You are on page 1of 331

WLAN

Wireless Local Area Network


Content & Scope
 Wireless LAN Overview  
 Optional: Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
WLAN Overview

 IEEE 802.11
 Introduction
 Media Access  
 Frame Format  
 Management Operations
 Physical Layers
 Deployment  
 Miscellaneous –
 IEEE 802.11n, IEEE 802.16, & RadioTap
 Lab Exercises
 Next generation WLAN

©NetProWise
Pre-Requisites
WLAN Overview

 Computer Organization – bits, bytes, memory, integer


representation,…
 Desktop terminologies – file, delete, …
 Operating System (Windows, Linux) – compile, shell, command,

 OSI Architecture – Layering,….
 TCP/IP
 Ethernet

©NetProWise
WLAN

Module 1 WLAN, Wired Ethernet & TCP/IP Overview


Wireless LAN
WLAN Overview

 LANs that use wireless


medium
 Connected to regular
LANs for better reach
 Allows limited Mobility
 Unique Challenges &
Issues
 Benefits

©NetProWise
WLAN – Advantages
WLAN Overview

 Mobility
 Flexible
 Planning
 Design
 Robustness

©NetProWise
WLAN Standards
WLAN Overview

 IEEE 802.11
 Infra-red
 HIPERLAN/2
 Bluetooth
 …

©NetProWise
History
WLAN Overview

 802.11 standard first ratified in July 1997


 3 PHY’s specified (FHSS, DSSS, and IR) with 1 & 2 Mbps
 2 High Rate PHY’s ratified in Sept 1999
 802.11a 6 to 54 Mbps in 5 GHz ISM band using OFDM
 802.11b 5.5 to 11 Mbps in 2.4 GHz band using DSSS

©NetProWise
Companion or Evolution Specifications
WLAN Overview

 802.11c – support for 802.11 frames


 802.11d – support for 802.11 frames, new regulations
 802.11e – QoS enhancements in the MAC
 802.11f – Inter Access Point Protocol
 802.11g – High Rate or Turbo Mode – 2.4GHz bandwidth
extension to 22Mbps
 802.11h – Dynamic Channel Selection and Transmit Power
Control
 802.11i – Security Enhancement in the MAC

©NetProWise
IEEE 802.11 WLAN - Architecture
Overview

©NetProWise
Infrastructure & Independent WLANs
Overview

©NetProWise
802.11 Layer Description

802.2
Data Link
New Overview

802.11 MAC Layer

Physical
DS FH IR Layer

©NetProWise
IEEE 802.11 Frame with LLC & MAC

IEEE 802.11 Frame

IEEE 802.11 MAC LLC Data


New OverView

Ethernet Frame

MAC Data

New Overview

©NetProWise
Link Layer – CSMA/CA
 Carrier Sense (CS)
 Media Access (MA)
 Collision Avoidance (CA)
New OverView

©NetProWise
Physical Layers
 Radio
 Spread Spectrum
Technology
New OverView

 Direct Sequence
Spread Spectrum
(DSSS)
 Frequency Hopping
Spread Spectrum
(FHSS)

 Infra Red (IR)

©NetProWise
Challenges & Issues
 Error Prone Medium
 Inherently Shared Medium
 Natural limitations
 Unique problems – Hidden & Exposed Stations
 Mobility
 Regulation
 Cost
 Inter-working

©NetProWise
WLAN Design Goals
 Global Operation
 Low Power
 License-free operation
New OverView

 Robust transmission technology


 Simplified Spontaneous co-operation
 Easy to use
 Protection of investment
 Safety and Security
 Transparency of application

©NetProWise
WLAN Applications
 Inventory Control
 Hospital
 Hotel
New OverView

 Training
 Trade Shows
 Networking old buildings
 IP-Zone

©NetProWise
WLAN Vendors

 WLAN Equipment (AP, Adaptors, Card) Vendors


 Cisco, Nortel, NetGear, Belkin, D-Link, Linksys,…
 WLAN Chip Vendors
New OverView

 Broadcom, Lucent, Intel, …


 WLAN Software Vendors – Mostly Mobile IP development
(Home Agent, Foreign Agent, & Protocol)
 Cisco, Nortel, …

©NetProWise
IEEE 802.11 Market Size
New OverView

©NetProWise
Demo
 Infrastructure Network
 Two Wireless stations
 One Switch/hub
One AP
New OverView

 One Wired station


 One Wireless adaptor (for monitoring)

AirPcap
Adaptor

©NetProWise
File Transfer Application
 Transfer a file from one wireless station to another
 Capture some IEEE 802.11 frames using the adaptor &
Wireshark
New Overview

 Brief review of the IEEE 802.11 frame

©NetProWise
WireShark Tutorial

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet Basics
 Mobile & Wireless Basics
New Overview

 Introduction to IEEE 802.11  


 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
Relation to OSI Reference Model
New Overview

©NetProWise
LAN Standards

• 802.1 Overview.
• 802.2 LLC.
• 802.3 CSMA/CD (Ethernet).
New Overview

• 802.4 Token Bus.


• 802.5 Token Ring.
• 802.6 DQDB (Distributed Queue Dual Bus MAN standard)
• FDDI
• 802.11 Wireless LANs

802.2 LLC
802.3 802.4 802.5 802.6
CSMA/CD Token Bus Token Ring DQDB FDDI

©NetProWise
IEEE 802.2 Encapsulation
New Overview

©NetProWise
Basic Ethernet Frame Format

22

MAC
Header

©NetProWise
Ethernet Address
 Six Octets in size
 Hard coded to NIC and unique
 Represented in hexadecimal form
 Example: 08:56:27:6f:2b:9c
 Most significant 3 octets code vendor id
 The other 3 octets are vendor generated
 All octets set to “ff” to indicate broadcast
 “01:00:5e” in most significant octets indicates multicast :
Example:
 Multicast address derived from multicast IP address (Class D)

©NetProWise
Extending LAN Segments
 Due to noise and attenuation, length of LAN segments are
limited to few hundred meters.
 Several different networking elements are used to extend the
span of LANs.
 These enhancements still have to satisfy the round trip constraint
and other constraints suggested by the standards.

©NetProWise
Repeater
 Repeater is bidirectional Analog amplifier that amplifies and
retransmits signals.
 Layer 1 Device.
 Can double the size of a LAN segment.

Segment 1 Segment 2

R 6
6

©NetProWise
Repeater
 Standard suggests a limit of 4 Repeaters between any two
stations on LAN.
 A maximum of 5 segments.
 Repeaters don’t understand frame formats.
 Collision affect the entire extended network.
 Noise propagates throughout the extended network.

©NetProWise
Hub
 Hub is a multilink repeater with star topology
 In other respects, a hub is similar to a repeater

Stations

Hub

©NetProWise
Bridge
 Bridge is a device that connects two or more LAN segments.
 Unlike Repeater, Bridge receives, processes, and retransmits frames.
 Bridge is invisible to the other attached computers.

Segment 1 Segment 2

P1 P2
B
P3
Segment 3
©NetProWise
Bridge Characteristics
 Layer 2 Device.
 Can do frame filtering.
 Isolate collision and noise.

©NetProWise
Bridging
 Bridge uses a forwarding table to forward frames.
 Initially, this table is empty.
 Table populated by examining the source address in frames received.
 If there is no forwarding entry for a frame, then is forwarded to all the
other ports.

©NetProWise
Switches
 Switch is a bridge that is configured to work like a hub in a star
topology.
 Frame received in port is processed and forwarded to the right
port using a forwarding table.
 Each computer thinks it is on segment by itself.
 Unlike bridges, switches support large number of ports.


P1 P32

Switch
To
Uplink
©NetProWise
Bridge versus Switch
 Bridge:  Switch:
 Supports less than 5  The workgroup switch,
ports (interfaces) one of the smallest,
 Software can support 16/32/64
implementation can ports
easily handle the traffic  Port volume requires
 Interface connects to a hardware solution
LAN segment
 Interface connects to a
 Price per port is higher
computer
than comparable switch
 Price per port is very
low

©NetProWise
Broadcast Storm

©NetProWise
Invalid Bridging Entry

©NetProWise
Spanning Tree Algorithm(STA)
 Converts a graph with cycle to a rooted tree.
 There are a number of algorithms in the literature:

Root

STA

Bridge

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
Mobile and Wireless Concepts
Characteristics
 Fixed and wired
 Mobile and wired
 Fixed and wireless
 Mobile and wireless

©NetProWise
Signal, Carrier, and Medium
source signal
destination

Carrier
T

• Audio signal travel as Variations in air pressure


• This variation is converted to Variations in Voltage levels to send signal farther
• Carrier is a repeating voltage (wave) – repetition period is known to both ends
• Carrier can travel farther without getting corrupted compared to direct voltage
• Carrier is modified by the signal at the source end in some form
• This modified Carrier – can transport the original signal from source to destination
• To send the modified carrier from source to destination we need a medium
• Using this medium we can direct (and control) the signal to its destination

©NetProWise
Modulation, Multiplexing, and Coding
 Modulation is the process of modifying the carrier with signal before
transmitting it to destination.
 Demodulation is the process of extracting the signal from the modified
carrier at the destination.
 Multiplexing is the process of mixing multiple signals at the source so
that all these signals can be sent in the medium concurrently.
 Demultiplexing is the process of separating individual signals at the
destination.
 Coding is the digital equivalent of modulation. It maps one form digital
signal to another form of digital signal. Coding is done for security and
easier transmission at the source.
 Decoding the reverse mapping of extracting original digital signal from
the coded signal at the destination.

