book

802.11 Wireless Networks: The Definitive Guide, 2nd Edition

by Matthew S. Gast

April 2005

Beginner to intermediate

670 pages

22h 56m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Prometheus Untethered: The Possibilities of Wireless LANsAudienceOverture for Book in Black and White, Opus 2Major Changes from the First EditionConventions Used in This BookUsing Code ExamplesSafari® Books OnlineHow to Contact UsAcknowledgments
Why Wireless?Radio Spectrum: The Key ResourceThe ISM bandsWhat Makes Wireless Networks DifferentLack of Physical BoundaryDynamic Physical MediumSecurityA Network by Any Other Name...The Wonderful Thing About Standards...
IEEE 802 Network Technology Family Tree802.11 Nomenclature and DesignTypes of NetworksIndependent networksInfrastructure networksExtended service areasMulti-BSS environments: “virtual APs”Robust security networks (RSNs)The Distribution System, RevisitedInteraccess point communication as part of the distribution systemWireless bridges and the distribution systemNetwork Boundaries802.11 Network OperationsNetwork ServicesStation servicesDistribution system servicesConfidentiality and access controlSpectrum management servicesMobility SupportDesigning Networks for MobilityProprietary mobility systems
Challenges for the MACRF Link QualityThe Hidden Node ProblemMAC Access Modes and TimingCarrier-Sensing Functions and the Network Allocation VectorInterframe SpacingInterframe spacing and priorityContention-Based Access Using the DCFError Recovery with the DCFUsing the retry countersBackoff with the DCFFragmentation and ReassemblyFrame FormatFrame ControlDuration/ID FieldDuration: setting the NAVFrames transmitted during contention-free periodsPS-Poll framesAddress FieldsSequence Control FieldFrame BodyFrame Check SequenceEncapsulation of Higher-Layer Protocols Within 802.11Contention-Based Data ServiceBroadcast and Multicast Data or Management FramesUnicast FramesBasic positive acknowledgment (final fragment)FragmentationRTS/CTSRTS/CTS with fragmentationPowersaving SequencesImmediate responseDeferred responseMultirate SupportRate selection and fallbackFrame Processing and BridgingWireless Medium to Wired Medium (802.11 to Ethernet)Wired Medium to Wireless Medium (Ethernet to 802.11)Quality of Service Extensions
Data FramesFrame ControlDurationAddressing and DS BitsVariations on the Data Frame ThemeApplied Data FramingIBSS framesFrames from the APFrames to the APFrames in a WDSEncrypted framesControl FramesCommon Frame Control FieldRequest to Send (RTS)Clear to Send (CTS)Acknowledgment (ACK)Power-Save Poll (PS-Poll)Management FramesThe Structure of Management FramesAddress fieldsDuration calculationsFrame bodyFixed-Length Management Frame ComponentsAuthentication Algorithm NumberAuthentication Transaction Sequence NumberBeacon intervalCapability InformationCurrent AP AddressListen intervalAssociation IDTimestampReason CodeStatus CodeManagement Frame Information ElementsService Set Identity (SSID)Supported RatesFH Parameter SetDS Parameter SetTraffic Indication Map (TIM)CF Parameter SetIBSS Parameter SetCountryHopping Pattern Parameters and Hopping Pattern TableRequestChallenge TextPower ConstraintPower CapabilityTPC RequestTPC ReportSupported ChannelsChannel Switch AnnouncementMeasurement Request and Measurement ReportQuietIBSS DFSERP InformationRobust Security NetworkExtended Supported RatesWi-Fi Protected Access (WPA)Types of Management FramesBeaconProbe RequestProbe ResponseIBSS announcement traffic indication map (ATIM)Disassociation and DeauthenticationAssociation RequestReassociation RequestAssociation Response and Reassociation ResponseAuthenticationAction frameFrame Transmission and Association and Authentication StatesFrame ClassesClass 1 framesClass 2 framesClass 3 frames
Cryptographic Background to WEPStream Cipher SecurityCryptographic PoliticsWEP Cryptographic OperationsWEP Data ProcessingWEP data transmissionWEP key lengthTypes of WEP keysManual (static) versus automatic (dynamic) WEPWEP key numbering and storageWEP EncapsulationProblems with WEPCryptographic Properties of RC4Design Flaws of the WEP SystemKey Recovery Attacks Against WEPKey recovery defensesDynamic WEP
The Extensible Authentication ProtocolEAP Packet FormatEAP Requests and ResponsesType code 1: IdentityType code 2: NotificationType code 3: NAKEAP Authentication MethodsEAP Success and FailureA Sample EAP ExchangeEAP MethodsCryptographic MethodsLEAPCode 13: EAP-TLSCode 21: EAP-TTLS and Code 25: EAP-PEAPNoncryptographic EAP MethodsCode 4: MD-5 ChallengeCode 6: Generic Token CardCode 29: EAP-MSCHAP-V2Code 18: EAP-SIM and Code 23: EAP-AKAOther Inner Authentication MethodsPassword Authentication Protocol (PAP)Challenge Handshake Authentication Protocol (CHAP)MS-CHAP, version 1802.1X: Network Port Authentication802.1X Architecture and Nomenclature802.1X frame filteringEAPOL EncapsulationAddressing802.1X on Wireless LANsSample 802.1X Exchange on 802.11Dynamic keying
The Temporal Key Integrity Protocol (TKIP)TKIP Differences from WEPTKIP initialization vector use and key mixingTKIP sequence counter and replay protectionThe Michael integrity check and countermeasuresTKIP Data Processing and OperationTKIP key mixing and key constructionTKI P data transmissionTKIP receptionThe Michael Integrity CheckMichael data processingMichael countermeasuresCounter Mode with CBC-MAC (CCMP)CCMP Data ProcessingCCMP data transmissionCCMP receptionRobust Security Network (RSN) Operations802.11i Key HierarchyPairwise key hierarchyGroup key hierarchy802.11i Key Derivation and DistributionUpdating pairwise keys: the four-way handshakeUpdating group keys: the group key handshakeMixing Encryption TypesKey Caching
Management ArchitectureScanningPassive ScanningActive ScanningScan ReportJoiningAuthentication802.11 “Authentication”Open-system authenticationThe legacy of shared-key authenticationDefeating shared-key authenticationPreauthentication802.11 Preauthentication802.11i Preauthentication and Key CachingAssociationAssociation ProcedureReassociation ProcedurePower ConservationPower Management in Infrastructure NetworksUnicast frame buffering and delivery using the Traffic Indication Map (TIM)Delivering multicast and broadcast frames: the Delivery TIM (DTIM)IBSS Power ManagementTimer SynchronizationInfrastructure Timing SynchronizationIBSS Timing SynchronizationSpectrum ManagementTransmit Power Control (TPC)Basic operation of transmit power controlChanges to the association processChanging the transmission powerDynamic Frequency Selection (DFS)Basic operation of DFSQuieting the channelMeasuringRadar scanIBSS operationAction FramesMeasurement Request frameMeasurement ReportTPC Request and ReportChannel Switch Announcement

