1 / 79

IEEE 802.11 Frames

IEEE 802.11 Frames. Physical Layer Data Link Layer. Introduction. Wireless LAN standard 802.11 defines the layer 2 in great detail specifying numerous frames that have applications in different situations This presentation is intended to explain the fundamental frames in WLAN 802.11.

juan
Télécharger la présentation

IEEE 802.11 Frames

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. IEEE 802.11 Frames Physical Layer Data Link Layer

  2. Introduction • Wireless LAN standard 802.11 defines the layer 2 in great detail specifying numerous frames that have applications in different situations • This presentation is intended to explain the fundamental frames in WLAN 802.11

  3. IEEE 802.11 Standard Regarding Layer 2 • The 802.11 standard is written by IEEE committees • IEEE splits the Layer 2 functions into two sub-layers: • Link Logical Control LLC • Medium Access Control MAC

  4. IEEE Jargon • Actually this is inherited from OSI/ISO • PDU Protocol Data Unit • A protocol header with encapsulated data • SDU Service Data Unit • The encapsulated data or payload

  5. Data Link Layer • Upper layer queries L2 • Upper layer passes PDU down Upper Layer LLC sub-layer IEEE Layer 2 MAC sub-layer MAC Protocol Data Unit MPDU MPDU has a 2,304 bytes MTU

  6. IEEE 802.11 Layer 2 Medium Access Control

  7. IEEE 802.11 General Layer 2 Frame • What do we need in the frame?

  8. IEEE 802.11 General Frame • What do we need in the frame? • A payload that carries upper layer data Payload 2,304 Bytes

  9. IEEE 802.11 General Frame • What do we need in the frame? • A payload that carries upper layer data • Payload MTU is 2,304 Bytes • Larger than Ethernet MTU • Why would we need that larger payload? Payload 2,304 Bytes

  10. IEEE 802.11 General Frame • What do we need in the frame? • A payload that carries upper layer data • Payload MTU is 2,304 Bytes • Larger than Ethernet MTU • Payload is larger to support additional encapsulating headers like LLC headers, tunnelling, security, QoS, etc Payload 2,304 Bytes

  11. IEEE 802.11 General Frame • What else do we need in the frame? Payload

  12. IEEE 802.11 General Frame • What do we need in the frame? • L2 MAC addresses: destinations and sources • Different situations require more than 2 addresses Address 1 Address 2 Address 3 Address 4 Payload

  13. IEEE 802.11 MAC Addresses • 802.11 frames have four address fields. • These four address fields will contain either three or four MAC addresses depending of the network infrastructure • The MAC addresses are: • Destination Address • Source Address • Receiver Address: different cases

  14. IEEE 802.11 Addresses • Case: from wireless station A to wireless station B via AP Destination Address MAC of Station B Source Address MAC Address of Station A BSSID

  15. IEEE 802.11 Addresses • Case: from wireless station A to “ in wired infrastructure” destination Destination Address MAC of Station C Source Address MAC Address of Station A BSSID

  16. IEEE 802.11 General Frame • How do we need in the frame? • Stations require a confirmation that a Data Frame has been received successfully • Data frames have to be acknowledged back to the sender • There are two ways to implement this scheme: • Send part of the original frame back to sender (more bytes to implement) • Identify each frame with a number (cheaper, less bytes to implement) • Wireless 802.11 uses identification numbers

  17. IEEE 802.11 General Frame • What do we need in the frame? • Each frame needs a number to identify it • Data frames have to be acknowledged back to the sender • Each frame needs a number for identification Address 1 Address 2 Address 3 Sequence Control Address 4 Payload

  18. IEEE 802.11 General Frame • What do we need in the frame? • The Station occupies the medium for a certain time Address 1 Address 2 Address 3 Sequence Control Address 4 Payload

  19. IEEE 802.11 General Frame • What do we need in the frame? • The Station occupies the medium for a certain time • The station advertises such time to avoid collisions Duration ID Address 1 Address 2 Address 3 Sequence Control Address 4 Payload

  20. IEEE 802.11 General Frame • What else do we need in the frame? • There are different types of frames in 802.11: Frame Control Duration ID Address 1 Address 2 Address 3 Sequence Control Address 4 Body 2 Bytes 2 Bytes 6 Bytes 6 Bytes 6 Bytes 2 Bytes 6 Bytes 2,312 Bytes

  21. IEEE 802.11 General Frame • What else do we need in the frame? • There are three (3) types of frames in 802.11: • Management • Control • Data Frame Control Duration ID Address 1 Address 2 Address 3 Sequence Control Address 4 Body 2 Bytes 2 Bytes 6 Bytes 6 Bytes 6 Bytes 2 Bytes 6 Bytes 2,312 Bytes

  22. IEEE 802.11 General Frame • What do we need in the frame? • Correct frames are ACKed • Damaged frames must be discarded Frame Control Duration ID Address 1 Address 2 Address 3 Sequence Control Address 4 Body 2 Bytes 2 Bytes 6 Bytes 6 Bytes 6 Bytes 2 Bytes 6 Bytes 2,312 Bytes

  23. IEEE 802.11 General Frame • What do we need in the frame? • Damaged frames must be discarded • A checksum calculated on the whole frame is used to verify that the data has not been corrupted Frame Control Duration ID Address 1 Address 2 Address 3 Sequence Control Address 4 Body FCS 2 Bytes 2 Bytes 6 Bytes 6 Bytes 6 Bytes 2 Bytes 6 Bytes 2,312 Bytes