©NetProWise
RF and IR Transport

2.4GHz 2.48GHz

I-Band S-Band M-Band


902 MHz 928 MHz 5.725GHz 5.85GHz
ISM Frequencies

IR Spectrum: 850 to 950 nanometers

©NetProWise
WLAN frequency band

©NetProWise
Signal Representation

 Time domain representation


 Frequency domain representation
 Phase domain representation

©NetProWise
Time domain representation of a signal
Periodic signals:
g (t)=At sin(2∏ftt + t)
Fourier: ∞ ∞
g (t)= ½ c+n=1
 an Cos(2∏nft)+ n=1
 bn Sin(2∏nft)

T f = 1/T 0
360

0 0 0 0
90 180 270 360

©NetProWise
Square in terms of Sine waves

©NetProWise
Frequency Spectrum
Wireless transmission

©NetProWise
Examples for Frequency allocations
Europe US JAPAN
NMT AMPS,TDMA,CDMA PDC
453-457MHz 824-849 MHz 810-826MHz,
463-467MHz 869-894MHz; 940-956MHz
GSM,TDMA,CDMA
Mobile phones GSM 1429-1465MHz,
Wireless transmission

890-915 MHz, 1850-1910 MHz 1477-1513MHZ


935-960 MHZ; 1930-1990MHz
1710-1785 MHz,
1805-1880 MHz
CT1+
885-887 MHz PACS PHS
Cordless 930-932 MHZ 1850-1910MHz 1895-1918MHz;
telephones CT2 1930-1990MHz JCT
864-868 MHz; PACS-UB 254-380MHz
DECT 1910-1930MHz
1880-1900 MHz;

IEEE802.11
2400-2483MHz IEEE 802.11
Wireless LANs IEEE802.11
2471-2497MHz
HIPERLAN1 2400-2483MHz
5176-5270MHz

©NetProWise
Signal Representation in different domains
f1 f2
T f = 1/T
Amplitude

frequency
A
Frequency Domain

MCosφ

Time Domain Φ

Phase Domain

©NetProWise
Path Loss & Other effects*
 Line of sight (LOS)
 Free Space Loss
 Effect of weather
 Long waves versus Short waves
 Shadowing or Blocking
 Scattering
 Reflection
 Refraction
 Diffraction
 Multi-path propagation
 Delay-Spread

©NetProWise
Multiplexing

 Basic Multiplexing techniques


 Space division multiplexing
 Time division multiplexing
 Frequency division multiplexing
 Code division multiplexing
 Combinations of the above

©NetProWise
Analog Modulation
Time
 Basic Analog modulation
V

Amplitude
techniques
 Amplitude modulation
T
 Frequency modulation
f = 1/T 0 0 0 0
90
0
180
0 0
270 360
0
90 180 270 360
 Phase modulation
Phase
 Combinations of the
Carrier Wave
above

©NetProWise
Digital Modulation

 Basic digital modulation techniques


 Amplitude Shift Keying
 Frequency Shift Keying
 Phase Shift Keying
 Combinations of the above

©NetProWise
Digital Amplitude Modulation
 We can code
 Zero amplitude as 0 or 1
 Non-zero amplitude as 1 or 0

©NetProWise
Frequency Shift Keying

©NetProWise
Phase Shift Keying

©NetProWise
QPSK in the phase domain
Q
Q 11
10

I
1 0 I

00 01

©NetProWise
QPSK in the time domain

©NetProWise
Quadrature amplitude modulation

Amplitude

Phase

©NetProWise
Minimum Shift Keying (data 1011010)
1 1 1 1
Data
0 0 0
Even
bits

Odd
bits
Low
frequency

High
frequency

MSK
signal

©NetProWise
Spread spectrum

p p

f f
p p p

f f
f User signal
Broadband interface
Narrowband interface

©NetProWise
CDMA - Spreading with DSSS

©NetProWise
CDMA - Frequency Hopping Spread Spectrum

tb

User data

0 1 0 1 1 t
f td
f3 Slow hopping
f2 (3 bits/hop)
f1

f td t

f3
f2 fast hopping
(3
f1 hops/bit)
t

©NetProWise
CDM Background
 Vector
 Vector dot-product
 Orthogonality

Binary (11) in vector form: (1, 1)


Vector dot Product:
(1,1).(1,-1) = 1.1+1.-1 = 1+-1 = 0

©NetProWise
4 Mutually Orthogonal or vectors

u: 1 1 1 1

v: 1 1 -1 -1

w: 1 -1 -1 1

x: 1 -1 1 -1

©NetProWise
CDM - Background
For vectors a and b

The square root of a.a is a real number, and is important. We


write

Suppose vectors a and b are orthogonal. Then:

©NetProWise
Code Division Multiplexing
• Data to be transmitted: 1, 0, 1, 1 2 Orthogonal Chip Codes
• Chip Code 1: b – (1,-1); -b – (-1, 1)
• Code data to be transmitted with b
a: 1 1

• Transmitted Vector
• 1, -1, -1, 1, 1, -1, 1, -1
b: 1 -1
• Data to be transmitted: 0, 0, 1, 1
• Chip Code 2: a – (1,1); -a – (-1, -1)
• Code data to be transmitted with a
• Transmitted Vector
• -1, -1, -1, -1, 1, 1, 1, 1
• Receiver decoding for b:
• Sum of the transmission vector
• (1, -1).(0, -2) = 0+2 = 2 > 0
• 0, -2, -2, 0, 2, 0 , 2, 0
• (1, 1).(0, -2) = 0+-2 = -2 < 0
©NetProWise
CDMA versus TDMA, FDMA

 Unlike TDMA, CDMA transmits data from all the input channels
simultaneously!
 Unlike FDMA, CDMA uses single frequency to transmit all the
input channels simultaneously!

©NetProWise
CDMA Limitation
 It assumes all the channels start and stop their transmission
synchronously!

©NetProWise
Asynchronous CDMA

 CDM assumes all transmitted vectors start at the same time.


 This limits CDM for transmission from base-to-mobile where all
transmitted vectors can be synchronized
 CDM Asynchronous is used for transmission from mobile-to-base
 It is an enhancement of CDM
 Unique, Orthogonal, Pseudo Noise signals are used for arbitrary
random starting points.

©NetProWise
CDMA Summary
 CDMA operates by:
 Encoding the each input channel data using a unique (chip) code
 Summing the encoded data from all the channels
 Transmitting the resulting sum
 On reception, each channel data is separated using the respective
chip (code) from the sum and decoded

©NetProWise
Orthogonal Frequency Division
Multiplexing (OFDM)
 OFDM is based on FDM & TDM
 Carrier Channel is divided into multiple sub carrier channels
 Each channel carries a portion of the user information.
 Each sub carrier channel is orthogonal with every other sub
carrier
 OFDM is also referred to as Multi-tone modulation
 Applications: DSL, WLAN, BT, DAB, Powerline Ethernet

©NetProWise
OFDM – Frequency Domain
Representation

                                                                                                                                                       

            

©NetProWise
OFDM versus CDMA
 The mathematics underlying the CDMA is more complicated
than in OFDM
 OFDM encodes a single transmission into multiple sub carriers.
CDMA encodes multiple transmissions onto a single carrier.
 OFDM handles multi-path spread better.
 Both make use of orthogonal property in multiplexing signals.

©NetProWise
Hidden and exposed terminals

A B C

A can hear B
C can hear B
A cannot hear C
C cannot hear A sending data

©NetProWise
Near and far terminals

A B C

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
IEEE 802 Network Technology Family
Tree

802
Overview Data Link
And 802.1
Layer LLC
architecture Management 802.2 Logical Link control(LLC) sublayer

802.3 802.5 802.11

802.3 802.5 MAC sublayer


MAC MAC 802.11 MAC

802.11 802.11 802.11a 802.11b


802.3 802.5 OFDM HR/DSSS Physical
FHSS PHY DSSS PHY
PHY PHY PHY PHY Layer

©NetProWise
IEEE 802.2 Encapsulation

©NetProWise
Basic Ethernet Frame Format

22

MAC
Header

©NetProWise
IEEE 802.11 protocol architecture and management

Station management
LLC
DLC

MAC MAC management


PLCP PHY management
PHY

PMD

©NetProWise
Components of 802.11 LANs
Distribution Wireless Stations
System Medium



Access
Point


Access
Point

©NetProWise
Independent and Infrastructure BSSs

Independent BSS

Infrastructure BSS

©NetProWise
Extended Service Set

BSS1

BSS3

BSS2 BSS4

Router

Internet

©NetProWise
Distribution system in common 802.11
access points implementation
Backbone network

Bridge
Bridge
Distribution
system
Wireless
medium Station Station Station
A B C

©NetProWise
Network Services
1. Distribution
2. Integration
3. Association
4. Reassociation
5. Disassociation
6. Authentication
7. De-authentication
8. Privacy
9. MSDU (MAC Service Data Unit) Delivery

©NetProWise
Overlapping BSSs in an ESS

BSS1
BSS2 BSS3

BSS4

©NetProWise
Overlapping Network Types
AP’s
Basic
Service
area

©NetProWise
BSS transition
DS

BSS1,ESS1 BSS2,ESS2
BSS3,ESS3

T=1 T=2

©NetProWise
Inter AP Protocol (IAPP)