Contention-Free Access Using the PCFPCF OperationReserving the medium during the contention-free periodThe polling listTransmissions from the Access PointContention-Free Period DurationDetailed PCF FramingContention-Free End (CF-End)CF-End+CF-AckCF Parameter SetPower Management and the PCF
Physical-Layer ArchitectureThe Radio LinkLicensing and RegulationFrequency allocation and unlicensed frequency bandsOther unlicensed bandsSpread SpectrumTypes of spread spectrumRF Propagation with 802.11Signal Reception and PerformanceThe Shannon limitPath Loss, Range, and ThroughputMultipath InterferenceInter-Symbol Interference (ISI)RF Engineering for 802.11RF ComponentsAntennasAmplifiers
Frequency-Hopping Transmission802.11 FH Details802.11 Hop SequencesJoining an 802.11 Frequency-Hopping NetworkISM Emission Rules and Maximum ThroughputEffect of InterferenceGaussian Frequency Shift Keying (GFSK)2-Level GFSK4-Level GFSKFH PHY Convergence Procedure (PLCP)Framing and WhiteningFrequency-Hopping PMD SublayerPMD for 1.0-Mbps FH PHYPMD for 2.0-Mbps FH PHYCarrier sense/clear channel assessment (CS/CCA)Characteristics of the FH PHY
Direct Sequence TransmissionEncoding in 802.11 Direct Sequence NetworksRadio Spectrum Usage in 802.11 Direct Sequence NetworksChannel energy spreadAdjacent channel rejection and channel separationMaximum theoretical throughputInterference responseDifferential Phase Shift Keying (DPSK)Differential Binary Phase Shift Keying (DBPSK)Differential Quadrature Phase Shift Keying (DQPSK)The “Original” Direct Sequence PHYPLCP Framing and ProcessingDS Physical Medium Dependent SublayerTransmission at 1.0 MbpsTransmission at 2.0 MbpsCS/CCA for the DS PHYCharacteristics of the DS PHYComplementary Code KeyingHigh Rate Direct Sequence PHYPLCP Framing and ScramblingHR/DSSS PMDTransmission at 1.0 Mbps or 2.0 MbpsTransmission at 5.5 Mbps with CCKTransmission at 11 Mbps with CCKClear channel assessmentOptional Features of the 802.11b PHYCharacteristics of the HR/DSSS PHY
Orthogonal Frequency Division Multiplexing (OFDM)Carrier MultiplexingOrthogonality Explained (Without Calculus)Guard TimeCyclic Extensions (Cyclic Prefixes)WindowingOFDM as Applied by 802.11aOFDM Parameter Choice for 802.11aStructure of an Operating ChannelSubchannel modulation techniquesForward error correction with convolutional codingSubchannel interleavingOperating ChannelsOFDM PLCPFramingPreambleHeaderDataTrailerOFDM PMDEncoding and ModulationRadio Performance: Sensitivity and Channel RejectionClear Channel AssessmentTransmission and ReceptionAcknowledgmentAn example of OFDM encodingCharacteristics of the OFDM PHY
802.11g ComponentsCompatibility ChangesProtectionERP Physical Layer Convergence (PLCP)ERP-OFDM FramingSingle-Carrier Framing with 802.11gPBCC codingDSSS-OFDM framingERP Physical Medium Dependent (PMD) LayerClear Channel Assessment (CCA)Reception ProcedureCharacteristics of the ERP PHY
Common FeaturesMultiple-Input/Multiple-Output (MIMO)Channel WidthMAC Efficiency EnhancementsWWiSEMAC EnhancementsChannels and radio modesProtectionAggregation, bursting, and acknowledgmentThe WWiSE MIMO PHYStructure of an operating channelModulation and encodingInterleaverSpace-time block codingModulation ratesMIMO and transmission modesWWiSE PLCPThe SIGNAL-N fieldWWiSE PMDCharacteristics of the WWiSE PHYTGnSyncTGnSync MAC EnhancementsChannels, radio modes, and coexistenceAggregation and burstingProtectionPowersavingTGnSync PHY EnhancementsStructure of a channelBasic MIMO ratesTransmit modesOptional codingOptional short guard intervalTGnSync Physical Transmission (PLCP and PMD)Legacy headerHigh Throughput headerHigh-Throughput training fieldsData, tail, and paddingTGnSync PMDComparison and Conclusions
