WLAN

Wireless Local Area Network

Content & Scope
 

Wireless LAN Overview   Optional: Ethernet & TCP/IP Basics Mobile & Wireless Basics IEEE 802.11
     

WLAN Overview

 

Introduction Media Access   Frame Format   Management Operations Physical Layers Deployment   IEEE 802.11n, IEEE 802.16, & RadioTap

Miscellaneous –

 

Lab Exercises Next generation WLAN

©NetProWise

Pre-Requisites
WLAN Overview

Computer Organization – bits, bytes, memory, integer representation,… Desktop terminologies – file, delete, … Operating System (Windows, Linux) – compile, shell, command, … OSI Architecture – Layering,…. TCP/IP Ethernet

 

  

©NetProWise

WLAN

Module 1 WLAN, Wired Ethernet & TCP/IP Overview

Wireless LAN
WLAN Overview

LANs that use wireless medium Connected to regular LANs for better reach Allows limited Mobility Unique Challenges & Issues Benefits

©NetProWise

WLAN – Advantages
WLAN Overview
    

Mobility Flexible Planning Design Robustness

©NetProWise

WLAN Standards
WLAN Overview

IEEE 802.11

Infra-red

  

HIPERLAN/2 Bluetooth …

©NetProWise

History
WLAN Overview

802.11 standard first ratified in July 1997
 

3 PHY’s specified (FHSS, DSSS, and IR) with 1 & 2 Mbps 2 High Rate PHY’s ratified in Sept 1999
 

802.11a 6 to 54 Mbps in 5 GHz ISM band using OFDM 802.11b 5.5 to 11 Mbps in 2.4 GHz band using DSSS

©NetProWise

Companion or Evolution Specifications
WLAN Overview
 

802.11c – support for 802.11 frames 802.11d – support for 802.11 frames, new regulations 802.11e – QoS enhancements in the MAC 802.11f – Inter Access Point Protocol 802.11g – High Rate or Turbo Mode – 2.4GHz bandwidth extension to 22Mbps 802.11h – Dynamic Channel Selection and Transmit Power Control 802.11i – Security Enhancement in the MAC
©NetProWise

  

IEEE 802.11 WLAN - Architecture

Overview

©NetProWise

Infrastructure & Independent WLANs

Overview

©NetProWise

802.11 Layer Description

802.2 802.11 MAC DS FH IR
Data Link Layer Physical Layer

New Overview

©NetProWise

IEEE 802.11 Frame with LLC & MAC
IEEE 802.11 Frame

IEEE 802.11

MAC

LLC

Data

New OverView

Ethernet Frame MAC New Overview Data

©NetProWise

Link Layer – CSMA/CA
  

Carrier Sense (CS) Media Access (MA) Collision Avoidance (CA)

New OverView
©NetProWise

Physical Layers

Radio

Spread Spectrum Technology

New OverView OverView

Direct Sequence Spread Spectrum (DSSS) Frequency Hopping Spread Spectrum (FHSS)

Infra Red (IR)

©NetProWise

Challenges & Issues
       

Error Prone Medium Inherently Shared Medium Natural limitations Unique problems – Hidden & Exposed Stations Mobility Regulation Cost Inter-working

©NetProWise

WLAN Design Goals
  

     

Global Operation Low Power License-free operation Robust transmission technology Simplified Spontaneous co-operation Easy to use Protection of investment Safety and Security Transparency of application

New OverView

©NetProWise

WLAN Applications
  

   

Inventory Control Hospital Hotel Training Trade Shows Networking old buildings IP-Zone

New OverView

©NetProWise

WLAN Vendors

WLAN Equipment (AP, Adaptors, Card) Vendors

Cisco, Nortel, NetGear, Belkin, D-Link, Linksys,…

WLAN Chip Vendors

New OverView

Broadcom, Lucent, Intel, …

WLAN Software Vendors – Mostly Mobile IP development (Home Agent, Foreign Agent, & Protocol)

Cisco, Nortel, …

©NetProWise

IEEE 802.11 Market Size

New OverView
©NetProWise

Demo

Infrastructure Network
 

  

Two One One One One

Wireless stations Switch/hub AP Wired station Wireless adaptor (for monitoring)

New OverView

AirPcap Adaptor

©NetProWise

File Transfer Application
 

Transfer a file from one wireless station to another Capture some IEEE 802.11 frames using the adaptor & Wireshark Brief review of the IEEE 802.11 frame

New Overview

©NetProWise

WireShark Tutorial

©NetProWise

Content
  

Wireless LAN Overview   Ethernet Basics Mobile & Wireless Basics Introduction to IEEE 802.11   IEEE 802.11 Media Access   IEEE 802.11 Frame Format   IEEE 802.11 Management Operations IEEE 802.11 Physical Layers IEEE 802.11 Deployment   Lab Exercises

New Overview

      

©NetProWise

Relation to OSI Reference Model

New Overview
©NetProWise

LAN Standards
• 802.1 • 802.2 • 802.3 • 802.4 • 802.5 • 802.6 • FDDI • 802.11 Wireless LANs
802.2 LLC 802.3 CSMA/CD 802.4 Token Bus 802.5 Token Ring
©NetProWise

Overview. LLC. CSMA/CD (Ethernet). Token Bus. Token Ring. DQDB (Distributed Queue Dual Bus MAN standard)

New Overview

802.6 DQDB FDDI

IEEE 802.2 Encapsulation

New Overview
©NetProWise

Basic Ethernet Frame Format

22

MAC Header

©NetProWise

Ethernet Address
  

   

Six Octets in size Hard coded to NIC and unique Represented in hexadecimal form  Example: 08:56:27:6f:2b:9c Most significant 3 octets code vendor id The other 3 octets are vendor generated All octets set to “ff” to indicate broadcast “01:00:5e” in most significant octets indicates multicast : Example: Multicast address derived from multicast IP address (Class D)

©NetProWise

Extending LAN Segments

Due to noise and attenuation, length of LAN segments are limited to few hundred meters. Several different networking elements are used to extend the span of LANs. These enhancements still have to satisfy the round trip constraint and other constraints suggested by the standards.

©NetProWise

Repeater

 

Repeater is bidirectional Analog amplifier that amplifies and retransmits signals. Layer 1 Device. Can double the size of a LAN segment.

Segment 1

Segment 2

6

R

6

©NetProWise

Repeater

   

Standard suggests a limit of 4 Repeaters between any two stations on LAN. A maximum of 5 segments. Repeaters don’t understand frame formats. Collision affect the entire extended network. Noise propagates throughout the extended network.

©NetProWise

Hub
 

Hub is a multilink repeater with star topology In other respects, a hub is similar to a repeater
Stations

Hub

©NetProWise

Bridge

Bridge is a device that connects two or more LAN segments. Unlike Repeater, Bridge receives, processes, and retransmits frames. Bridge is invisible to the other attached computers.