 Protocol for handling roaming


 No standard!
 Inter-operability is an issue
 Status of IEEE 802.11f not clear

©NetProWise
ESS transition

ESS1 BSS2 ESS2


BSS4
BSS1
BSS3

Seamless
transition not
supported

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access- Distributed Coordinated Function
(DCF)  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
Challenges for the MAC
 RF Link Quality
 Hidden Node Problem
 Exposed Node Problem

©NetProWise
Positive acknowledgment of data
transmissions

Time
Frame

ACK

©NetProWise
Nodes 1 and 3 are hidden

Area reachable Area reachable


Node 1 Node 3

1 2
3

©NetProWise
RTS/CTS clearing
1 2

RTS
1) RTS
1 CTS
3) Frame 3
4) ACK
Frame

2) CTS ACK

©NetProWise
Power Save

 Battery power is premium in wireless devices


 To Conserve battery WLAN stations alternate between Active
and Power-save modes
 Access Point buffers data for a WLAN station that is in Power-
save mode
 IEEE 802.11 protocol includes provision to implement WLAN
station Power Savings

©NetProWise
MAC Access Modes
 Distributed Coordination Function (DCF)
 Point Coordination Function (PCF)

Contention-free “Normal”
delivery Delivery

PCF

DCF

©NetProWise
Using the NAV for virtual carrier sensing

RTS data
Sender
SIFS SIFS
SIFS
CTS ACK1
receiver t
DIFS
NAV(RTS)
NAV NAV(CTS)

Defer access Contention


Window

Carrier Sensing
1. Physical Carrier Sensing
2. Virtual Carrier Sensing

NAV – Network Allocation Vector

©NetProWise
Interframe spacing relationship

Contention
window(randomized
back-off
mechanism)
DIFS DIFS
PIFS
Medium busy SIFS frame transmission

Other station buffer

and defer frames

Slot
time

©NetProWise
Contention Based Access using DCF
 If the medium has been idle for longer than DIFS, transmission can begin
immediately. Both carrier-sensing are employed
 Delivery/non-delivery of the last frame decides whether to wait DIFS or EIFS.
 If the medium is busy, then access deferral is applied.
 Error Recovery is the responsibility of the sender
 Sender expects acknowledgement for all transmitted frames. Specifically, for
all unicast frames.
 Retransmit frame until it is successful.
 Multi frame sequence may update the NAV
 RTS Threshold, Fragmentation threshold decide when to use RTS and when to
fragment respectively.

©NetProWise
Error Recovery with the DCF
 Short Retry Counter
 Long Retry Counter
 Lifetime Counter

©NetProWise
MAC – Flow Chart

©NetProWise
Other Rules Applied
 Error Recovery is the responsibility of the sender
 Sender expects acknowledgement for all transmitted frames.
 Retransmit frame until it is successful.
 Multi-frame Sequence can update NAV with each step.
 Fragments get the same priority as CTS/RTS, ACK
 Packets that are larger than configured RTS threshold must have
RTS/CTS exchange (Extended Frame Sequence).
 Packets larger than fragmentation threshold must be fragmented.

©NetProWise
Error Recovery with DCF
 Error indication – Lack of positive ACK or NAK
 Short Retry Counter
 Long Retry Counter

©NetProWise
Back-off with the DCF
 Contention Window or back-off window follows DIFS
 Contention Window is divided into slots.
 Slot length medium (speed) dependent
 Stations Randomly choose a slot
 All slots are equally likely selections
 Station that picks the earliest slot wins

©NetProWise
DSSS contention window size
31 slots
Initial Previous DIFS
attempt frame
63 slots
1st Previous DIFS
transmission frame
127 slots
2nd Previous DIFS
transmission frame

255 slots
3rd Previous DIFS
transmission
frame

511 slots
4th Previous DIFS
transmission frame

Contention window =1,023slots


5th Previous DIFS
transmission frame

Contention window =1,023slots


6th Previous DIFS
transmission frame

©NetProWise
Fragmentation and Reassembly

DIFS
SIFS SIFS SIFS SIFS Block of
Sender slots
RTS Fragment0 Fragment1 Fragment2
CTS ACK0 ACK1 ACK2 t
receiver

SIFS SIFS SIFS


SIFS

RTS Fragment0 Fragment1


NAV

CTS ACK0 ACK1 t

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
Generic 802.11 MAC frame

Direction of Transmission

Least Most
Significant bit Significant bit
bytes 0-
2 2 6 6 6 2 6 2312 4

Frame Duration Address Sequence


Address Address Address Frame
control ID control FCS
1 2 3
4 body

©NetProWise
Frame control field

bytes 0-
2 2 6 6 6 2 6 2312 4
Frame
Duration Address Sequence Address
control Address Address Frame
ID control 4 FCS
1 2 3
body

2 2 1 1 1 1 1 1 1 1
bits 4

From More
protocol Type=data Sub type To DS
DS frag
Retry Pwr More WEP order
Mgmt Data

b2 b3

©NetProWise
Type field
 Type field encodes (b3 b2)
 Management Frames (00)
 Control Frames (01)
 Data Frames (10)
 Reserved (11)

©NetProWise
Management Subtypes (00)
 Association Request (0000 – b7 b6 b5 b4)
 Association Response (0001)
 Reassociation Request (0010)
 Reassociation Response (0011)
 Probe Request (0100)
 Probe Response (0101)
 Beacon (1000)
 ATIM - Announcement Traffic Indication Message (1001)
 Disassociation (1010)
 Authentication (1011)
 Deauthentication (1100)

©NetProWise
Control Frame (01)
 Power Save (PS)-Poll (1010 – b7 b6 b5 b4)
 RTS (1011)
 CTS (1100)
 Acknowledgment –ACK (1101)
 Contention-Free(CF)-End (1110)
 CF-End+CF-Ack (1111)

©NetProWise
Data Frames (10)
 Data (0000 b7 b6 b5 b4)
 Data+CF-Ack (0001)
 Data+CF-Poll (0010)
 Data+CF-Ack+CF-Poll (0011)
 Null data (no data transmitted) (0100)
 CF-Ack (no data transmitted) (0101)
 CF-Poll (no data transmitted) (0110)
 Data+CF-Ack+CF-Poll (0111)

©NetProWise
ToDS and FromDS bits
ToDS=0 ToDS=1
Data frames Wireless Station of
FromDS=0 All frames of IBSS Infrastructure network
Data frames received for a Wireless
FromDS=1 station in an infrastructure network Data frames on "wireless bridge"

©NetProWise
More Fragments bit
 Behaves like IP Fragmentation flag

©NetProWise
Retry bit
 This bit is set to 1 in retransmitted frames
 Receiver can eliminate duplicate frames using this bit
WLAN Overview

©NetProWise
Power Management bit
 Used to conserve battery life
 If set to 1 indicates that the sender will be in power-saving mode
Overview

after this atomic exchange.


WLANOverview

 Access points cannot be in power-saving mode


WLAN

©NetProWise
More data bit
 Indicates that there is at least one frame available for a dozing
station.
WLAN Overview

 Set by an AP

©NetProWise
WEP (Wired Equivalent Privacy) bit
 Indicates that the frame has gone through WEP processing
WLAN Overview

©NetProWise
Order bit
 Frames and fragments can be transmitted in order
WLAN Overview

©NetProWise
Duration /ID Field
Duration
(NAV) 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
WLAN Overview

0
Least significant Most significant

Contention Free Period


frames 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1

PS-Poll
frames 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

AID (range: 1-2007)


Least significant Most significant 1 1

©NetProWise
Sequence control field

bytes 0-
WLAN Overview

6 6 2312
2 2 6 6 2 4

Frame Duration Address Address Address Sequence Address Frame


control ID 1 2 3 control 4 body FCS

bits
4 12

Fragment number Sequence number

©NetProWise
Address Fields
 4 – Address Fields
 Destination, Source, Receiver, Transmitter, & BSSID
WLAN Overview

©NetProWise
Frame Check Sequence
 FCS is checked by the receiver
 The result of this checking is sent as an acknowledgement by the
WLAN Overview

receiver
 Recalculated during hop.