General Structure of an 802.11 InterfaceSoftware-Defined Radios: A DigressionA Few Words on 802.11 Hardware ImplementationsLearning more about cards: FCC filingsImplementation-Specific BehaviorRebooting Interface CardsScanning and RoamingRate SelectionReading the Specification SheetSensitivity ComparisonDelay Spread
Windows XPCard InstallationThird-party 802.1X stacks and the driver update processCisco client softwareChoosing a NetworkConfiguring Security Parameters and 802.1XConfiguring EAP MethodsEAP-TLSPEAP version 0Clearing credentials from the registrySecureW2: TTLS with ZeroConfigWPA Configuration and InstallationWindows 2000Dynamic WEP ConfigurationWindows Computer AuthenticationHow It Works
The AirPort Extreme CardSoftware InstallationConfiguring and Monitoring an AirPort InterfaceBasic configuration with the AirPort status iconConfiguration with the System Preferences applicationMonitoring the wireless interface802.1X on the AirPortConfiguring EAP MethodsTTLS configurationPEAP configurationThe KeychainAdding to the keychainTroubleshooting
PCMCIA Support on LinuxPCMCIA Card Services OverviewInterface names in LinuxHotplug system for automatic configurationPCMCIA Card Services InstallationMonitoring the CardsThe lights are not usefulTroubleshooting Resource ConflictsIRQsI/O portsLinux Wireless Extensions and ToolsCompiling and InstallingInterface Configuration with Wireless Tools and iwconfigFinding networksSetting the network nameSetting the network channelSetting the network mode and associating with an access pointSetting the data rateConfiguring static WEP keysTuning 802.11 parametersAgere (Lucent) OrinocoCompiling and InstallingPCMCIA configurationDoing it yourselfConfiguring the orinoco_cs InterfaceAtheros-Based cards and MADwifiDriver Architecture and the Hardware Access Layer (HAL)RequirementsBuilding the DriverUsing the Driver802.1X on Linux with xsupplicantRequirementsCompiling and Installing xsupplicantConfiguring xsupplicantPseudorandom number generationConnecting and Authenticating to a NetworkWPA on Linux
General Functions of an Access PointTypes of Access PointsFor the home: residential gatewaysFor the office: enterprise access pointsFor the large office: wireless switchesPower over Ethernet (PoE)Types of PoESelecting Access PointsAre Access Points Really Necessary?Cisco 1200 Access PointSetting Up the 1200Configuring Radio InterfacesInternetworkingConfiguring SecurityConfiguring WPA-PSKMonitoringTroubleshootingApple AirPortFirst-Time SetupThe Management InterfaceConfiguring the wireless interfaceConfiguration of the LAN interfaceAccess control
Evaluating a Logical ArchitectureMobilityDefining “mobility”SecurityPerformanceBackbone EngineeringBeacons, BSSIDs, and VLAN integrationIP addressingNetwork ServicesDHCPOperating system loginClient IntegrationTopology ExamplesTopology 1: The Monolithic Single-Subnet NetworkMobilityAddress assignment through DHCPSecurityBackbone engineeringPerformanceClient integrationTopology 2: “E.T. Phone Home” or “Island Paradise”MobilitySecurityPerformanceBackboneClientTopology 3: Dynamic VLAN AssignmentMobilitySecurityPerformanceBackboneClientTopology 4: Virtual Access PointsMobilitySecurityPerformanceBackboneClientChoosing Your Logical Architecture