Segment 1
P1

Segment 2

B

P2 P3

Segment 3

©NetProWise

Bridge Characteristics
  

Layer 2 Device. Can do frame filtering. Isolate collision and noise.

©NetProWise

Bridging
  

Bridge uses a forwarding table to forward frames. Initially, this table is empty. Table populated by examining the source address in frames received. If there is no forwarding entry for a frame, then is forwarded to all the other ports.

©NetProWise

Switches

 

Switch is a bridge that is configured to work like a hub in a star topology. Frame received in port is processed and forwarded to the right port using a forwarding table. Each computer thinks it is on segment by itself. Unlike bridges, switches support large number of ports.


P1 P32

Switch
To Uplink
©NetProWise

Bridge versus Switch

Bridge:
 

Switch:
 The

Supports less than 5 ports (interfaces) Software implementation can easily handle the traffic Interface connects to a LAN segment Price per port is higher than comparable switch
©NetProWise

workgroup switch, one of the smallest, can support 16/32/64 ports  Port volume requires hardware solution  Interface connects to a computer  Price per port is very low

Broadcast Storm

©NetProWise

Invalid Bridging Entry

©NetProWise

Spanning Tree Algorithm(STA)
 

Converts a graph with cycle to a rooted tree. There are a number of algorithms in the literature:

Root

STA

Bridge

©NetProWise

Content
         

Wireless LAN Overview   Ethernet & TCP/IP Basics Mobile & Wireless Basics Introduction to IEEE 802.11   IEEE 802.11 Media Access   IEEE 802.11 Frame Format   IEEE 802.11 Management Operations IEEE 802.11 Physical Layers IEEE 802.11 Deployment   Lab Exercises

©NetProWise

Mobile and Wireless Concepts

Characteristics
   

Fixed and wired Mobile and wired Fixed and wireless Mobile and wireless

©NetProWise

Signal, Carrier, and Medium
source signal destination

V Carrier T • • • • • • • • Audio signal travel as Variations in air pressure This variation is converted to Variations in Voltage levels to send signal farther Carrier is a repeating voltage (wave) – repetition period is known to both ends Carrier can travel farther without getting corrupted compared to direct voltage Carrier is modified by the signal at the source end in some form This modified Carrier – can transport the original signal from source to destination To send the modified carrier from source to destination we need a medium Using this medium we can direct (and control) the signal to its destination
©NetProWise

Modulation, Multiplexing, and Coding

Modulation is the process of modifying the carrier with signal before transmitting it to destination. Demodulation is the process of extracting the signal from the modified carrier at the destination. Multiplexing is the process of mixing multiple signals at the source so that all these signals can be sent in the medium concurrently. Demultiplexing is the process of separating individual signals at the destination. Coding is the digital equivalent of modulation. It maps one form digital signal to another form of digital signal. Coding is done for security and easier transmission at the source. Decoding the reverse mapping of extracting original digital signal from the coded signal at the destination.

©NetProWise

RF and IR Transport
2.4GHz 2.48GHz

I-Band
902 MHz 928 MHz

S-Band ISM Frequencies

M-Band
5.725GHz 5.85GHz

IR Spectrum: 850 to 950 nanometers

©NetProWise

WLAN frequency band

©NetProWise

Signal Representation
  

Time domain representation Frequency domain representation Phase domain representation

©NetProWise

Time domain representation of a signal
Periodic signals: g (t)=At sin(2∏ftt + ϕ t) Fourier: ∞
T f = 1/T

g (t)= ½ c+n=1 an Cos(2∏nft)+ Σ bn Sin(2∏nft) Σ n=1
360
0

ϕ
A

90
©NetProWise

0

180

0

270 360

0

0

Square in terms of Sine waves

©NetProWise

Frequency Spectrum

Wireless transmission

©NetProWise

Examples for Frequency allocations
Europe
NMT 453-457MHz 463-467MHz GSM 890-915 MHz, 935-960 MHZ; 1710-1785 MHz, 1805-1880 MHz CT1+ 885-887 MHz 930-932 MHZ CT2 864-868 MHz; DECT 1880-1900 MHz; IEEE802.11 2400-2483MHz HIPERLAN1 5176-5270MHz
©NetProWise

US
AMPS,TDMA,CDMA 824-849 MHz 869-894MHz; GSM,TDMA,CDMA 1850-1910 MHz 1930-1990MHz

JAPAN
PDC 810-826MHz, 940-956MHz 1429-1465MHz, 1477-1513MHZ

Wireless transmission

Mobile phones

Cordless telephones

PACS 1850-1910MHz 1930-1990MHz PACS-UB 1910-1930MHz

PHS 1895-1918MHz; JCT 254-380MHz

Wireless LANs

IEEE802.11 2400-2483MHz

IEEE 802.11 2471-2497MHz

Signal Representation in different domains
f1
T f = 1/T

f2

Amplitude frequency
A

Frequency Domain MCosφ Φ Phase Domain

Time Domain

©NetProWise

Path Loss & Other effects*
          

Line of sight (LOS) Free Space Loss Effect of weather Long waves versus Short waves Shadowing or Blocking Scattering Reflection Refraction Diffraction Multi-path propagation Delay-Spread
©NetProWise

Multiplexing

Basic Multiplexing techniques
   

Space division multiplexing Time division multiplexing Frequency division multiplexing Code division multiplexing

Combinations of the above

©NetProWise

Analog Modulation

Basic Analog
 

Time

Amplitude modulation Frequency modulation Phase modulation
T f = 1/T
90
0

Amplitude

V modulation techniques

180

0

270 360

0

0

90

0

180

0

270 360

0

0

Phase

Combinations of the above

Carrier Wave

©NetProWise

Digital Modulation

Basic digital modulation techniques
  

Amplitude Shift Keying Frequency Shift Keying Phase Shift Keying

Combinations of the above

©NetProWise

Digital Amplitude Modulation

We can code
 

Zero amplitude as 0 or 1 Non-zero amplitude as 1 or 0

©NetProWise

Frequency Shift Keying

©NetProWise

Phase Shift Keying

©NetProWise

QPSK in the phase domain
Q 1 0 1 0 I Q 11

I

00

01

©NetProWise

QPSK in the time domain

©NetProWise

Quadrature amplitude modulation

Amplitude Phase

©NetProWise

Minimum Shift Keying (data 1011010)
Data Even bits Odd bits Low frequency High frequency MSK signal

1

0

1

1

0

1 0

t
©NetProWise

Spread spectrum
p p

p

f p

f p

f

f

f

User signal Broadband interface

Narrowband interface

©NetProWise

CDMA - Spreading with DSSS

©NetProWise

CDMA - Frequency Hopping Spread Spectrum
tb
User data

f f3 f2 f1 f f3 f2 f1

0

1 td

0

1

1

t

Slow hopping (3 bits/hop)

td

t

fast hopping (3 hops/bit)
t

©NetProWise

CDM Background
  

Vector Vector dot-product Orthogonality

Binary (11) in vector form: (1, 1) Vector dot Product: (1,1).(1,-1) = 1.1+1.-1 = 1+-1 = 0