©NetProWise
IP Encapsulation in 802.11
6 6 2 Variable 4

Destination Type IP
Ethernet Source
MAC 0X800(IP) Packet FCS
MAC
0X0806(ARP)
WLAN Overview

Recalculate
12 1 1 1 3 Copy Copy

802.1h SNAP SNAP Ethernet


MAC Control IP
DSAP DSAP Tunnel Type Packet
headers 0x03(UI) FCS
0xAA 0xAA 0x00-00F8

12 SNAP header
SNAP SNAP RFC 1042 IP
RFC1042 MAC DSAP DSAP Control Encapsulation
Type Packet FCS
headers 0xAA 0xAA 0x03(UI) 0x00-00-00

24 or 30

802.11 802.11 SNAP SNAP Control RFC 1042 IP


MAC DSAP DSAP 0x03(UI) Encapsulation Type Packet
FCS
headers 0xAA 0xAA 0x00-00-00

©NetProWise
Contention-Based Data Services
 Broadcast and Multicast Frames
 Directed Frames
 Basic
 Fragmented
 RTS/CTS Lockout
 RTS/CTS Fragmented
 Power Savings Mode

©NetProWise
Broadcast/multicast data and broad cast
management atomic frame exchange

DIFS
DIFS Contention window
Contention window For next exchange
End or prior SIFS Data(bc/mc)
Frame Management(bc)
data
exchange

NAV Prior
t
exchange

©NetProWise
Basic positive acknowledgment of
data(unicast frames)

DIFS

SIFS SIFS

station2 data
data
station1 ACK
t

SIFS

ACK+SIFS
station2
NAV
station1 t

©NetProWise
Fragmentation

SIFS SIFS

station2 Data frag1 Data frag2 Data frag3


data
station1 ACK1 ACK2 ACK3
t
SIFS
SIFS SIFS
NAV3=ACK+SIFS

NAV2=data3+2xACK+3xSIFS

NAV1=data2+2xACK+3xSIFS
NAV station2
station1 ACK1=data2+2xACK NAV2=data3+2xACK t

©NetProWise
RTS/CTS lockout

SIFS

RTS data
data
CTS ACK
t
SIFS SIFS

Data=
ACK+SIFS

RTS=3xSIFS+Data+ACK
NAV
CTS=RTS-(CTS+SIFS) t

©NetProWise
RTS/CTS with fragmentation

SIFS SIFS

station2 RTS Data frag1 Data frag2


data
station1 CTS ACK1 ACK2
t
SIFS
SIFS SIFS
Data2

Data1
RTS
NAV station2
station1 CTS ACK1 t

©NetProWise
Immediate power-saving(ps)poll
response

SIFS

Station PS-poll ACK


data
Access point data
t
SIFS

Medium seized
by data frame
Implied:
Station SIFS+ACK
NAV
Access point
data t

©NetProWise
Immediate power-saving(ps)poll
response with fragmentation

SIFS SIFS

PS-poll ACK1 ACK2


Station
data
Access point data1 data1
t

SIFS

Medium seized
by data frame
Implied:
NAV ACK1
Station
NAV
Access point
data1 t

data2

©NetProWise
Deferred PS-poll response example

one or more atomic


frame exchanges
SIFS
Zzz..
station PS-poll ACK
data
Access Point ACK DIFS Data Beacon
Frame t

Contention DIFS DIFS


SIFS
window

station Implied
NAV Access Point Data
t

©NetProWise
Generic Data Frame
0-
2 2 6 6 6 2 6 2,312 4

Frame Duration Address1 Address2 Address3 Seq-Ctl Address4 Frame


Control ID (recevier) (Sender) (Filtering) (Optional) Body

©NetProWise
Duration setting on final fragment

DIFS
Contention window
SIFS
Last fragment
station1
station1 ACK

SIFS

Second to Last Fragment:


fragment SIFS+ACK
NAV

©NetProWise
Duration settings on nonfinal fragment

SIFS
fragmentX
station1 fragmentX+1
station2 ACKX ACKX+1

SIFS SIFS

Duration in FragmentX:fragmentx+1+3xSIFs+2xACK
NAV

©NetProWise
Use of the Address Fields

Address 1 Address 2
Function ToDS FromDS (receiver) (transmitter) Address 3 Address 4
IBSS 0 0 DA SA BSSID not used
To AP (infra) 1 0 BSSID SA DA not used
From AP (infra) 0 1 DA BSSID SA not used
WDS (bridge) 1 1 RA TA DA SA

©NetProWise
BSSID
 Each BSS is assigned a BSSID
 48-bit binary identifier
 In infrastructure BSS, the BSSID is the MAC address of the
wireless interface in the AP.
 IBSS must create its BSSID using random generation
 The Universal/Local bit is set to 1
 The Individual/Group bit is set to 0

©NetProWise
Address Field Usage in Frames to the
Distribution System

SA/TA RA(BSSID)
DS



AP DA
Client

Sever

©NetProWise
Address Field Usage in Frames from the
Distribution System

TA(BSSID)
RA/DA DS


AP
SA
Client

Sever

©NetProWise
Wireless Distribution Systems

RA

802.11
SA
TA


DA
AP
Client

Sever

©NetProWise
Data Frame of subtype Null
Mobile Station Access Point

Header FCS

Null frame;PM = 1

Frame Control
Mobile
station is
resting,
ACK begin
buffering
Power frames
Management = 1

©NetProWise
Frame Types
 Data
 Control
 Management

©NetProWise
IBSS data Frame

bytes
2 2 6 6 2 6 4
Frame Duration ID Receiver Source BSSID Seq- ctl Frame FCS
Control adress/ address Body 0-
Destination 2,312
address
bits 1 1
2 2 4 1 1 1 1 1 1
Protocol Type = data Sub Type ToDs FromDs More Frag Retry Pwr Mgmt More WEP Order
0 0 0 1 0 0 Data
0000,Data
0010,Null

©NetProWise
Data Frames from the AP
bytes 0-
2 2 6 6 2 6 2,312 4

Frame Duration ID RA/ DA Source BSSID Seq- ctl Frame FCS


Control address Body
bits 1 1
2 2 4 1 1 1 1 1 1
Protocol Type = data Sub Type ToDs FromDs More Frag Retry Pwr Mgmt More WEP Order
0 0 0 1 0 1 Data
0000:Data
1000:Data + CF - ACK
0100:Data + CF - Poll
1100:Data + CF – ACK + CF - Poll
1010: CF – ACK
0110:CF - Poll
1110: CF – ACK + CF - Poll
©NetProWise
Data Frames to the AP
bytes 0-
2 2 6 6 6 2 2,312 4

Frame Duration ID RA SA/ TA DA Seq- ctl Frame FCS


Control (BSSID) Body
bits 1 1
2 2 4 1 1 1 1 1 1
Protocol Type = data Sub Type ToDs FromDs More Frag Retry Pwr Mgmt More WEP Order
0 0 0 1 1 0 Data
0000:Data
0100:Data + CF - ACK
0010:Null
1010: CF – ACK (no data)

©NetProWise
WDS (Wireless DS) Frame
bytes 0-
2 2 6 6 6 2 6 2,312 4

Frame Duration ID RA TA DA Seq- ctl SA Frame FCS


Control Body
bits 1 1
2 2 4 1 1 1 1 1 1
Protocol Type = data Sub Type ToDs FromDs More Frag Retry Pwr Mgmt More WEP Order
0 0 1 0 1 1 Data

©NetProWise
Frame Control Field in Control Frames

Bits
2 2 4 1 1 1 1 1 1 1 1

Protocol Type = data Sub Type ToDs FromDs More Frag Retry Pwr Mgmt More Data WEP Order
0 0 1 0 0 0 0 0 0 0 0

©NetProWise
RTS Frame
Bytes MAC header

2 2 6 6 4
Frame Duration Receiver Address Transmitter Address FCS
Control
bits 1 1 1 1 1
2 2 4 1 1 1
Protocol Type = Sub Type = RTS ToDs FromDs More Frag Retry Pwr Mgmt More Data WEP Order
0 0 Control 1 1 0 1 0 0 0 0 0 0 0
1 0

©NetProWise
Duration field in RTS frame
SIFS

RTS Expected frame

station1 transmission
station2 CTS ACK

SIFS SIFS

Duration in RTS:3xSIFs+ACK+frametime
NAV

©NetProWise
CTS Frame

Bytes MAC header

2 2 6 4
Frame Duration Receiver Address FCS
Control

bits 1
2 2 4 1 1 1 1 1 1 1
Protocol Type = Sub Type = CTS ToDs FromDs More Frag Retry Pwr Mgmt More Data WEP Order
0 0 Control 0 0 1 1 0 0 0 0 0 0 0
1 0

©NetProWise
CTS duration
SIFS

RTS Expected frame


station1 transmission
station2 CTS ACK

SIFS SIFS

Duration in CTS:RTS-CTS-1xSIFS
NAV
Duration in RTS:3xSIFs+ACK+frametime

©NetProWise
ACK Frame

Bytes MAC header

2 2 6 4
Frame Duration Receiver Address FCS
Control

bits 1
2 2 4 1 1 1 1 1 1 1
Protocol Type = Sub Type = ACK ToDs 0 FromDs More Frag Retry Pwr Mgmt More Data WEP Order
0 0 Control 1 0 1 1 0 0 0 0 0
1 0

©NetProWise
Duration in non-final ACK frames

SIFS
fragmentX
station1 fragmentX+1
station2 ACKX ACKX+1

SIFS SIFS

Station 1’s
previous duration Duration in FragmentX=coverage to end of ACK+1

NAV
Station 2’s Duration in ACKX=Fragment X duration-ACK-
previous duration 1xSIFS

©NetProWise
PS-Poll Frame
MAC header
Bytes
2 2 6 6 4
Frame Associati BSSID Transmitter Address FCS
Control on ID
(AID)
bits
2 2 4 1 1 1 1 1 1 1 1
Protocol Type = Sub Type = ACK ToDs FromDs More Frag Retry Pwr Mgmt More Data WEP Order
0 0 Control 0 1 0 1 0 0 0 0 0 0 0
1 0

©NetProWise
Generic Management Frame
Information
MAC header elements and
Fixed fields
2 2 6 6 6 2 0-2,312 4
Frame Duration DA SA BSSID Seq-Ctl Frame FCS
Control Body

©NetProWise
Authentication Algorithm Number Field

16 Bits
Authentication algorithm
Least Significant number Most Significant

©NetProWise
Authentication transaction sequence
number field

16 Bits
Authentication transaction
Least Significant sequence number Most Significant

©NetProWise
Beacon Interval Field

16 Bits
Beacon interval
Least Significant Most Significant

©NetProWise
Capability Information Field

Bits

ESS IBSS CF- Pollable Privacy Short PBCC Channel agility Reserved
Preamble (802.11b) (802.11b)