Security Definition and AnalysisWireless LAN Security ProblemsYour credentials, please: authenticationSecrecy over the air: encryptionSecrecy and integrity of the whole network: rogue access pointsNetwork integrity: traffic injectionNetwork availability: denial of serviceNetwork integrity and availability: rogue clientsNetwork integrity: traffic separationAuthentication and Access ControlStation Authentication and AssociationLink-Layer AuthenticationWPA Personal (preshared key)802.1X-based EAP authenticationNetwork Layer AuthenticationIntegrating User Authentication Through RADIUSRADIUS authentication and Microsoft Windows databasesEnsuring Secrecy Through EncryptionStatic WEPDynamic WEP Keying with 802.1XImproved RC4-Based Encryption: TKIPCCMP: Encryption with AESHigher Layer Security Protocols (IPsec, SSL, and SSH)Selecting Security ProtocolsApplying Security in the Protocol StackCompound binding vulnerabilitiesEncryptionSecurity certificationsNetwork supportChoose AuthenticationChoosing an EAP methodAuthentication architectureChoose EncryptionMultiple SSID supportRogue Access PointsDetectionPhysical LocationDisabling Rogue APsAnd now, a word from your lawyers
Project Planning and RequirementsNetwork RequirementsCoverage RequirementsCoverage and physical installation restrictionsPerformance RequirementsExploring the coverage/quality trade-off and total area throughputClient limitationsRealistic throughput expectationsNumber of users per access pointMobility RequirementsNetwork Integration RequirementsPhysical integrationLogical integrationPhysical Layer Selection and Design2.4 GHz (802.11b/g) Channel LayoutLimitations of the 2.4 GHz channel layout5 GHz (802.11a) Channel LayoutMixed Channel Layouts (802.11a+b/g Networks)Planning Access-Point PlacementThe BuildingConstraints on AP placementBuildings in progressThe Preliminary PlanThe preliminary reportRadio Resource Management and Channel LayoutRefining and Testing the PlanValidation and test toolsRF fingerprint collectionPreparing the Final ReportUsing Antennas to Tailor CoverageAntenna TypesAntenna cablingAntenna diversityAmplifiers: bring on the heat
Network Analyzers802.11 Network AnalyzersEtherealCompilation and InstallationSetting the Wireless Interface for Monitor ModeCisco Aironet cardsPrism cardsOrinoco cardsAtheros-based cardsRunning EtherealCapturing dataData ReductionCapture filtersDisplay filtersUsing Ethereal for 802.11 AnalysisDisplay filtersUnderstanding the LLC header to isolate a protocol802.11 Network Analysis ChecklistDisplay Filter PrimitivesExcluding Beacon framesIsolating traffic from one stationIsolating a protocolCommon Troubleshooting TasksAuthentication troubleshootingKey distribution troubleshootingPerformance troubleshootingDecrypting WEP trafficRADIUS analysisOther ToolsFinding, Measuring, and Mapping NetworksWEP Key RecoveryKey recovery time estimatesAuthentication
802.11 Performance CalculationsExample CalculationOther components to a performance modelBlock acknowledgmentsImproving PerformanceTunable 802.11 ParametersRadio ManagementBeacon intervalRTS thresholdFragmentation thresholdRetry limitsTuning Power ManagementListen intervalDTIM PeriodATIM windowTiming OperationsScan timingTimers related to joining the networkDwell time (frequency-hopping networks only)Summary of Tunable Parameters
Standards WorkNew StandardsTask group E: quality of service extensionsTask group K: radio resourcesTask group N: high-throughput (100+ Mbps) MIMO PHYMore distant standardsRelated standardsCurrent Trends in Wireless NetworkingSecurityAuthentication protocolsAdmission controlRogue device controlDeployment and ManagementPlanning a networkBackhaulMini-"regulators” and arbitratorsGuest accessApplicationsLocationVoiceDatacastingProtocol ArchitectureFederations and mobilityFuture protocolsThe End