©NetProWise

4 Mutually Orthogonal or vectors
u:
1 1 1 1

v:

1

1

-1

-1

w:

1

-1

-1

1

x:

1

-1

1

-1

©NetProWise

CDM - Background
For vectors a and b

The square root of a.a is a real number, and is important. We write

Suppose vectors a and b are orthogonal. Then:

©NetProWise

Code Division Multiplexing
• • • • Data to be transmitted: 1, 0, 1, 1 Chip Code 1: b – (1,-1); -b – (-1, 1) Code data to be transmitted with b Transmitted Vector • 1, -1, -1, 1, 1, -1, 1, -1 Data to be transmitted: 0, 0, 1, 1 Chip Code 2: a – (1,1); -a – (-1, -1) Code data to be transmitted with a Transmitted Vector • -1, -1, -1, -1, 1, 1, 1, 1 Sum of the transmission vector • 0, -2, -2, 0, 2, 0 , 2, 0
©NetProWise

2 Orthogonal Chip Codes

a:

1

1

b: 1

-1

• • • •

Receiver decoding for b: • (1, -1).(0, -2) = 0+2 = 2 > 0 • (1, 1).(0, -2) = 0+-2 = -2 < 0

CDMA versus TDMA, FDMA

Unlike TDMA, CDMA transmits data from all the input channels simultaneously! Unlike FDMA, CDMA uses single frequency to transmit all the input channels simultaneously!

©NetProWise

CDMA Limitation

It assumes all the channels start and stop their transmission synchronously!

©NetProWise

Asynchronous CDMA

CDM assumes all transmitted vectors start at the same time. This limits CDM for transmission from base-to-mobile where all transmitted vectors can be synchronized CDM Asynchronous is used for transmission from mobileto-base It is an enhancement of CDM Unique, Orthogonal, Pseudo Noise signals are used for arbitrary random starting points.

 

©NetProWise

CDMA Summary

CDMA operates by:

Encoding the each input channel data using a unique (chip) code Summing the encoded data from all the channels Transmitting the resulting sum On reception, each channel data is separated using the respective chip (code) from the sum and decoded

  

©NetProWise

Orthogonal Frequency Division Multiplexing (OFDM)
 

 

OFDM is based on FDM & TDM Carrier Channel is divided into multiple sub carrier channels Each channel carries a portion of the user information. Each sub carrier channel is orthogonal with every other sub carrier OFDM is also referred to as Multi-tone modulation Applications: DSL, WLAN, BT, DAB, Powerline Ethernet

©NetProWise

OFDM – Frequency Domain Representation

©NetProWise

OFDM versus CDMA

 

The mathematics underlying the CDMA is more complicated than in OFDM OFDM encodes a single transmission into multiple sub carriers. CDMA encodes multiple transmissions onto a single carrier. OFDM handles multi-path spread better. Both make use of orthogonal property in multiplexing signals.

©NetProWise

Hidden and exposed terminals

A

B

C

A can hear B C can hear B A cannot hear C C cannot hear A sending data
©NetProWise

Near and far terminals

A

B

C

©NetProWise

Content
         

Wireless LAN Overview   Ethernet & TCP/IP Basics Mobile & Wireless Basics Introduction to IEEE 802.11   IEEE 802.11 Media Access   IEEE 802.11 Frame Format   IEEE 802.11 Management Operations IEEE 802.11 Physical Layers IEEE 802.11 Deployment   Lab Exercises

©NetProWise

IEEE 802 Network Technology Family Tree
802 Overview 802.1 And architecture Management

802.2 Logical Link control(LLC)

Data Link Layer LLC sublayer

802.3 802.3 MAC

802.5 802.5 MAC

802.11

802.11 MAC

MAC sublayer

802.3 PHY

802.5 PHY

802.11 FHSS PHY

802.11 DSSS PHY

802.11a OFDM PHY

802.11b HR/DSSS PHY

Physical Layer

©NetProWise

IEEE 802.2 Encapsulation

©NetProWise

Basic Ethernet Frame Format

22

MAC Header

©NetProWise

IEEE 802.11 protocol architecture and management

DLC

LLC MAC PLCP PMD MAC management PHY management

©NetProWise

Station management

PHY

Components of 802.11 LANs
Distribution System Wireless Medium )))) Access Point Stations

)))) Access Point

©NetProWise

Independent and Infrastructure BSSs

Independent BSS

Infrastructure BSS
©NetProWise

Extended Service Set

BSS1 BSS3 BSS2 BSS4

Router Internet

©NetProWise

Distribution system in common 802.11 access points implementation
Backbone network

Bridge Bridge Distribution system Wireless medium Station A Station B Station C

©NetProWise

Network Services
1. 2. 3. 4. 5. 6. 7. 8. 9.

Distribution Integration Association Reassociation Disassociation Authentication De-authentication Privacy MSDU (MAC Service Data Unit) Delivery

©NetProWise

Overlapping BSSs in an ESS

BSS1 BSS2 BSS3

BSS4

©NetProWise

Overlapping Network Types
AP’s Basic Service area

©NetProWise

BSS transition
DS

BSS1,ESS1

BSS2,ESS2

BSS3,ESS3

T=1

T=2

©NetProWise

Inter AP Protocol (IAPP)
 

Protocol for handling roaming No standard!

Inter-operability is an issue

Status of IEEE 802.11f not clear

©NetProWise

ESS transition

ESS1 BSS1

BSS2

ESS2 BSS3

BSS4

Seamless transition not supported

©NetProWise

Content
    

Wireless LAN Overview   Ethernet & TCP/IP Basics Mobile & Wireless Basics Introduction to IEEE 802.11   IEEE 802.11 Media Access- Distributed Coordinated Function (DCF)   IEEE 802.11 Frame Format   IEEE 802.11 Management Operations IEEE 802.11 Physical Layers IEEE 802.11 Deployment   Lab Exercises

    

©NetProWise

Challenges for the MAC
  

RF Link Quality Hidden Node Problem Exposed Node Problem

©NetProWise

Positive acknowledgment of data transmissions

Time

Frame

ACK

©NetProWise

Nodes 1 and 3 are hidden
Area reachable Node 1 Area reachable Node 3

1

2

3

©NetProWise

RTS/CTS clearing
1 2

RTS 1) RTS 1 4) ACK 3) Frame 3 CTS Frame

2) CTS 2
©NetProWise

ACK

Power Save
 

Battery power is premium in wireless devices To Conserve battery WLAN stations alternate between Active and Power-save modes Access Point buffers data for a WLAN station that is in Power-save mode IEEE 802.11 protocol includes provision to implement WLAN station Power Savings

©NetProWise

MAC Access Modes
 

Distributed Coordination Function (DCF) Point Coordination Function (PCF)
Contention-free delivery “Normal” Delivery

PCF

DCF

©NetProWise

Using the NAV for virtual carrier sensing

RTS Sender SIFS CTS receiver NAV SIFS

data SIFS ACK1 DIFS NAV(CTS)

t

NAV(RTS)

Defer access

Contention Window

Carrier Sensing 1. Physical Carrier Sensing 2. Virtual Carrier Sensing NAV – Network Allocation Vector
©NetProWise

Interframe spacing relationship

DIFS

Contention window(randomized back-off mechanism)
DIFS

Medium busy
O e s tio b ffe th r ta n u r a dd fe fr ms n er ae

PIFS
SIFS

frame transmission

Slot time

©NetProWise

Contention Based Access using DCF

If the medium has been idle for longer than DIFS, transmission can begin immediately. Both carrier-sensing are employed

Delivery/non-delivery of the last frame decides whether to wait DIFS or EIFS.