©NetProWise
Current AP Address Field

Bytes

Current AP (MAC)

Bit 0 Bit 47

©NetProWise
Listen interval Field

Bits
Listen interval
Least Significant Most Significant

©NetProWise
Association ID Field

Bits 1-13 14 15
Association ID 1 1

Least Significant Most Significant

©NetProWise
Timestamp Field

1-7
Bytes
Timestamp
Least Significant Most Significant

Bits 0 Bits 63

©NetProWise
Reason Code Field

Bits
Reason Code
Least Significant Most Significant

©NetProWise
Status Code Field

Status Code
Least Significant Most Significant

©NetProWise
Generic management frame information
element

bytes 1 1 Length(in bytes)

Element ID length

©NetProWise
Service Set Identity Information
Element

Bytes 1 1 0-32

Element ID Length SSID


0

©NetProWise
Supported Rates information element
Data rate label
Element ID length least most
1 significant significant Mandatory

Data rate element

Data rate=2Mbps 1 Data rate=11Mbps optional 0

©NetProWise
FH Parameter Set information Element

Bytes 1 1 2 1 1 1

Element ID Length Dwell Time Hop set Hop pattern Hop Index
0 5

©NetProWise
DS Parameter Set information element

Bytes 1 1 1

Element ID Length Current


3 1 Channel

©NetProWise
Traffic Indication Map Information
Element

Bytes 1 1 1 1 2 2

Element ID Length CFP Count CFP CFP MAX CFP Dur


3 1 Period Duration Remaining

©NetProWise
IBSS Parameter Set Information
Element

Bytes 1 1 2

Element ID Length ATIM


3 1 Window

©NetProWise
Challenge Text Information Element

Bytes 1 1 1-253
Element ID Length Challenge
3 1 Text

©NetProWise
Beacon frame

bytes MAC header

2 2 6 6 6 2 Variable 4
Frame
Duration
control DA SA BSSID seqctrl Frame Body FCS
bytes
8 2 2 Variable 7 2 8 4 Variable
Timestamp Beacon Capability FH DS CF IBSS
Interval info SSID parameterset parameterset parameterset parameterset TIM

Mandatory optional

©NetProWise
Probe Request Frame
Bytes MAC header Frame body

2 2 6 6 2 Variable Variable 4

Frame Duration DA SA BSSID Seq- ctl SS ID Supported FCS


Control Rates

©NetProWise
Probe Response Frame

bytes MAC header

2 2 6 6 6 2 Variable 4
Frame
Duration
control DA SA BSSID seqctrl Frame Body FCS
bytes
8 2 2 Variable 7 2 8 4 Variable
Timestamp Between Capability FH DS CF IBSS
Interval info SSID parameterset parameterset parameterset parameterset

©NetProWise
ATIM Frame
Bytes MAC header

2 2 6 6 6 2 4

Frame Duration DA SA BSSID Seq- ctl FCS


Control

©NetProWise
Disassociation and Deauthentication
Frames
Bytes MAC header

2 2 6 6 6 2 2 4

Frame Duration DA SA BSSID Seq- ctl BODY FCS


Control
Bits

Reason Code

©NetProWise
Association Request Frame
Bytes MAC header Frame body

2 2 6 6 6 2 2 2 variable variable 4

Frame Duration DA SA BSSID Seq- ctl Capability Listen SS ID Supported FCS


Control Info Interval Rates

©NetProWise
Reassociation Request Frame

Bytes Frame body


MAC header

2 2 6 6 6 2 2 2 6 Variable Variable 4
Frame Duration DA SA BSSID Seq- ctl Capability Listen Current AP SS ID Supported FCS
Control Info Interval Address Rates

©NetProWise
(Re)Association Response Frame

Bytes MAC header Frame body

2 2 2 variable
2 2 6 6 6 2 4
Frame Duration DA SA BSSID Seq- ctl Capability Status Association Supported FCS
Control Info code ID Rates

©NetProWise
Authentication Frames

MAC header Frame body

2 2 2 variable
2 2 6 6 6 2 4
Frame Duration DA SA BSSID Seq- ctl Authentication Authentication Status Challenge FCS
Control Algorithm Transaction Code Text
Number Seq.No

©NetProWise
Overall 802.11 State Diagrams
State3
Class
1,2, and
Authenticated
3 frames and
Associated
Successful Disassociation
[re] association
Class 1 and 2 State2
frames or Authenticated Deauthorization
[re] association and
failure Unassociated
Successful
[re] authentication Deauthorization
Class 1 frames or State1
authentication
Unauthenticated
failure
and
Unassociated

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment - Security 
 Lab Exercises

©NetProWise
Two Approaches
 Wired Equivalent Protocol (WEP)
 IEEE 802.1X

©NetProWise
Security Objectives
 Confidentiality
 Authentication
 Integrity

©NetProWise
Cryptography with Wired Equivalent
Protocol (WEP)
 Employs RC4 PRNG to Encrypt/Decrypt data
 RC4 PRNG
 Symmetric Algorithm
 40 bit encryption key + 24 bit initialization vector
 64 bit string is used as seed to PRNG to generate a “key sequence”
 ICV (integrity check value) is computed for plaintext (CRC-32)
 ICV is concatenated to data stream
 Key Sequence is XORéd to data stream to create ciphertext.
 Ciphertext and IV (24 bits) are sent to receiver

©NetProWise
Generic Stream Cipher operation

source Destination
Data Keystream cipherstream Keystream Received data
0 1 1 1 0
1 1 0 1 1
0 1 1 1 0
1 0 1 0 1
1 0 1 0 1
0 1 1 1 0
0 0 0 0 0
0 1 1 1 0
. . . . .

©NetProWise
Keyed stream cipher operation

Source Destination

Key Key
Cipher Cipher
Cipher
text PRNG
PRNG
Data Data

XOR XOR

©NetProWise
WEP operations – Confidentiality &
Integrity

Integrity
24-bitIV
check
40-bit
WEP key ICV
64-bitRC4
RC4
RC4 key stream (as long as
algorithm
frame+ICV)
+ =

24-bitIV
Cipher frame+ICV

Frame IV header Frame ICV trailer


FCS
header (4bytes) Body (4 bytes)

Clear Encrypted Clear

©NetProWise
WEP Keying
 Uses a set of up to four default keys
 May also use pairwise mapped keys

©NetProWise
WEP frame extension

IVheader

Frame Initialisation Integrity check


Pad Key ID Frame body FCS
header vector Value

©NetProWise
Limitations of WEP
 Integrity check
 It is based on CRC, predictable; effective in finding single-bit
alterations with high probability
 It should be based on hashing (unpredictable)
 Reuse of key stream is a major weakness
 IV field is not encrypted.
 Key distribution
 Key must be distributed to all stations participating in an 802.11
service set.
 802.11 fails to specify a key distribution mechanism
 Manually configuring the keys is not scalable
 Users can view these keys
 Keys can be accessed through SNMP interface!

©NetProWise
Some Solutions for WEP
 Change default key
 change WEP key frequently
 Password Protect Client Drives and Folders
 Change Default SSID
 Use Sessions Keys If Available
 Use MAC Filtering If Available
 Use A VPN

©NetProWise
Two Approaches
 Wired Equivalent Protocol (WEP)
 IEEE 802.1X

©NetProWise
IEEE 802.1x

 Based on IETF’s Extensible Authentication Protocol (EAP) –


RFC 2284
 Simply an Authentication protocol; Secrecy and Integrity are not
provided
 User is authenticated, however, the network is not authenticated;
user might end up giving his/her credentials to the wrong
network

©NetProWise
EAP Architecture

AKA/ Token
Methods TLS
SIM card

EAP
EAP

Link
PPP 802.3 802.11
Layers

©NetProWise
EAP Packet Format

Bytes 1 1 2 Variable

Code Identifier Length Data

©NetProWise
EAP Request and Response Packets

Bytes 1 1 2 1 Variable

Type-Data Type Identifier Length Code


1: Request
2: Response

©NetProWise
EAP Success and Failure Frames

Bytes 1 1 2

Code Identifier Length


3: Success
4
4: Failure

©NetProWise
Sample EAP Exchange
End-User Authenticator
System

1:Request / Identity
2:Response / Identity
3:Request / MD5 - Challenge
4:Response/NAK,generic token card
5:Request/ Generic token card
6:Response/ Generic token card (bad)
7:Request/ Generic token card
8:Response/ Generic token card (good)
9:Success

©NetProWise
802.1x Architecture
Authenticator
Authentication
Supplicant Sever
EAPOL
RADIUS

(PAE) (PAE)

Enterprise edge/ Enterprise Core/


ISP access ISP backbone

©NetProWise
EAPOL Frame Format
MAC header

Bytes 6 6 2 1 1 2 variable 4
Destination Source Ethernet Version Packet Packet Packet FCS
Address Address Type 1 Type Body Body
88-8E Length

©NetProWise
Typical EAPOL Exchange
Supplicant Authenticator Radius

EAPOL RADIUS
1:EAPOL - Start
2:Request / Identify
3:Response/ Identify 3:Radius – Access - Request
4:EAP - Request 4: Radius – Access - Challenge
5:EAP- Response 5: Radius – Access - Request
6:EAP- Success 6: Radius – Access - Accept

(Access allowed )
7:EAP – Logoff
(Access blocked )

