802.11 Wireless LAN Fundamentals

Chapter 1:以太网(802.3)技术,主要为后面和802.11做对比.

Chapter 2:802.11 Wireless LAN

WLAN Topologies (use the SSID to filter)
Independent basic service sets (IBSSs):consists of a group of 802.11 stations communicating directly with one another.
Basic service sets (BSSs):The AP is the central point of communications for all stations in a BSS. The client stations do not

communicate directly,referred to as an infrastructure BSS.
Extended service sets (ESSs):The collection of BSSs interconnected via the DS (Distibution System) is known as the ESS.
按照802.11的包定义,实际上就只分为IBSS(Peer-Peer或者Ad-hoc)和ESS(AP)两种结构.

相对于802.3所采用的CSMA/CD,CSMA/CA有更好的避免冲突的机制,以电话会议为例:
1.在一方要说之前,她必须告诉大家她计划要说多久,让潜在的发言者知道自己要等多久才可以发言,
2.直到前一个发言者所宣称的发言时间用完,其他人才可以发言,
3.发言者发言的时候不知道对方是否听到,必须通过收到对方的确认才知道,
4.如果双方碰巧在同一时间讲话,而双方又没有察觉,他们通过没有收到确认而判定他们同时说话,双方会等待一个随机的时间重新尝试讲话.

CSMA/CA有重要的几个组成部分:
Carrier sense: Check the Layer 1 physical layer (PHY) to see whether a carrier is present. Use the virtual carrier-sense

function, the network allocation vector (NAV).
DCF:In DCF operation, a station wanting to transmit a frame must wait a specific amount of time after the medium becomes

available. This time value is known as the DCF interframe space (DIFS).DCF uses a random backoff timer,The random backoff

algorithm randomly selects a value from 0 to the contention window (CW) value.
Acknowledgment frames:A station receiving a frame acknowledges error-free receipt of the frame by sending an acknowledgment

frame back to the sending station.Acknowledgment frames are allowed to skip the random backoff process and wait a short

interval after the frame has been received to transmit the acknowledgment. The short interval the receiving station waits is
known as the short interframe space (SIFS) .
Request to Send/Clear to Send (RTS/CTS) medium reservation:为了防止Hidden Nodes问题,station发送特定的控制帧(RTS Frame)给AP,包

含所希望的duration,AP然后使用CTS回复给所有的stations,标明所保留的duration,其他stations同时更新自己的NAV.
In addition, two other mechanisms pertain to 802.11 medium access but are not directly tied to CSMA/CA:
Frame fragmentation:分段可以由用户自行定义,但是由于每个含有MAC header信息的帧都需要确认,所以会降低station的throughput.
Point coordination function (PCF):是一个可选的媒介访问机制,提供一种contention-free的帧传输.station不能自由的访问介质,只能当AP

polls station的时候才可以发送data.没有被大规模使用,对于将来的QOS很有用.

MAC Layer Operations
Station Connectivity:
1.Probe process: client在它所允许的所有的channel上发送probe request帧,里面包含SSID,所支持的rates等,AP收到后用probe response回

复,里面包含Timestamp field(用于时钟的同步),Beacon interval,Capability info,SSID,rates,PHY set等.然后clinet根据相应的

SSID,rate,信号的强弱等,来决定与相应的AP associate.
2.Authentication process: open和shared-key 认证.
3.Association process:client发送association request,包含listen interval(用于power save),SSID,rates,AP回复association reply,包

含status code,association ID(类似于hub上的特定端口),rate等.
Power Save Operation:
1.Unicast:client在association request中定义了自己的listen interval(相应beacon的倍数),标明自己在每过了相应interval的时间后会

wake up,而AP在期间会buffer相应的traffic,会在自己的beacon内标明哪些AID(通过beacon包里面的length,bitmap offset,partial virtual

bitmap字段计算得出)有相应的buffer,相应的client收到后,会发送powersave poll(PS-Poll),AP收到后发送相应的buffer.
2.Broadcast:基本和unicast相同,由admin定义相应接受broadcast的interval,增加一个DTIM字段来标明是否有broadcast buffer.