  

If the medium is busy, then access deferral is applied. Error Recovery is the responsibility of the sender Sender expects acknowledgement for all transmitted frames. Specifically, for all unicast frames. Retransmit frame until it is successful. Multi frame sequence may update the NAV RTS Threshold, Fragmentation threshold decide when to use RTS and when to fragment respectively.

  

©NetProWise

Error Recovery with the DCF
  

Short Retry Counter Long Retry Counter Lifetime Counter

©NetProWise

MAC – Flow Chart

©NetProWise

Other Rules Applied
 

Error Recovery is the responsibility of the sender Sender expects acknowledgement for all transmitted frames. Retransmit frame until it is successful. Multi-frame Sequence can update NAV with each step. Fragments get the same priority as CTS/RTS, ACK Packets that are larger than configured RTS threshold must have RTS/CTS exchange (Extended Frame Sequence). Packets larger than fragmentation threshold must be fragmented.

   

©NetProWise

Error Recovery with DCF
  

Error indication – Lack of positive ACK or NAK Short Retry Counter Long Retry Counter

©NetProWise

Back-off with the DCF
     

Contention Window or back-off window follows DIFS Contention Window is divided into slots. Slot length medium (speed) dependent Stations Randomly choose a slot All slots are equally likely selections Station that picks the earliest slot wins

©NetProWise

DSSS contention window size
Initial attempt 1st transmission 2nd transmission 3rd transmission Previous frame Previous frame Previous frame Previous frame Previous frame DIFS 31 slots 63 slots

DIFS

DIFS

127 slots

DIFS

255 slots

4th transmission

DIFS

511 slots

Contention window =1,023slots 5th transmission Previous frame DIFS Contention window =1,023slots 6th transmission Previous frame DIFS

©NetProWise

Fragmentation and Reassembly
DIFS Sender RTS receiver CTS SIFS Fragment0 ACK0 SIFS SIFS Fragment1 ACK1 SIFS SIFS Fragment2 ACK2 SIFS t SIFS Block of slots

SIFS

NAV

RTS CTS

Fragment0 ACK0

Fragment1 ACK1 t

©NetProWise

Content
         

Wireless LAN Overview   Ethernet & TCP/IP Basics Mobile & Wireless Basics Introduction to IEEE 802.11   IEEE 802.11 Media Access   IEEE 802.11 Frame Format   IEEE 802.11 Management Operations IEEE 802.11 Physical Layers IEEE 802.11 Deployment   Lab Exercises

©NetProWise

Generic 802.11 MAC frame
Direction of Transmission Least Significant bit
2 6 6 Address 2 6 Duration Address ID 1

bytes 2 Frame control

Most Significant bit
2 6 02312 4 FCS

Sequence Address control 3

Address Frame 4 body

©NetProWise

Frame control field
bytes 2 Frame control 2 6 6 Address 2 6 2 6 02312 4 FCS

Duration Address ID 1

Address Sequence control 3

Address Frame 4 body

bits

2

2

4 Sub type

1

1

1

1

1

1

1

1 order

protocol Type=data b2 b3

To DS From DS

More Retry Pwr More WEP frag Mgmt Data

©NetProWise

Type field

Type field encodes (b3 b2)
   

Management Frames (00) Control Frames (01) Data Frames (10) Reserved (11)

©NetProWise

Management Subtypes (00)
       

  

Association Request (0000 – b7 b6 b5 b4) Association Response (0001) Reassociation Request (0010) Reassociation Response (0011) Probe Request (0100) Probe Response (0101) Beacon (1000) ATIM - Announcement Traffic Indication Message (1001) Disassociation (1010) Authentication (1011) Deauthentication (1100)

©NetProWise

Control Frame (01)
     

Power Save (PS)-Poll (1010 – b7 b6 b5 b4) RTS (1011) CTS (1100) Acknowledgment –ACK (1101) Contention-Free(CF)-End (1110) CF-End+CF-Ack (1111)

©NetProWise

Data Frames (10)
       

Data (0000 b7 b6 b5 b4) Data+CF-Ack (0001) Data+CF-Poll (0010) Data+CF-Ack+CF-Poll (0011) Null data (no data transmitted) (0100) CF-Ack (no data transmitted) (0101) CF-Poll (no data transmitted) (0110) Data+CF-Ack+CF-Poll (0111)

©NetProWise

ToDS and FromDS bits
ToDS = 1 D ata fram es W ireles s S tation of A ll fram es of IB S S Infras tru c ture netw ork D ata fram es rec eived for a W ireles s s tation in an infras truc tu re netwata fram es on "w ireles s bridg e" D ork ToDS =0

F ro m D S = 0 F ro m D S = 1

©NetProWise

More Fragments bit

Behaves like IP Fragmentation flag

©NetProWise

Retry bit
 

WLAN Overview

This bit is set to 1 in retransmitted frames Receiver can eliminate duplicate frames using this bit

©NetProWise

Power Management bit
 

WLAN Overview WLAN Overview

Used to conserve battery life If set to 1 indicates that the sender will be in powersaving mode after this atomic exchange. Access points cannot be in power-saving mode

©NetProWise

More data bit

WLAN Overview

Indicates that there is at least one frame available for a dozing station. Set by an AP

©NetProWise

WEP (Wired Equivalent Privacy) bit

WLAN Overview

Indicates that the frame has gone through WEP processing

©NetProWise

Order bit

Frames and fragments can be transmitted in order

WLAN Overview

©NetProWise

Duration /ID Field
Duration (NAV) 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 0

WLAN Overview

Least significant Contention Free Period frames 0 1 2 3 4 5 0 PS-Poll frames 0 0 0 0 0 0

Most significant 6 0 7 0 8 0 9 0 10 0 11 0 0 12 0 13 0 14 0 15 1

1

2

3

4

5

6

7

8

9

10

11

12

13

14 1

15 1

AID (range: 1-2007) Least significant Most significant

©NetProWise

Sequence control field
bytes 2 Frame control 2 6 6 Address 2 6 2 6

WLAN Overview

02312 Frame body

4 FCS

Duration Address ID 1

Address Sequence Address control 3 4

bits

4 Fragment number

12 Sequence number

©NetProWise

Address Fields
 

WLAN Overview

4 – Address Fields Destination, Source, Receiver, Transmitter, & BSSID

©NetProWise

Frame Check Sequence

FCS is checked by the receiver The result of this checking is sent as an acknowledgement by the receiver Recalculated during hop.