©NetProWise
EAPOL Exchange on an 802.11 Network
Supplicant Authenticator Radius

802.11
1:Association request RADIUS
2:Association response
EAPOL
3:EAPOL - Start 3:Radius – Access - Request
4: Request / Identity 4: Radius – Access - Challenge
5:EAP- Response/ Identify 5: Radius – Access - Request
6:EAP- Request 6: Radius – Access - Accept
7:EAP – Response
8:EAP – Success
9:EAPOL – Key (WEP)

©NetProWise
802.11x Supporting Public Ethernet Ports
ISP
Client RADIUS
1: Authenticate
6: Billing

4: Allow Corporate
Finance
2: Authenticate
5: Accounting 3: Allow

Internet

Corporate
AP
RADIUS

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment - Security 
 Lab Exercises

©NetProWise
Relationship Between Management Entities

MLME

MAC MAC MIB


SME
PLME
PHY
PHY MIB

©NetProWise
Management Operations
 Scanning
 Scan Report
 Joining

©NetProWise
Scanning
 Scanning is the first activity when a station wants to join a
service set.
 The following parameters are used in scanning:
 BSSType (independent, infrastructure, or both)
 BSSID (individual or broadcast)
 SSID (“network name”)
 Scan Type (active or passive)
 ChannelList
 ProbeDelay
 MinChannelTime
 MaxChannelTime

©NetProWise
Passive Scanning
Beacon
Client
AP1


AP2
Found BSSs:
BSS1,AP1
BSS2,AP2
AP3
BSS3,AP3

AP4


©NetProWise
Active scanning
Probe
response
Probe
request

Minimum
Mobile station
response SIFS SIFS
(scanner)
DIFS time DIFS

Probe Request ACKX ACKX

Probe Response

AP1
Contention t
window
Probe

Response
AP2 t

©NetProWise
Scanning Report
 At the end of scanning a report is produced
 This report includes
 BSSID
 SSID
 BSSType
 Beacon interval (integer)
 DTIM period (integer)
 Timing parameters
 PHY parameters, CF parameters, and IBSS parameters
 BSSBasicRateSet

©NetProWise
Joining
 Joining is a precursor to association
 User intervention or automatic
 Automatic then the decision based on power level and signal
strength

©NetProWise
Authentication

©NetProWise
Open- system authentication Exchange

1: Form – source (Identity)


Client Authentication algorithm – 0 (open system)
Sequence number - 1
AP

2:Authentication algorithm – 0 (open system)


Sequence number – 2
Status code

©NetProWise
Shared-Key Authentication Exchange
1: Form – source (Identity)
Authentication algorithm – 1 (Shared Key)
Sequence number - 1

Client 2:Authentication algorithm – 2 (Shared Key)


Sequence number – 2
Status code –0 (Successful)
Challenge text (clear) AP

3:Authentication algorithm – 2 (Shared Key)


Sequence number – 3
Challenge text

4:Authentication algorithm – 2 (Shared Key)


Sequence number – 4
Status code

©NetProWise
Time savings of preauthentication
5

AP1 AP2
4

3
1 BSS1
BSS2

A. No preauthorization

©NetProWise
Scan Report
 Beacon interval
 DTIM period
 Timing parameters
 PHY parameters, CF parameters, IBSS parameters
 BSSBasicRateSet

©NetProWise
Joining
 Choosing which BSS to join
 User intervention
 Automatic

©NetProWise
Time Savings of Preauthentication
3

AP1 AP2

1.5 2

1 BSS1
BSS2

A. No preauthorization

©NetProWise
Association Procedure
1: Association request

Client 2: Association response


“Here is your association ID.”

3:Traffic
AP

©NetProWise
Reassociation Procedure

1:Reassociation request
“My old AP WAS..”

Client 2: Reassociation response


“I am your new AP, and here
is Your new association ID.” Old AP 4: IAPP
3:IAPP “Why
“Please send certainly ..”
Any buffered
Frames for..”

5:(Optional )
“Here are some frames
Buffered from your old AP

New AP

©NetProWise
Reassociation with the same access point

BSS
1

3: Reassociation
Exchange AP

©NetProWise
PS-Poll Frame Retrieval
AP

PS-Poll
Time
Frame 1, more data

ACK
PS-Poll
Frame 1, more data
ACK
PS-Poll
Frame 2
ACK

©NetProWise
Buffered frame retrieval process
Beacon

interval
TIM-Frame TIM-Frame TIM-Frame TIM-Frame TIM-No TIM-No
for 1 for 1and2 for 2 for 1and2 Frame Frame

Busy

AP
Ps- Ps-
t
poll poll

station1 CW t
frame

Busy

station2 CW
defer t

©NetProWise
Multicast and Broadcast buffer
transmission after DTIMS

Beacon DTIM Interval


interval

DTIM TIM DTIM TIM TIM


TIM

BC MC BC MC
AP
t

station1 t

©NetProWise
ATIM Usage

ATIM “Don’t
Sleep, I have
data for you.”

C
B
a.Unicast or directional

©NetProWise
ATIM Usage

ATIM “Don’t sleep,


I have data for all
Of you”

A
E

B C
D
B. Multicast

©NetProWise
ATIM window

Target
beacon times

Peacon
interval

Busy

ATM
Window
ATM
Window
ATM
Window
ATM
Window
t

©NetProWise
ATM effects on Power-saving modes

Target beacon transmission

ATM ATM ATM


Window Window Window

station1 t

©NetProWise
Effect ATIM on power-saving modes in
an IBSS network

ATM ATM ATM ATM


Window Window Window Window
ATM to 2,3, and 4
Frame to 2,3, and 4 Sleep
Sleep
station1
t
ATM to 4

Frame to 4
Sleep
station2
t
ATM to 4 ATM to 4
Frame to 4

station3 t
ACK to 3 ACK to 2 ACK to 3
Frame to 1 Frame to 3

station4
t

©NetProWise
Matching the local timer to a network timer

Beacon/ Timestamp +
Probe Response Local offset
Network
Time

Local offset Time


Local
timer

Save Begin
TSF Join
Value Process

©NetProWise
Distributed Beacon generation
Awake period

TBIT Transmission
canceled

station1 t

Beacon

station2 t
Transmission
canceled

station3
t

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  - Point Coordinated Function (PCF)
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment - Security 
 Lab Exercises

©NetProWise
Using the PCF

Contention-free repetition interval

Contention-free period
Contention
SIFS SIFS PIFS SIFS period

PC CF-
CF-poll(to Data to
Beacon poll(to Station2)+
statio Stn4+CF- CF-END
CF-ACK(to
n1) Station1) poll
Other Frame t
from #1
plus CF- CF-ACK
ACK
SIFS SIFS
NAV
Set by Beacon Released
CF-End

CFMaxduration t

©NetProWise
Data+CF-Ack and Data+CF-poll usage

CFP end

DIFS
CFP
Beacon CP
Frame Frame

ACK ACK t

SIFS SIFS
Actual
CFP start
CFP foreshortening

CFPMaxduration

©NetProWise
Data + CF – ACK Usage

SIFS

Mobile
Station Data + CF - ACK
frames

Access Data + CF – Poll Point


Coordination
Point to MS1 SIFS resumes
frames

©NetProWise
Usage of Data+CF-ACK-ACK+CF-poll

SIFS

Data+CF-ACK Data+CF-ACK
Mobile stations From MS1 From MS2

Access Data+CF-ACK
+CF-poll to MS2
points
SIFS

©NetProWise
CF-poll framing usage

PIFS

SIFS SIFS

Mobile stations Data from MS2

Access CF-poll CF-poll


points to MS2

©NetProWise
CF – ACK + CF – Poll Usage

SIFS
SIFS

Mobile Data + Data


Stations CF – ACK From MS2
From MS1
Data + CF CF-ACK+
Access - Poll to MS 1 CF-Poll
Points To MS2

SIFS

©NetProWise
CF- End Frame
MAC header
Bytes 2 2 6 6 4
Frame Duration Receiver Address BSSID FCS
Control 00x00 - 0xFF-FF-FF-FF-FF
00
bits 1 1
2 2 4 1 1 1 1 1
Protocol Type = control Sub Type = CF- End ToDs FromDs More Frag Retry Pwr More WEP Order
0 0 1 0 0 1 1 1 0 0 0 0 Mgmt Data 0 0
0

©NetProWise
CF-End + CF – ACK Frame
MAC header

Bytes 2 2 6 6 4
Frame Duration Receiver Address BSSID FCS
Control 00x00 - 0xFF-FF-FF-FF-FF
00
bits 1 1
2 2 4 1 1 1 1 1
Protocol Type = control Sub Type = CF- End ToDs FromDs More Frag Retry Pwr More WEP Order
0 0 1 0 + CF -ACK 0 0 0 0 Mgmt Data 0 0
0 1 1 1 0

©NetProWise
CF Parameter Set Information Element

Bytes 1 1 1 1 2 2
Element ID Length CFP CFP CFP CFP
6 Count Period MaxDuration DurRemaining