802.11 MAC Frame Formats
General Frame
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-----+-+-+-+-+-+
  |FC  |Dur|  Address 1|  Address 2| Address 3 |Seq| Address 4 |Frame Body |  FCS  |
 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-----+-+-+-+-+-+
Frame Control:2bytes 11subfield.
1.Protocol(2b):0 2.Type(2b): 00 Mgmt, 01 Control, 10 Data, 11 Reserve
3.Subtype(4b):复杂:P 4.To DS(1b):目的地为DS 5.From DS(1b):来源于DS 6.More Frag(1b):
7.Retry(1b):是否为retransmitted 8.Power Mgmt(1b):0 active, 1 power save.
9.More data(1b) 10.WEP(1b):1 on. 11.Order(1b):1 StriclyOrdered service, other 0.
Duraiont/ID:用于不同的access medium方式,power save, PCF,DCF等.

Control Frames:
PS-Poll:FC+AID+BSSID(AP MAC)+Transmitter ADD(station MAC)+FCS
RTS:FC+Duration(time required for the station's frame)+RA+TA+FCS
CTS:FC+Duration(RTS Duration-CTS time-SIFS interval)+RA+FCS
ACK:FC+Duration(0)+RA+FCS
CF-end 和 CF-End+CF-ACK:FC+Duration(0)+RA+BSSID+FCS
Management Frames:FC+Duration+DA+SA+BSSID+Fixed Fields+IE(ElementID+Len+Info)
IE:SSID,Support Rates(500kbase),FH Para,DS Para,CF Para,TIM,IBSS,Challenge.
Fixed Fields:Auth algorithm(0 open,1 shared-key),Auth TransSeq,Beacon interval,Capability Info,CurrentAPadd,Listen

interval,Reason code,AID,Status code,Timestamp.
Beacon,Probe request(respone),(De)Authentication,Association request(response),Reassociation request

(response),Disassociaton,Announcement traffic indication.
Data Frames:
data,data+CF-Ack,data+CF-Poll,data+CF-ACK+CF-Poll: FCS+Dura+DA+BSSID+SA+Seq+Payload+FCS
null data,CF-ACK,CF-Poll,CF-Ack+CF-Poll:FCS+Dura+DA+BSSID+SA+Seq+FCS

Chapter 3:802.11 Physical Layer Technologies

MAC layer对于所有的802.11都是相同的,区别在于PHYs(Provide wireless transmission mechanisms for the MAC).
PHY has two sublayers:
Physical Layer Convergence Procedure(PLCP)
carrier sense/clear channel assessment(CS/CCA) procedure:
Physical Medium Dependant(PMD)

PHY concept:
Scrambling,Coding,Interleaving,Symbol mapping and modulation

$#%^&*$#%^&*$#%^&*$#%^&*$#%^&*$#%^&*$#%^&*$#%^&*$#%^&*

CCA
The different 802.11 standards define five different CCA modes for use in the 2.4 GHz band:
Energy detection bases the CCA decision only on whether energy was detected over a threshold.
Carrier sense bases the CCA decision purely upon whether an 802.11 signal is detected.
Carrier sense with energy detection uses a combination of modes 1 and 2.
Carrier sense with timer reports that the medium is idle if no 802.11 signal is detected for 3.65 milliseconds.
Extended rate PHY energy detection and carrier sense is much the same as mode 3 but applied to the ERP.
It is mandatory that the CCA process employ at least one of these modes.

Chapter 4:802.11 Wireless Lan Security

Encryption+Authentication=Wirelss Security

Data encryption mechanisms are based on cipher algorithms that give data a randomized appearance. Two type of ciphers exist:
Stream ciphers(流码):generates a continuous key stream based on the key value.small and efficient,RC4.
Block ciphers(分组密码):generates a single encryption key stream of a fixed size,the plaintext is fragmented into blocks,and

each block is mixed with the key stream independently.larger CPU.
The process is known as Electronic Code Book (ECB) encryption mode. ECB mode encryption has the characteristic that the same

plaintext input always generates the same ciphertext output.Initialization Vectors(a number added to the key,change the IV on

a per-frame basis,cause same frame,different ciphertext) and Feedback Modes to overcome this issue.

WEP:based on RC4 symmetric stream cipher,keys either 40 or 104 bits in length,statically configured on clients and APs.24-bit

IV.You can define up to four keys on a device, but you can use only one at a time for encrypting outbound frames.WEP

encryption is used only on data frames and during Shared Key authentication.encrypts data and integrity check value(ICV) 

fields,IV is unencrypted.

Authentication:尽管open和shared-key都使用了WEP加密,但是他们区别在于即使没有配置正确的key,open情况下也可以associate.MAC

Address认证,在接收到了association request之后认证MAC地址.