WLAN Overview

©NetProWise

IP Encapsulation in 802.11
6
Ethernet Destination MAC

6
Source MAC

2
Type 0X800(IP) 0X0806(ARP)

Variable
IP Packet

4
FCS

WLAN Overview

12
802.1h MAC headers

1
SNAP DSAP 0xAA

1
SNAP DSAP 0xAA

1
Control 0x03(UI)

3
Ethernet Tunnel 0x00-00F8

Copy
Type

Recalculate Copy
IP Packet FCS

12
RFC1042 SNAP MAC DSAP headers 0xAA 24 or 30 802.11 802.11 SNAP MAC DSAP headers 0xAA SNAP DSAP 0xAA SNAP DSAP 0xAA

SNAP header
Control 0x03(UI) RFC 1042 Encapsulation 0x00-00-00 Type IP Packet FCS

Control 0x03(UI)

RFC 1042 Encapsulation 0x00-00-00

Type

IP Packet

FCS

©NetProWise

Contention-Based Data Services
 

Broadcast and Multicast Frames Directed Frames
   

Basic Fragmented RTS/CTS Lockout RTS/CTS Fragmented

Power Savings Mode

©NetProWise

Broadcast/multicast data and broad cast management atomic frame exchange

DIFS DIFS End or prior SIFS Frame data exchange NAV Prior exchange

Contention window

Data(bc/mc) Management(bc)

Contention window For next exchange

t

©NetProWise

Basic positive acknowledgment of data(unicast frames)
DIFS SIFS data station2 station1 data ACK SIFS t SIFS

NAV

station2 station1

ACK+SIFS t

©NetProWise

Fragmentation
SIFS data station2 station1 Data frag1 ACK1 SIFS Data frag2 ACK2 SIFS SIFS Data frag3 ACK3 SIFS
NAV3=ACK+SIFS

t

NAV2=data3+2xACK+3xSIFS NAV1=data2+2xACK+3xSIFS ACK1=data2+2xACK NAV2=data3+2xACK t

NAV

station2 station1

©NetProWise

RTS/CTS lockout

SIFS data RTS CTS SIFS data ACK SIFS Data= ACK+SIFS RTS=3xSIFS+Data+ACK NAV CTS=RTS-(CTS+SIFS) t t

©NetProWise

RTS/CTS with fragmentation
SIFS data station2 station1 RTS CTS SIFS Data frag1 ACK1 SIFS SIFS Data frag2 ACK2 SIFS
Data2

t

Data1 NAV station2 station1 RTS CTS ACK1 t

©NetProWise

Immediate power-saving(ps)poll response

SIFS data PS-poll Station Access point SIFS ACK data t

Medium seized by data frame NAV Station Access point Implied: SIFS+ACK data t

©NetProWise

Immediate power-saving(ps)poll response with fragmentation

SIFS data PS-poll Station Access point SIFS ACK1 data1 data1

SIFS ACK2 t

Medium seized by data frame NAV Station Access point Implied: NAV ACK1 data1 data2 t

©NetProWise

Deferred PS-poll response example
one or more atomic frame exchanges station Access Point PS-poll ACK SIFS DIFS Frame Contention window DIFS Data DIFS

SIFS ACK Zzz.. Beacon

data

t

NAV

station Access Point

Implied Data t

©NetProWise

Generic Data Frame
2 2 6 6 6 2 6 02,312 4

F r a m De u r a A i od nd r A sd sd 1r A sd sd 2r S se sq 3- A d l d r F sr as m4 e t e e e Ct e C o n t Ir D l ( r e c e ( vSi ee r n) (d Fe i rl t) e r i n g ) ( O p t i Bo no ad ly) o

©NetProWise

Duration setting on final fragment
DIFS Last fragment station1 station1 SIFS ACK SIFS

Contention window

Second to Last fragment NAV

Fragment: SIFS+ACK

©NetProWise

Duration settings on nonfinal fragment
SIFS fragmentX station1 station2 SIFS fragmentX+1 ACKX SIFS ACKX+1

NAV

Duration in FragmentX:fragmentx+1+3xSIFs+2xACK

©NetProWise

Use of the Address Fields

Func tion ToDS IB S S 0 To A P (infra) 1 From A P (infra) 0 W DS (bridge) 1

A ddres s 1 A ddres s 2 From DS (rec eiver) (trans m itter) A ddres s 3 0 DA SA B S S ID 0 B S S ID SA DA 1 DA B S S ID SA 1 RA TA DA

A ddres s 4 not us ed not us ed not us ed SA

©NetProWise

BSSID
  

 

Each BSS is assigned a BSSID 48-bit binary identifier In infrastructure BSS, the BSSID is the MAC address of the wireless interface in the AP. IBSS must create its BSSID using random generation The Universal/Local bit is set to 1 The Individual/Group bit is set to 0

©NetProWise

Address Field Usage in Frames to the Distribution System
SA/TA RA(BSSID) DS

)))) AP
Client Sever DA

©NetProWise

Address Field Usage in Frames from the Distribution System
RA/DA TA(BSSID) DS

)))) AP
Client Sever SA

©NetProWise

Wireless Distribution Systems
RA SA 802.11 TA

)))) AP
DA

Client Sever

©NetProWise

Data Frame of subtype Null
Mobile Station Access Point

Header

FCS Null frame;PM = 1

Frame Control

ACK Power Management = 1

Mobile station is resting, begin buffering frames

©NetProWise

Frame Types
  

Data Control Management

©NetProWise

IBSS data Frame
bytes 2 2 6 6 2 6
FCS

4 02,312

F r a m e D u r a t io nR e IDe i veSr o u r c eB S S ID S e q - c F l r a m e c t C o n t ro l a d r e s s /a d d r e s s B ody D e s t in a t io n a d d re s s

P r o t oT cy op l e S= u db a tTTayo pD e sF r o m MD os r e R Fe rt ar yP w r M og rme Wt E PO r d e r g 0 0 0 1 0 0 D a ta
0000,Data 0010,Null
©NetProWise

bits 2 2

4

1

1

1

1

1

1

1

1

Data Frames from the AP
bytes 2 2 6 6 2 6 02,312 4

F r a mD eu r a tRi o An / D I D u rB c Se S S I De q -F cr at lm e S A o C o n tro l a d d re s s B ody
bits 2 2 4 1 1 1 1 1