©NetProWise
Mobile IP Network
COA

Home Router Router


MN
Network HA FA

Foreign
network

Internet

CN Router

©NetProWise
Packet Delivery

Home Router Router


MN
Network HA 2 FA
4 Foreign
network

Internet

CN Router

©NetProWise
Mobile Transport (TCP)
Access Point 1

Socket Migration &


State Transfer Internet

Mobile Host Access Point 2

©NetProWise
Next Generation WLAN – IEEE
802.11n
Comparing IEEE 802.11 Amendments

©NetProWise
IEEE 802.11b versus BlueTooth

©NetProWise
IEEE 802.11n
 IEEE 802.11g (up to 30 m & 54 Mbps)
 IEEE 802.11a (up to 30 m & 54 Mbps)
 IEEE 802.11b (up to 30 m & 11 Mbps)
 IEEE 802.11n (up to 50 m & 600 Mbps)
 Developed by IEEE Task Group n (TGn)
 Chip Vendors – Broadcom, Intel, Atheros, and Marvell.
 Switch and Adaptor Vendors – Belkin, D-Link, Linksys, and
Netgear
 Some of the other vendors who are contributing to IEEE 802.11n
– AirGo, Atheros, Intel, Nortel Networks, Panasonic, Philips
Electronics, Qualcomm, Samsung, and Sony

©NetProWise
How IEEE 802.11n works
 Adds MIMO to the earlier 802.11g technology
 Makes use of the multi-path propagation.
 Bonds several existing channels for sending and receiving

Object Antenna

Transmitter Receiver
With With
MIMO MIMO
Signal Signal
Processing Processing

©NetProWise
RadioTap
 What is RadioTap
 Mechanism to exchange frame information between user
application and driver
 Addresses the limitations of PrismAVS header format
 Using RadioTap arbitrary number of fields can be specified.
 Example: One could specify/retrieve FCS for/from a frame.

©NetProWise
RadioTap Header
The radiotap capture format starts with a radiotap header:

struct ieee80211_radiotap_header {
u_int8_t it_version; /* set to 0 */
u_int8_t it_pad;
u_int16_t it_len; /* entire length */
u_int32_t it_present; /* fields present */
} __attribute__((__packed__));

©NetProWise
Some of the Header fields
enum ieee80211_radiotap_type {
IEEE80211_RADIOTAP_TSFT = 0,
IEEE80211_RADIOTAP_FLAGS = 1,
IEEE80211_RADIOTAP_RATE = 2,
IEEE80211_RADIOTAP_CHANNEL = 3,
IEEE80211_RADIOTAP_FHSS = 4,

IEEE80211_RADIOTAP_DBM_TX_POWER = 10,
IEEE80211_RADIOTAP_ANTENNA = 11,
IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12,
IEEE80211_RADIOTAP_DB_ANTNOISE = 13,
IEEE80211_RADIOTAP_FCS = 14,
IEEE80211_RADIOTAP_EXT = 31,
};

©NetProWise
Important Characteristics of RadioTap
 Fields are in strict order (as they are specified in the it_present
bitmask)
 Data is specified in little endian order
 Field Lengths are implicit
 Variable length fields are not supported
 If bit 31 of the it_present field is set, an extended it_present
bit_mask is present
 Natural alignment field requirement – 16, 32,48, …

©NetProWise
Summary

©NetProWise
Summary Slide
 Mobile Transport (TCP)

©NetProWise
Historical background of FHSS

Look at the notes section

©NetProWise
FHSS
close    

                                                                                                                                                

                       

©NetProWise
Overview Ethernet BasicsWireless BasicsIEEE 802.11 Nextgen WLAN

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
Some TCP/IP Concepts
 Layering
 Protocol Data Units (PDUs)
 Encapsulation
 Multiplexing/Demultiplexing
 IP Address Class
 Domain Name System (DNS)
 Client-Server Model
 Some Tools
 Routing versus Switching
 Connection Oriented versus Connectionless

©NetProWise
TCP/IP Layers

Application/Layer

Transport Layer
UDP or TCP

Networking Layer (IP)

Link Layer

Physical Layer
Network

©NetProWise
Protocol Data Units (PDU) &
Encapsulation

Application Data
Application
message Application Data application
Header

datagram TCP
Data TCP
segment Header

TCP
packet IP Header Data IP
Header

Ethernet TCP Ethernet Ethernet


frame IP Header Data
Hdr Header Trailer
14 20 20 4
46-1500 Physical Medium
©NetProWise
Demultiplexing and Multiplexing
TCP Applications UDP Applications

Stack/suite
TCP Port no UDP

ICMP IGMP


IP protocol type
IPX ARP/RARP

Ethernet Frame type


Incoming Frame

©NetProWise
Data Networks - Standards
 IEEE – 802.3, 802.5, 802.11, FDDC, …
 Internet Society (ISOC)
 Internet Architecture Board (IAB)
 IETF – Engineering Task Force
 IRTF – Research Task Force
 IANA – Assigned Number Authority
 InterNIC – IP Address distribution
 Request for Comment (RFCs)

©NetProWise
Addresses used
 Four types are addresses are used:
 Domain Name
 IP Address
 Link Layer Address
 Port Number

 They all complement each other in sending and receiving


messages.

©NetProWise
Subnet
 Host A starting an FTP session with Server B.
LAN
segment 3
Rest of
the
network
B

LAN segment 1 LAN segment 2


A

©NetProWise
Address Structure

 Domain name: yahoo, google, alcatel, etc.


 Networking Layer Address - IP Address - unique, but likely to
change and move
 Example: 192.168.1.128
 Link Layer Address - MAC Address- unique & fixed
 Example: 08:56:27:6f:2b:9c
 Port Numbers – Identifies individual program in a computer
 80

©NetProWise
Domain Name System (DNS)
 DNS permits meaningful host names to be used instead of host of
IP addresses.
 It’s a distributed database that provides a mapping between host
names and IP addresses.
 There is a function to do IP to host name, another function to do
host name to IP mapping.
 www.touchtelindia.net maps to class C address 202.56.228.42.

©NetProWise
Port Address
 Identifies a service entity. 21 23
 16 bit in size FTP Telnet
 Well Known Server Ports - 0 to 1023
TCP
 FTP Port 21, Telnet port 23 IP
 Registered Ports - 1024 to 49151 192.168.0.1
Ethernet
 Dynamic or Ephemeral Ports – 49152 to
00:50:eb:0e:14:7a
65535

Ethernet

©NetProWise
Client Server
 Networking applications are mostly client-server applications.
 Iterative server or Concurrent Server.
 Iterative server handles one client at a time.
 Concurrent server handles multiple clients concurrently.
 TCP servers are usually concurrent and UDP servers are usually
iterative.

©NetProWise
IPCONFIG
 List IP configuration for a host
 Usage
 ipconfig
 ipconfig /all

 Exercise 1: Explore different options


of ipconfig. Find out ipconfig
equivalent in Linux/Unix.

©NetProWise
Ping Command
 Checking for IP connectivity
 Usage:
 ping localhost
Loopback
 ping <itself>
 ping <Otherhost> 127.0.0.1
 Loopback Interface
 Used for Inter Process Communication (IPC)
 Loopback address 127.*.*.*

©NetProWise
Netstat

©NetProWise
ARP

©NetProWise
Networking Hierarchy
 Computer
 LAN segments
 Subnets
 Networks
 Interconnected Networks

©NetProWise
Subnet
 Host A starting an FTP session with Server B.

A
©NetProWise
Network
 Hosts and Router ports within a subnet share the same subnet ID.
 Subnet is a link layer broadcast domain
 Router is the gateway between subnets
 Router terminates subnet broadcast

192.168.1
192.168.2
Router
Port
192.168.3

192.168.9

©NetProWise
Packet Switching and Routing
1. Switching

Network
sender receiver X.25, ATM, FR

2. Routing

Network
sender receiver IP, IPX

©NetProWise
Connection Oriented Messaging

A Establishes a dedicated pipe first


exchange between A & B
S
Global address not
Sequencing
needed in message
guaranteed S
S
S
Ideal for 1-to-1
S communication
S
After the message No Need for
exchange, pipe is big transfer
removed tables
B
©NetProWise
Connectionless Messaging
No dedicated pipe between A & B
A Pipe is shared
R
Global address needed
Sequencing not
guaranteed R
R
R
Ideal for 1-to-n
R communication
R
Inherently robust Needs big
transfer
tables
B
©NetProWise
Connection Oriented &
Connectionless Networking with IP

 IP is connectionless networking
 Both connection-oriented and connectionless transport could be
offered on top IP.
 TCP is a connection-oriented protocol, UDP is connectionless
protocol

©NetProWise
IP Packet Routing in a Subnet
1. Host A checks if Server B is in the same subnet. It is.
2. Host A sends a broadcast frame asking for the MAC address of
Server B (IP Address).
3. This request frame is seen by all hosts & servers within the
subnet.
4. Server B responds to Host A with its MAC address.
5. Host A saves the Server’s IP address and MAC address in its
ARP table and starts sending /receiving frames to/from Server B.

©NetProWise
ARP Table or ARP Cache
 ARP stands for Address Resolution Protocol
 Each entry in an ARP table contains an IP Address and the
corresponding MAC Address.
 ARP entries live only for a short duration - 2 to 10 mins
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\hari>arp -a

Interface: 10.0.0.224 --- 0x2


Internet Address Physical Address Type
10.0.0.2 00-80-c6-f9-29-a7 dynamic

C:\Documents and Settings\hari>


©NetProWise
Out of Subnet Packet Routing
1. Host A checks if Server B is in the same subnet. It is not.
2. Host A sends a broadcast frame asking for the MAC address of
Gateway (Router Port).
3. This request frame is seen by all hosts & servers within the subnet.
4. Router A responds to Host A with its Port 1 MAC address.
5. Host A saves the Server’s IP address and Router Port 1 MAC
address in its ARP table and starts sending /receiving frames
to/from Router A.
6. Router A Routes packets from host A to Server.

