802.11 Wireless Networks: The Definitive Guide by Matthew Gast The unconfirmed error reports are from readers. They have not yet been approved or disproved by the author or editor and represent solely the opinion of the reader. Here's a key to the markup: [page-number]: serious technical mistake {page-number}: minor technical mistake : important language/formatting problem (page-number): language change or minor formatting problem ?page-number?: reader question or request for clarification This page was updated January 20, 2004. UNCONFIRMED errors and comments from readers: (4) "The ISM Bands", first paragraph; At first glance, it appears that there is a conflict between the statement that 2.4 GHz microwaves are effective for heating water and the fact that water does not absorb radiation at that frequency effectively. (See sidebar on p. 154.) There is actually not a conflict here. Microwaves heat water by twisting water molecules, not by causing water molecules to enter an excited state. Due to the large dipole moment of water, it can be twisted reasonably effectively. The reason that 2.4 GHz was chosen is that water molecules are twisted one way and then reversed, and the goal was to twist a precise amount. The desired period of the twisting action dictates the frequency of the electric field oscillation, and thus, the frequency. This process is described in detail in _Fundamentals of Physics_ (4th edition) by Halliday, Resnick, and Walker. {11} Figure 2-4; On the "Infrastructure BSS" diagram in Figure 2-4, there is a dotted line indicating a wireless connection between the two notebooks at the bottom. While this would be accurate for a Independent BSS (ad-hoc BSS), it is inacurate for the Infrastructure BSS, where all traffic must pass first to the Access point (AP). [13] Last paragraph; The statement "In figure 2.5 the router uses a single MAC address to deliver frames to a mobile station;...." is somewhat misleading, as it may be interpretted as stating that when the router wishes to send a frame to any station in the ESS, the router will always use the same MAC address. More appropriate wording would be "The router in figure 2.5 addresses each station on the local lan using that station's unique MAC address as the destination. All access points within the ESS operate in concert to ensure only the access point that currently owns the association with the addressed station, will send the frame to that station over its wired to wireless bridge." [36] 1st full paragraph; Mr. Gast says that in 802.11 MAC headers, the most signifigant bits are last. However, when I look at source code for Kismet, Ethereal, and Orinoco driver, they all treat the BYTE order as if it were Little Endian, but the bit order in within the bytes is still most significant bits first. Also, looking at Ethereal's actual parsing of a packet would also indicate that the packets are Little Endian byte order. Please clarify this discrepancy for me. I suppose this could also be considered a serious technical error if I am correct. {38} Table 3-1; The subtype name for subtype value 0111 in Table 3-1 should be CF-Ack+CF-Poll rather than Data+CF-Ack+CF-Poll. (40) 2nd paragraph; In figure 3-11, it shows that the ps-pool frame has bit 14 and 15 both set to 1, but in the paragraph on page 40 describing the PS-Pool frame, it states that the bit is set to 0. [64] Figure 4-16; The last bar in figure 4-16, "Duration in RTS: 3xSIFS + ACK + frame time" should read "Duration in RTS: 3xSIFS + CTS + ACK + frame time". The CTS term is missing. {76} Figure 4-33; The Length field of the Supported Rates Information Element is labeled as 2 octets. Like all other IEs it should only be one. (fig 4-32) I had several problems understanding this diagram at first. The "7" over the Data Rate Label, really should be "0-7" as this is a variable length field (only the data rates supported would be here). And the zoom out is an example of two elements, inspite of the label which is singular. You have to read the text to figure this out. Also the Mandatory field is shown on the right, whereas the example codes it on the left. The ordering probably doesn't matter, but the flipping causes some confusion. Suggestion: Put the "Mandatory" rate field first, and the optionals last on the frame. BTW: they are all rate labels. And the positioning of the "Least <-> Most significant" label is also misleading. The rates labels