FC S

1

P r o t oT cy op l e S= u db a tTTayo pD e sF r o m MD os r e R Fe rt ar yP w r M og rme Wt E PO r d e r g 0 0 0 1 0 1 D a ta
0000:Data 1000:Data + CF - ACK 0100:Data + CF - Poll 1100:Data + CF – ACK + CF - Poll 1010: CF – ACK 0110:CF - Poll 1110: CF – ACK + CF - Poll
©NetProWise

1

1

Data Frames to the AP
bytes 2 2 6 6 6 2 02,312 4

F r a mD eu r a tRi o An S I D / DT A S e q -F cr at lm e A C o n t r o l ( B S S ID ) B ody
bits 2 2 4 1 1 1 1 1

FC S

1

P r o t oT cy op l e S= u db a tTTayo pD e sF r o m MD os r e R Fe rt ar yP w r M og rme Wt E PO r d e r g 0 0 0 1 1 0 D a ta
0000:Data 0100:Data + CF - ACK 0010:Null 1010: CF – ACK (no data)

1

1

©NetProWise

WDS (Wireless DS) Frame
bytes 2 2 6 6 6 2 6 02,312 4

F r a m ue r a R t i Ao n T A I DD A S e q S - Ac tF l r a m e D C o n tro l B ody
bits 2 2 4 1 1 1 1 1

F C S

1

P r o t oT cy op l e S= u db a tTTayo pD e sF r o m MD os r e R Fe rt ar yP w r M og rme Wt E PO r d e r g 0 1 0 0 1 1 D a ta

1

1

©NetProWise

Frame Control Field in Control Frames
Bits 2 2 4 1 1 1 1 1 1 1 1

P r o t To yc po el S = u bd aTT t oya Dp eFs r o mM Do sr e RF er at rgPy w r MM go mr e tW D Ea tPOa r d e r 0 1 0 00 0 0 0 0 0 0

©NetProWise

RTS Frame
Bytes 2 2 MAC header 6 6 4

F ra m e D u ra t io n R e c e ive r A d d re s s n s m it t e r A d d re s sS Tra FC C o n t ro l
bits 2 2 4 1 1 1 1 1 1 1 1

P r o t o c o lp e S u b T y p e T=o D sTFSr o m D Ms o r e R e at rgy P w r MM g omr et D W t E P O r d e r Ty = R Fr a a 0 C 0o n t r o l 1 0 1 0 1 0 0 0 0 0 0 1 0

©NetProWise

Duration field in RTS frame
SIFS

RTS station1 station2 SIFS CTS

Expected frame transmission ACK SIFS

NAV

Duration in RTS:3xSIFs+ACK+frametime

©NetProWise

CTS Frame
Bytes 2
Frame Control

MAC header 2
Duration

6
Receiver Address FCS

4

bits 2

2

4

1

1

1

1

1

1

1

1

P r o t o cT o lp e S u b T y p e T = DCs T Sr o m D M o r e R e at rgy P w r MMg omr et D W t E P O r d e r y = o F s Fr a a 0 C 0o n t r o0 l 0 1 1 0 0 0 0 0 0 0 1 0

©NetProWise

CTS duration
SIFS

RTS station1 station2 SIFS CTS

Expected frame transmission ACK SIFS

NAV

Duration in CTS:RTS-CTS-1xSIFS Duration in RTS:3xSIFs+ACK+frametime

©NetProWise

ACK Frame
Bytes 2
Frame Control

MAC header 2
Duration

6
Receiver Address FCS

4

bits 1 1 1 1 2 4 1 2 1 1 P r o t oT cy op l e S =u b T y p Te o = sA C K F r0o m M so r e R Fe rt ar yP w r M o rme t W aE t aPO r d e r D D g g D 0 C o 0n t 1r o 0l 1 1 0 0 0 0 0 1 0

1

©NetProWise

Duration in non-final ACK frames
SIFS fragmentX station1 station2 SIFS fragmentX+1 ACKX SIFS ACKX+1

Station 1’s previous duration Duration in FragmentX=coverage to end of ACK+1 NAV

Station 2’s previous duration

Duration in ACKX=Fragment X duration-ACK1xSIFS

©NetProWise

PS-Poll Frame
Bytes 2
Fram e Control

MAC header 2
A s s oc iati B S S ID on ID (A ID)

6

6
Trans m itter A ddres s FCS

4

P r o t o c o lp e S u b T y p e T=o D sCF K o m D M o r e R e at rgy P w r MMg omr et D W t E P O r d e r Ty = A r s Fr a a 0 C 0o n t r o0 l 1 0 1 0 0 0 0 0 0 0 1 0

bits 2

2

4

1

1

1

1

1

1

1

1

©NetProWise

Generic Management Frame
MAC header 2 2 6 6 6 2
Information elements and Fixed fields

0-2,312

4

F r a m eD u r a t iD n S A B S S ID S e q - C Ft lr a m e oA C o n tro l B ody

FCS

©NetProWise

Authentication Algorithm Number Field
16 Bits
Authentication algorithm Least Significant number Most Significant

©NetProWise

Authentication transaction sequence number field
16 Bits
Authentication transaction Least Significant sequence number Most Significant

©NetProWise

Beacon Interval Field
16 Bits
Least Significant Beacon interval Most Significant

©NetProWise

Capability Information Field
Bits
ESS IB S S C F - P o l la b leP r iva c S h o r t P B C C C h a n n e l aRg ei lst e r ve d y i y P r e a m b (l 8 0 2 . 1 1( 8 0 2 . 1 1 b ) e b)

©NetProWise

Current AP Address Field
Bytes
Current AP (MAC)

Bit 0

Bit 47

©NetProWise

Listen interval Field
Bits
Least Significant Listen interval Most Significant

©NetProWise

Association ID Field
Bits
1-13 Association ID

14 1

15 1

Least Significant

Most Significant

©NetProWise

Timestamp Field
Bytes
Least Significant

1-7
Timestamp Most Significant

Bits 0

Bits 63

©NetProWise

Reason Code Field
Bits
Least Significant Reason Code Most Significant

©NetProWise

Status Code Field

Least Significant

Status Code

Most Significant

©NetProWise

Generic management frame information element

bytes

1

1

Length(in bytes)

E l e m e n t ID n g t h le

©NetProWise

Service Set Identity Information Element

Bytes

1

1

0-32

E l e m e nL te IDg t hS S ID n 0

©NetProWise

Supported Rates information element
Element ID 1 length Data rate label least most significant significant Mandatory

Data rate element

D a t a r a t e 1= 2 DM a bt ap 1Mr a bt epo =sp 1t i o n a l 0 s

©NetProWise

FH Parameter Set information Element
Bytes 1 1 2 1 1 1

E l e m eL ne tn gDtDh w e l l HT omp eHs o p p H tot p r Inn d e x I i et a e 0 5

©NetProWise

DS Parameter Set information element
Bytes 1 1 1

E l e m eL ne t n ID t C u r r e n t g h 3 1 Channel

©NetProWise

Traffic Indication Map Information Element
Bytes 1 1 1 1 2 2

E l e m L e n gI DCh F P C F uP n t F P M F PX D u r ent t o C C A 3 1 P e r i oD du r a t iRo e m a i n i n g n