Content preview from 802.11 Wireless Networks: The Definitive Guide, 2nd Edition

Chapter 4. 802.11 Framing in Detail

Chapter 3 presented the basic frame structure and the fields that comprise it, but it did not go into detail about the different frame types. Ethernet framing is a simple matter: add a preamble, some addressing information, and tack on a frame check at the end. 802.11 framing is much more involved because the wireless medium requires several management features and corresponding frame types not found in wired networks.

Three major frame types exist. Data frames are the pack horses of 802.11, hauling data from station to station. Several different data frame flavors can occur, depending on the network. Control frames are used in conjunction with data frames to perform area-clearing operations, channel acquisition and carrier-sensing maintenance functions, and positive acknowledgment of received data. Control and data frames work in conjunction to deliver data reliably from station to station. Management frames perform supervisory functions; they are used to join and leave wireless networks and move associations from access point to access point.

This chapter is intended to be a reference. There is only so much life any author can breathe into framing details, no matter how much effort is expended to make the details interesting. Please feel free to skip this chapter in its entirety and flip back when you need in-depth information about frame structure. With rare exception, detailed framing relationships generally do not fall into the category of ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Wi-Fi 7 In Depth: Your guide to mastering Wi-Fi 7, the 802.11be protocol, and their deployment

Publisher Resources

ISBN: 0596100523Errata Page

802.11 Wireless Networks: The Definitive Guide, 2nd Edition

by Matthew S. Gast

Chapter 4. 802.11 Framing in Detail

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Wi-Fi 7 In Depth: Your guide to mastering Wi-Fi 7, the 802.11be protocol, and their deployment

Understanding and Troubleshooting Cisco Catalyst 9800 Series Wireless Controllers

Packet Guide to Core Network Protocols

Wi-Fi Fundamentals LiveLessons (Video Training): A CCNA Wireless and CWNA Primer

Publisher Resources

Chapter 4. 802.11 Framing in Detail

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Wi-Fi 7 In Depth: Your guide to mastering Wi-Fi 7, the 802.11be protocol, and their deployment

Understanding and Troubleshooting Cisco Catalyst 9800 Series Wireless Controllers

Packet Guide to Core Network Protocols

Wi-Fi Fundamentals LiveLessons (Video Training): A CCNA Wireless and CWNA Primer

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.