffered traffic waiting to be picked up DTIM Count the number of Beacons that will be transmitted before the next DTIM frame DTIM frames indicate that buffered broadcast and multicast frames will be delivered shortly Not all Beacon frames are DTIM frames
Traffic Indication Map (TIM) DTIM Period the number of Beacon intervals between DTIM frames 0 is reserved and is not used Bitmap Control and Partial Virtual Bitmap Bit 0 reserved for multicast traffic traffic indication status of Association ID 0 Bit 1-7 Bitmap Offset field
CF Parameter Set transmitted in Beacons by access points that support contention-free operation IBSS Parameter Set the announcement traffic indication map (ATIM) window only in IBSS Beacon frames the number of time units (TUs) between ATIM frames
Country Country String (3 bytes) first two letters: ISO country code 3rd character I: indoor regulation O: outdoor regulation First Channel Number (1 byte) the lowest channel subject to the power constraint Number of Channels (1 byte) The size of the band subject to the power constraint Maximum Transmit Power (1 byte) Unit: dbm Pad (1 byte; optional) even number of bytes When odd: 0
Hopping Pattern Parameters and Hopping Pattern Table Request ask the network for certain information elements Challenge Text shared-key authentication requires successfully decrypt an encrypted challenge Power Constraint the maximum transmit power local constraint reduces the regulatory maximum
Power Capability a station reports its minimum and maximum transmit power TPC Request request radio link management information length field is always zero TPC Report For stations to know how to tune transmission power two one-byte fields transmit power (dbm) link margin: the number of decibels of safety
Supported Channels describes sub-bands that are supported
Channel Switch Announcement impending channel change information Channel Switch Mode 1: associated stations stop transmitting 0: no restriction New Channel Number Max 255 Channel Switch Count the number of Beacon frame transmission intervals that it will take to change the channel.
Measurement Request and Measurement Report Quiet To find the presence of radar or other interference 8 bytes Quiet Count the number of Beacon transmission intervals until the quiet period begins Quiet Period 0: no scheduled quiet periods Otherwise: the number of beacon intervals between quiet periods Quiet Duration the number of time units the quiet period lasts Quiet Offset the number of time units after a Beacon interval that the next quiet period will begin
IBSS DFS dynamic frequency selection BSS (1 bit) If frames from another network are detected OFDM Preamble (1 bit) If the 802.11a short training sequence is detected Unidentified Signal (1 bit) If the signal cannot be classified Radar (1 bit) If a radar signal is detected Unmeasured (1 bit) If the channel was not measured
ERP Information Non-ERP present when an older, non-802.11g station associates to a network when overlapping networks that are not capable of using 802.11g are detected Use Protection incapable of operating at 802.11g data rates are present Barker Preamble Mode if the stations are not capable of the short preamble mode
Robust Security Network a way to communicate security information between stations Version 1: 802.11i 0: reserved Other: not defined Group cipher suite AP must select a single group cipher compatible with all associated stations to protect broadcast and multicast frames cipher suite selector: 4 bytes an OUI for the vendor a number to identify the cipher
Robust Security Network Pairwise Cipher Suites (count + list) may be several pairwise cipher suites to protect unicast frames 2 bytes Zero: support for only the group cipher suite Authentication and Key Management (AKM) suites (count + list) multiple authentication types A count A series of 4 bytes suite identifiers an OUI a suite type number
Robust Security Network RSN Capabilties what the transmitter is capable of Followed by reserved bits that must be set to zero Pre-authentication indicate AP can perform pre-authentication with other APs No Pairwise support a manual WEP key for broadcast data in conjunction with a stronger unicast key Pairwise Replay Counter and Group Replay Counter the number of replay counters PMK list (count + list) list of master keys
Extended Supported Rates identically to the Supported Rates element element body of up to 255 bytes
Wi-Fi Protected Access (WPA) a slight modification of a subset of 802.11i identical to the Robust Security Network information element The element ID is 221, not 48. A WPA-specific tag of 00:50:F2:01 is inserted before the version field. Microsoft's OUI (00:50:F2) is used instead of the 802.11 working group's OUI. Only one cipher suite and one authentication suite are supported TKIP is the default cipher, rather than CCMP. preauthentication capabilities bit is always zero
Types of Management Frames Beacon Frames announce the existence of a network transmitted at regular intervals Probe Request scan an area for existing 802.11 networks Probe Response If a Probe Request encounters a network with compatible parameters, the network sends a Probe Response frame
Types of Management Frames IBSS announcement traffic indication map (ATIM) a station in an IBSS has buffered frames Disassociation and Deauthentication Disassociation frames: end an association relationship Deauthentication frames: end an authentication relationship
Types of Management Frames Association Request Sent when a station try to join a compatible network Reassociation Request moving between basic service areas within the same extended service area rejoin the coverage area of an access point
Types of Management Frames Association Response and Reassociation Response Response to association request Authentication stations authenticated using a shared key, and exchanged Authentication frames Action frame trigger measurements Read 106-111 page for detailed frame structure