©NetProWise

IBSS Parameter Set Information Element

Bytes

1

1

2

E le m e n L eID g t h A T IM t n 3 1 W in d o w

©NetProWise

Challenge Text Information Element

Bytes

1

1

1-253

E le m e n tL IDn g t h C h a lle n g e e 3 1 Tex t

©NetProWise

Beacon frame
bytes MAC header

2 2 F ra m e D u ra t io n c o n t ro l DA
bytes

6

6

6

2

Variable

4

SA

B S S ID s e q c t rl F ra m e B o d y F C S

8

2

2

Variable

7

2

8

4

Variable

Tim e s t a m p a c o C a p a b ilit y Be n FH DS CF IB S S In t e rva in fo l S S ID p a ra m e t e rs e tra m e t e rs e tra m e t e rspeat ra m e t e rsTIM pa pa et

Mandatory

optional

©NetProWise

Probe Request Frame
Bytes 2 2 MAC header 6 6 2
Variable

Frame body
Variable

4

F r a m D e u r aD t iAo n S A B S S SI D e q -S c S t l I D C o n tro l

S u p p o rte d F C S R a te s

©NetProWise

Probe Response Frame
bytes MAC header

2 2 F ra m e D u ra t io n c o n t ro l DA
bytes

6

6

6

2

Variable

4

SA

B S S ID s e q c t rl F ra m e B o d y F C S

8

2

2

Variable

7

2

8

4

Variable

Tim e s t a m p t w e e n a p a b ilit y Be C FH DS CF IB S S In t e rva l in fo S S ID p a ra m e t e rs e tra m e t e rs e tra m e t e rspe tra m e t e rs e t pa pa a

©NetProWise

ATIM Frame
Bytes 2 2 MAC header 6 6 6 2 4

F r a m D u r a Dt i A n e o C o n tro l

SA

B S S ID e q - Fc Cl S S t

©NetProWise

Disassociation and Deauthentication Frames
Bytes 2 2 MAC header 6 6 6 2 2 4

F r a m D u r a D i oA n e t C o n tro l

SA

B S S IS e q - Bc Ol D Y C S D t F

Bits Reason Code

©NetProWise

Association Request Frame
Bytes 2 2 6 6 MAC header 6 2 2 2 Frame body variable variable 4

F r a Dm u e rDa At i oS n A B S SS eI DqC - a cp Lt a li sb Sit lei St ny I D C o n tro l In fo In t e r v a l

S u p p o r t e Fd C S R a te s

©NetProWise

Reassociation Request Frame
Bytes 2 2 6 MAC header 6 6 2 2 2 6 Frame body
Variable Variable

4

F r a m ue r Da tA i o Sn A B S SS I eD q C - ac ptL la i sb ti Clei t nuy r r Se nS t I AD P D C o n tro l I n f o I n t e Ar v da dl r e s s

S u p p o rte dF C S R a te s

©NetProWise

(Re)Association Response Frame
Bytes 2 2 6 MAC header 6 6 2 2 Frame body 2 2
variable

4

F r a m D eu r D tAi o n S A B S S SI De q -C ca tpl aS bt ai lAit tusy ss o Sc ui ap t pi oo nr t e d F C S a C o n tro l I n f o c o dI D e R a te s

©NetProWise

Authentication Frames
MAC header 2 2 6
SA

Frame body 2 2 2 2
variable
FCS

6

6

4

F r a m e D u r a t io A Dn C o n tro l

B S S ID S e q - c Al u t h e n t icAa u iohne n t i cSa t a t u s C h a lle n g e t tt io n A lg o r i t h m T r a n s a c t io n d e T e x t Co N u m b e r S e q .N o

©NetProWise

Overall 802.11 State Diagrams
Class 1,2, and 3 frames

Authenticated and Associated Disassociation Authenticated and Unassociated Deauthorization

State3

Successful [re] association
Class 1 and 2 frames or [re] association failure

State2

Deauthorization

Successful [re] authentication
Class 1 frames or authentication failure

Unauthenticated and Unassociated
©NetProWise

State1

Content
         

Wireless LAN Overview   Ethernet & TCP/IP Basics Mobile & Wireless Basics Introduction to IEEE 802.11   IEEE 802.11 Media Access   IEEE 802.11 Frame Format   IEEE 802.11 Management Operations IEEE 802.11 Physical Layers IEEE 802.11 Deployment - Security  Lab Exercises

©NetProWise

Two Approaches
 

Wired Equivalent Protocol (WEP) IEEE 802.1X

©NetProWise

Security Objectives
  

Confidentiality Authentication Integrity

©NetProWise

Cryptography with Wired Equivalent Protocol (WEP)
 

Employs RC4 PRNG to Encrypt/Decrypt data RC4 PRNG
  

Symmetric Algorithm 40 bit encryption key + 24 bit initialization vector 64 bit string is used as seed to PRNG to generate a “key sequence”

 

ICV (integrity check value) is computed for plaintext (CRC-32) ICV is concatenated to data stream Key Sequence is XORéd to data stream to create ciphertext. Ciphertext and IV (24 bits) are sent to receiver

©NetProWise

Generic Stream Cipher operation
D ata 0 1 0 1 1 0 0 0 . s ourc e K ey s tream 1 1 1 0 0 1 0 1 . c iphers tream 1 0 1 1 1 1 0 1 .

D es tination K ey s tream R ec eived data 1 0 1 1 1 0 0 1 0 1 1 0 0 0 1 0 . .

©NetProWise

Keyed stream cipher operation

Source Key

Destination

Key Data XOR

Cipher PRNG

Cipher text

Cipher PRNG Data

XOR

©NetProWise

WEP operations – Confidentiality & Integrity
24-bitIV 40-bit WEP key 64-bitRC4 = RC4 algorithm Integrity check ICV RC4 key stream (as long as frame+ICV)

+ 24-bitIV

Cipher frame+ICV

Frame header

IV header (4bytes)

Frame Body

ICV trailer (4 bytes)

FCS

Clear

Encrypted

Clear

©NetProWise

WEP Keying
 

Uses a set of up to four default keys May also use pairwise mapped keys

©NetProWise

WEP frame extension

IVheader

F ra m e In it ia lis a t io n In t e g r i t y c h e c k P a d K e y ID r a m e b o d y F FCS h e a d e r ve c to r V a lu e

©NetProWise

Limitations of WEP

Integrity check

It is based on CRC, predictable; effective in finding single-bit alterations with high probability It should be based on hashing (unpredictable)

  

Reuse of key stream is a major weakness IV field is not encrypted. Key distribution

  

Key must be distributed to all stations participating in an 802.11 service set. 802.11 fails to specify a key distribution mechanism Manually configuring the keys is not scalable Users can view these keys

Keys can be accessed through SNMP interface!