  24. IEEE 802.11 General Frame • This is the IEEE 802.11 General Frame Frame Control Duration ID Address 1 Address 2 Address 3 Sequence Control Address 4 Body FCS 2 Bytes 2 Bytes 6 Bytes 6 Bytes 6 Bytes 2 Bytes 6 Bytes 2,312 Bytes

  25. IEEE 802.11 Frame The Fields in more detail

  26. Frame Control Field • The frame control indicates the type of the frame • It also indicates the specific purpose of the frame • Also, it points out if certain properties are being used

  27. Frame Control • 2 Bytes long • 2 bits for VERSION = 00 • 2 bits for TYPE = 00,01,10, 11 • 4 bits for SUB-TYPE = from 000 to 1111

  28. Frame Control Field • TYPE sub-field • 00 Management Frames • 01 Control Frames • 10 Data Frames • 11 unused reserved

  29. Frame Control Field • SUB-TYPE sub-field (4 bits) • 00 Management Frames • Association • Re-association • Probe • Beacon (1000) • Authentication

  30. Frame Control Field • SUB-TYPE sub-field (4 bits) • 01 Control Frames • Power Save Poll • RTS • CTS • ACK • Contention Free • CF-end + CF-ACK

  31. Frame Control Field • SUB-TYPE sub-field (4 bits) • 10 Data Frames • Data (0000) • Data + ACK + CF • Null Data • QoS Data • etc

  32. Frame Control Field • Power management bit • Battery conservation mode • Buffering of data by Access Point • More Data bit • Data is buffered by AP • AP sends data to stations that awake • Meaning: more data to come, do not go to sleep again • Protected data bit • The L2 frame is protected by security (WEP)

  33. Duration / ID Field • Network Access Vector NAV • Contention free period • PS-Poll power save poll

  34. Sequence Control Field • Twelve (12) bits sequence number to identify the frames

  35. Payload • The IEEE 802.11 has no Type field to indicate what it is inside the payload • The payload might contain several modes of encapsulation • These modes are described in two documents: RFC 1042 and 802.11H (Ethernet Tunnel) • The payload can use encapsulated: • LLC Sub-network Access Protocol SNAP • Ethernet standard • Ethernet tunnel

  36. Standard Ethernet Payload 802.11 Header Payload Ethernet header derived Type Encapsulated PDU Ethernet header derived 0800 Encapsulated IP Packet Example

  37. 802.3 LLC Payload 802.11 Header Payload MAC Addresses derived SNAP DSAP AAhex SNAP SSAP AAhex Control UI Ethernet Tunnel Type Encapsulated PDU

  38. 802.3 RFC-1042 Payload 802.11 Header Payload MAC Addresses derived SNAP DSAP AAhex SNAP SSAP AAhex Control UI RFC1042 encapsulation Type Encapsulated PDU

  39. Checksum • Calculated over whole frame • Calculated in both ends • If correct match in destination, then accept, and ACK back • Otherwise, discard, do not ACK

  40. 802.11 Frames Management, Important frames

  41. Acknowledgement • All Unicast data frames need to be ACKed Frame Control (2 bytes) Duration (2 bytes) MAC Address of original data frame Sender (6 bytes) Checksum (2 bytes)

  42. Management Frames • Information elements are inside the payload in fixed fields Frame Control Duration ID Address 1 Address 2 Address 3 Sequence Control Body FCS 2 Bytes 2 Bytes 6 Bytes 6 Bytes 6 Bytes 2 Bytes 2,312 Bytes Authentication data Beacon Association Etc.

  43. Management Type Sub-type Beacon • Beacons announce the existence of 802.11 BSS at regular intervals • All stations must listen to beacons • Ad-hoc (IBSSS) send Beacons as well • In a WLAN (EBSSS) only the AP sends Beacons • In short, client stations learn the wireless network profile from beacons • Among other things the beacon announces: • AP capabilities • BSSID • Support for data bit rate • Support for encoding DSSS or OFDM

  44. Beacon Announces • SSID or logical name • Timestamp: for synchronization • Spread spectrum parameter set: FHSS, DSS, ERP, OFDM • Channel information: Channel being used by AP • Data rates: basic and supported rates • Traffic indication map TIM • QoS • Security capabilities

  45. How some of the different frames are used • Scanning • Roaming • Association – Reassociation • Protection Mechanism • Power Management

  46. Scanning: Passive • Client Station listen for BEACON frames • BEACON frames are send by the AP periodically • BEACON frames advertise the network SSID (among other things) BEACON frame

  47. Beacon Frame • Beacon also advertises the Basic and Supported Data bit Rates • These rates are needed to allow 802.11b and 802.11g in Mixed Mode • 802.11b supports DSSS rates of 1 Mbps, 2 Mbps, 5.5 Mbps, and 11 Mbps • 802.11g supports OFDM rates of 6 Mbps, 9 Mbps, 12 Mbps, 18 Mbps, 24 Mbps, 36 Mbps, 48 Mbps, and 54 Mbps. • When 11b and 11g coexist, these rates have to be advertised BEACON frame

  48. Scanning: Active • User initiates action • User click on “view wireless network” • The wireless station sends a MANAGEMENT frame PROBE REQUEST to any AP listening • The SSID field of the probe request frame is empty Probe request • View wireless networks

  49. Scanning: Active Probe Response • The AP answers with a PROBE RESPONSE • The SSID field has the SSID name • Network scanners, NetStumbler, AnalyzeAir, use this same principle • When the administrator disables this mechanism the scanning of the network is not “very revealing” • Scanning software like Kismet or Aircrack-ng do not use this principle. They just listen quietly to the traffic without probing • View wireless networks

More Related