©NetProWise
Physical Layer
 Restricted to Wireline

©NetProWise
Network Interface Controller (NIC)

 NIC Card
 RJ45 Connector, Cable

Ethernet
Cables

or
ct
ne
on
IC
PC
RJ45 Socket

©NetProWise
RJ45 10Base-T

Crossover Cable Straight Through Cable


RJ-45 PIN RJ-45 PIN RJ-45 PIN RJ-45 PIN
1 Rc+ 3 Tx+ 1 Tx+ 1 Rc+
2 Rc- 6 Tx- 2 Tx- 2 Rc-
3 Tx+ 1 Rc+ 3 Rc+ 3 Tx+
6 Tx- 2 Rc- 6 Rc- 6 Tx-
©NetProWise
Notes Page

©NetProWise
Link Layer
 Responsible for
 Creating a frame and sending it to next node
 Receiving a frame and Processing it
 Error check
 Flow control
 De-multiplexing
 Class of Service

©NetProWise
Link Layers
 Ethernet
 IEEE 802 Encapsulation
 FDDI
 CDDI
 PPP
 SLIP
 ATM

©NetProWise
Serial Line IP (SLIP RFC 1055)
 Motivation

Versus

©NetProWise
SLIP Frame Format (RFC 1055)
 END (0xC0) and ESC (0xdb) are used to create the frame.
 No type field!
 IP address issue
 No Frame Check Sequence (FCS) or CRC!

IP Datagram

c0 db

c0 db dc db dd c0

©NetProWise
PPP

Motivated by the deficiencies of SLIP.


Includes type field.
IP address could be exchanged
Includes Frame Check Sequence (FCS) or CRC!

©NetProWise
PPP Encapsulation Format (RFC 1548)

flag addr ctl flag


protocol Information CRC
7E FF 03 7E
1 1 1 2 Upto 1500 2 1

protocol IP Data gram


0021
2

protocol Link Control Data


C021 Escape Sequence:
2 7E 7D and 5E
7D 7D and 5D
protocol Network Control Data
8021
2

©NetProWise
Loopback IP Interface

127.0.0.1 is Loopback IP Interface.


This allows a client to communicate with a server on the
same host.
Any packet sent to this IP address will be looped back to
the same host from the host’s Link layer.
DNS maps localhost to 127.0.0.1.
Datagrams that are multicast and broadcast are looped
back to localhost.
Anything sent to host’s IP address is sent to localhost.
Datagrams sent only to localhost do not appear on the
network!

©NetProWise
Loopback Interface

IP output IP input
function function

Place on
YES Dest IP Multicast/Broadcast?
IP input Queue
Place on
IP input Queue NO

Loopback YES Dest IP is local IP?


Driver
NO IP

Ethernet ARP ARP Demultiplex


Driver
send receive

Ethernet
©NetProWise
Local Area Network (LAN)
 Initial LANs provided connectivity between computers which are co-
located within a short distance of few meters using shared medium.
 This solution of interconnecting computers does not scale well. Thus, it
is still limited to computers that are in physical proximity.

©NetProWise
What is Ethernet?

 Ethernet is a LAN Link Layer Standard


 Most popular LAN standard
 Least Expensive
 Comes in Half-duplex and Full-duplex forms
 Comes in several speeds 10/100/1000/10000 Mbps
 Comes with several media options (wireless, fiber, coaxial, twisted
pair,…)
 Wireless LAN variations 802.11x (CSMACA)
 Initial competition from Token Ring, later from ATM, now none!

©NetProWise
Ethernet History
 Developed by Xerox Corporation.
 Initially controlled by DEC, Intel, and Xerox.
 IEEE started its standardization in late 80s.
 IEEE 802.2 Specifies LAN Message Format.
 IEEE 802.3 Specifies Ethernet Hardware standard for Ethernet.
 Issue with Internet TCP/IP standard!

©NetProWise
Typical Ethernet Configuration

©NetProWise
Media Access – Carrier Sense Multiple Access Collision Detection
(CSMA-CD)

 Sense the media (Carrier Sense). If the medium is idle,


transmit, otherwise go to next step.
 If the medium is busy, continue to listen until medium is
idle, then transmit immediately.
 If a collision is detected during transmission:
 Transmit a jam signal for one slot.
 Wait for a random time and reattempt (up to 16 times).
 Random time generated according to exponential back-off .
 Collision is detected by monitoring the voltage, high
voltage  two or more transmitters are colliding.

©NetProWise
IP Layer
IPv4 Header Format (RFC 791)

©NetProWise
Subnet Addressing

netid subnetid hostid

©NetProWise
Subnets

 IP Address is divided into 3 parts


 Network Id, Subnet Id, Host Id
 Subnet Id need not start on 8 bit boundaries
 Applies to Class A, B, and C

254 subnets 254 hosts


8-bits 8-bits
16-bits Net Id
Subnet Id Host Id

Subnetting a Class B Address

©NetProWise
Subnet Mask

 Each host needs to know its IP addresses


 Host also must know its subnet Ids
 Subnet Id is Specified with 32 bit mask
 Subnet Mask is also represented by dotted decimal notation
 Examples:

16 bits 8 bits 8 bits


netid subnetid hostid
11111111 11111111 11111111 00000000 = 255.255.255.0

netid subnetid hostid


11111111 11111111 1111111111 000000 = 255.255.255.192
©NetProWise
Host Sending

 Host
 knows its IP address and subnet id

 knows its MAC address

 knows its Gateway’s IP address

 Application provides Server’s


 (Destination) IP address

 IP/Link Layer maintains ARP cache


 Server’s MAC address is required to complete the
datagram

©NetProWise
Host Receiving IP datagrams

 IP layer on host can be configured to do


routing in addition to acting as host
 When IP datagram is received, IP layer
checks if the destination IP is one of its own
IP addresses or an IP broadcast
 If so the datagram is delivered to protocol module
specified in the protocol field in datagram
 If not then
 If the host is configured as a router, then the
datagram is forwarded using the IP routing
table
 Else the datagram is silently dropped

©NetProWise
Address Resolution Protocol (ARP)

 ARP finds the physical address of a host given its IP address by


issuing an ARP broadcast within the subnet
 This information stored in ARP cache and used in IP datagram
transmission
 ARP cache is a table where each entry contains host’s IP address
and corresponding physical address
 ARP entries also contain host name and expiration counter.
Default expiration time is 20 mins
 ARP command can be used to list the entries of an ARP cache -
Example: arp –a
 ARP request timeout, Proxy ARP, Gratuitous ARP

©NetProWise
hostname
hostname
Resolver (1) FTP
IP address
(2) Establish connection
with IP address

TCP
Send IP datagram to
(3) IP address
(4)
(5)ARP IP
(8) (9)
(6) Ethernet
ARP Request (Ethernet broadcast) Driver

Ethernet Ethernet
Driver Driver

ARP (7)ARP IP
©NetProWise
IP Fragmentation
 Transport layer can send datagrams which are larger than MTU
 Larger datagrams are fragmented at the source by IP layer
 Assembled at the destination IP layer
 Fragments can be fragmented recursively
 IP fragmentation strongly discouraged!

©NetProWise
Characteristics of TCP
 Connection-oriented (state based)
 Reliable
 Timeout, Buffering, Checksum, Acknowledge
 Exchanges Byte Stream
 Different from message exchange, message transparent
 Duplex

©NetProWise
TCP Header Format (RFC 793)

IP Header TCP Header TCP data

20 20 18

4 6

TCP Segment

©NetProWise
TCP Message Flags
 SYN Synchronize Sequence Numbers to initiate
connection.
 RST Reset Connection.
 PSH Push data to receiving process ASAP.
 URG Urgent pointer is valid.
 ACK Acknowledgement is valid.
 FIN Sender is finished sending.

©NetProWise
TCP - Connection Establishment

1. SYN: Requesting end (client) sends Server


the destination port and source
initial sequence number (ISN) with
SYN flag set.
Client
2. ACK & SYN: The server ACKs
1. SYN
this with its own ISN, the next
expected sequence number from the
client with SYN flag set. AC K , S YN
2.
3. ACK: The client must ACK this
SYN with server’s ISN plus 1. 3 . AC
K
time

©NetProWise
TCP data flow

Open Connection

Client Server
databyt
e

time Ack for databyte


databyte
Ack for
databyte


Close Connection
©NetProWise
TCP – Connection Termination
1. FIN: Client sends a FIN Server
2. ACK: Server ACKs client’s FIN
3. FIN: Server sends a FIN
Client
4. ACK: Client ACKs server’s FIN 1 . F IN

2. ACK
.
.
time .
3. FIN
4 . AC
K

©NetProWise
Some TCP Terminologies
 Half-open: Server is waiting for SYN requests from client
 Half-close: Client has no more requests and sent its FIN and
Server has even ACKed the FIN. But Server has some more data
to send to the client.
 Active/Passive close: It is said that the first host to issue a FIN
performs the active close , then the other and second one becomes
the passive close.
 Maximum Segment Size (MSS)

©NetProWise
Sliding Window
 Sliding Window parameter is used to:
 Guarantee the reliable delivery of data.

 Ensure the that the data is delivered in order.

 Enforces flow control between the sender and receiver.

©NetProWise

You might also like