don't appear to have any order, and I'm guessing this is really intended to talk about the label bit encoding, but it's on top of the label bytes. It should be moved down to the expanded field view. {91} 3rd paragraph; in the WEP key lengh sidebar talking about the 128-bit WEP, Gast says, "After subtracting 104 bits for the shared secret component of the RC4 key, only 104 bits are secret", when he means something like "after subtracting the 24 bit Initialization Vector component of the RC4 key, only 104 bits are secret." (97) Item 4; SSH is the name of a compnay in Finland that provides IPSec and SSL protocol software. I believe you mean SSL (not SSH). This same typo appears on page 306 (multipel places), 310 and page 357. (109) 7. in ordered list; Minor typo: The last part of the last sentence reads "put the port back into an authorized station." ^^^^^^^ state. (118) 1st paragraph; Minor typo: The last part of the second sentence (first full sentence on the page) reads: "...must wait for the congestion window to elapse before transmitting." Elsewhere in the book, including in Figure 7-3 on the same page, this is referred to as the "contention window" not "congestion window". [132] Figure 7-12; Station1 should assert a PS-Poll frame to AP at the second beacon interval as well as the fifth beacon interval. {165} 3rd paragraph / Figure 10-1; The third paragraph says that "In [figure 10-1], the hopping pattern is {2,8,4,7}". The figure shows {2,8,4,6}. {181} Figure 10-16; Figure 10-15 shows the first side lobe extending 11Mhz out from the center frequency. This is correct I believe. Figure 10-16 shows the first side lobe extending out what appears to be about 5Mhz. If it were 11Mhz then it would extend to almost the halfway point between Channels 1 and 6. The scale of the lobe pattern appears to be skewed. {186} 5th paragraph ; In the paragraph titled "Header" it says: "Five fields comprise the header:....". It's wrong. It says twice the same field (Signal) so it should say "Four fields..." and cite the Signal field only once. (209) Figure 11-12; I think that the unit is wrong. I think that it is not a MS (milli second) but a US (micro second). (230) paragraph under Figure 12-24; The last sentence says that 'Peer-to-Peer networks are infrastructure networks.' I believe 'Peer-to-Peer networks would be considered iBSS and NOT infrastructure networks. {252} 2nd paragraph, kill command; A more elegant way to HUP a process is: kill -1 `ps ax | grep "[c]ardmgr" | awk '{print $1}'` You remove the u flag in ps aux since you don't care about the user running the process. grep "[c]ardmgr" avoids having to use grep -v grep. We put the double quotes in grep's argument to pass through the shell. Awk prints $1 since ps doesn't print the user anymore. {276} Last paragraph before "Filtering management connections"; The paragraph beginning "Closed Wireless System" implies that Lucent APs are able to drop any traffic from non-Orinoco cards. Strictly speaking, that is incorrect. At the time the text was written, Orinoco was the only vendor that implemented the feature, so by definition, it resulted in dropping all traffic from other vendors' equipment. That is no longer the case. Many other vendors have duplicated the feature, and it is now widely available on many products. Discussion of this feature needs substantial expansion. In addition to expanding this paragraph, the book should also include a discussion of SSID broadcasts in the security chapter and deployment chapter, and note that many analysis tools now flag SSID broadcasts as a potential security vulnerability. (299) 2nd paragraph; The author states "802.11 allows an ESS to extend across subnet boundaries, as in Figure 15-4a." This figure doesn't mention ESS and this statement is contradicted elsewhere (e.g. page 306 "..ESS should therefore be a single IP subnet." I think the sentence should read "802.11 allows an SSID to extend across subnet boundaries ...". (307) first paragraph; "read-dressing" should really be "re-addressing" {333} First Paragraph; Ethereal now supports Lucent Orinoco under Linux, making the statement "For data capture on Linux, only Intersil-based cards are supported." See http://www.ethereal.com/faq.html#q4.21 [415] Lower Right, item "PMD"; PMD should be "... The lower component of the PHY, responsible for transmitting RF signals ..." instead of "...... The lower component of the MAC ..."