©NetProWise

Some Solutions for WEP
      

Change default key change WEP key frequently Password Protect Client Drives and Folders Change Default SSID Use Sessions Keys If Available Use MAC Filtering If Available Use A VPN

©NetProWise

Two Approaches
 

Wired Equivalent Protocol (WEP) IEEE 802.1X

©NetProWise

IEEE 802.1x

Based on IETF’s Extensible Authentication Protocol (EAP) – RFC 2284 Simply an Authentication protocol; Secrecy and Integrity are not provided User is authenticated, however, the network is not authenticated; user might end up giving his/her credentials to the wrong network

©NetProWise

EAP Architecture
Methods TLS AKA/ SIM Token card

EAP EAP

Link Layers

PPP

802.3

802.11

©NetProWise

EAP Packet Format

Bytes

1

1

2

Variable

C o d eI d e n Lt ief i ne gr t Dh a t a

©NetProWise

EAP Request and Response Packets

Bytes 1

1

2

1

Variable
C I L d T o T e e

y

d

y

n

n

p

e

p

1: Request
e

g

t

e

i

t

f

2: Response
D a

i

h

-

e

r

t a

©NetProWise

EAP Success and Failure Frames
Bytes 1 1 2

C ode

Identifier ength L
3: Success 4: Failure 4

©NetProWise

Sample EAP Exchange
End-User System Authenticator

1:Request / Identity 2:Response / Identity 3:Request / MD5 - Challenge 4:Response/NAK,generic token card 5:Request/ Generic token card 6:Response/ Generic token card (bad) 7:Request/ Generic token card 8:Response/ Generic token card (good) 9:Success

©NetProWise

802.1x Architecture
Authenticator Supplicant EAPOL (PAE) (PAE) Authentication Sever

RADIUS

Enterprise edge/ ISP access

Enterprise Core/ ISP backbone

©NetProWise

EAPOL Frame Format
MAC header Bytes 6 6 2 1 1 2 variable
F CS

4

Des tination ourc e E thernetV ers ionP ac k etP ac k etP ac k et S A ddres s A ddres sTy pe 1 Ty pe B ody B ody 88-8E Length

©NetProWise

Typical EAPOL Exchange
Supplicant Authenticator Radius

EAPOL 1:EAPOL - Start 2:Request / Identify 3:Response/ Identify 4:EAP - Request 5:EAP- Response 6:EAP- Success

RADIUS

3:Radius – Access - Request 4: Radius – Access - Challenge 5: Radius – Access - Request 6: Radius – Access - Accept

(Access allowed ) 7:EAP – Logoff (Access blocked )
©NetProWise

EAPOL Exchange on an 802.11 Network
Supplicant Authenticator Radius

802.11 1:Association request 2:Association response 3:EAPOL - Start 4: Request / Identity 5:EAP- Response/ Identify 6:EAP- Request 7:EAP – Response 8:EAP – Success 9:EAPOL – Key (WEP)
©NetProWise

RADIUS

EAPOL

3:Radius – Access - Request 4: Radius – Access - Challenge 5: Radius – Access - Request 6: Radius – Access - Accept

802.11x Supporting Public Ethernet Ports
Client
1: Authenticate 4: Allow

ISP RADIUS
6: Billing

Corporate Finance
2: Authenticate 3: Allow

5: Accounting

Internet

AP
©NetProWise

Corporate RADIUS

Content
         

Wireless LAN Overview   Ethernet & TCP/IP Basics Mobile & Wireless Basics Introduction to IEEE 802.11   IEEE 802.11 Media Access   IEEE 802.11 Frame Format   IEEE 802.11 Management Operations IEEE 802.11 Physical Layers IEEE 802.11 Deployment - Security  Lab Exercises

©NetProWise

Relationship Between Management Entities

MLME MAC MAC MIB PLME PHY PHY MIB SME

©NetProWise

Management Operations
  

Scanning Scan Report Joining

©NetProWise

Scanning

Scanning is the first activity when a station wants to join a service set. The following parameters are used in scanning:
       

BSSType (independent, infrastructure, or both) BSSID (individual or broadcast) SSID (“network name”) Scan Type (active or passive) ChannelList ProbeDelay MinChannelTime MaxChannelTime

©NetProWise

Passive Scanning
Client Beacon )))) AP1

AP2 Found BSSs: BSS1,AP1 BSS2,AP2 BSS3,AP3

AP3 AP4 ))))
©NetProWise

Active scanning
Probe response Probe request

Mobile station (scanner) Probe Request

DIFS

Minimum response time

SIFS DIFS ACKX

SIFS

ACKX t

Probe Response AP1

Contention window
Probe Response

t

AP2
©NetProWise

t

Scanning Report
 

At the end of scanning a report is produced This report includes
      

BSSID SSID BSSType Beacon interval (integer) DTIM period (integer) Timing parameters PHY parameters, CF parameters, and IBSS parameters BSSBasicRateSet

©NetProWise

Joining
  

Joining is a precursor to association User intervention or automatic Automatic then the decision based on power level and signal strength

©NetProWise

Authentication

©NetProWise

Open- system authentication Exchange
Client
1: Form – source (Identity) Authentication algorithm – 0 (open system) Sequence number - 1

AP

2:Authentication algorithm – 0 (open system) Sequence number – 2 Status code

©NetProWise

Shared-Key Authentication Exchange
1: Form – source (Identity) Authentication algorithm – 1 (Shared Key) Sequence number - 1

Client

2:Authentication algorithm – 2 (Shared Key) Sequence number – 2 Status code –0 (Successful) Challenge text (clear) AP

3:Authentication algorithm – 2 (Shared Key) Sequence number – 3 Challenge text

4:Authentication algorithm – 2 (Shared Key) Sequence number – 4 Status code

©NetProWise

Time savings of preauthentication
5

AP1

AP2 4 3 BSS2

1

BSS1

2 A. No preauthorization
©NetProWise

Scan Report
    

Beacon interval DTIM period Timing parameters PHY parameters, CF parameters, IBSS parameters BSSBasicRateSet

©NetProWise

Joining

Choosing which BSS to join
 

User intervention Automatic

©NetProWise

Time Savings of Preauthentication
3 AP2 1.5 1 BSS1 BSS2 2

AP1

2 A. No preauthorization

©NetProWise

Association Procedure
1: Association request Client 2: Association response “Here is your association ID.”

3:Traffic AP

©NetProWise

Reassociation Procedure
1:Reassociation request “My old AP WAS..” Client 2: Reassociation response “I am your new AP, and here is Your new association ID.”

Old AP 3:IAPP “Please send Any buffered Frames for..”

4: IAPP “Why certainly ..”

5:(Optional ) “Here are some frames Buffered from your old AP New AP

©NetProWise

Reassociation with the same access point
BSS

1

3: Reassociation Exchange
2

AP

©NetProWise

PS-Poll Frame Retrieval
AP

Time

PS-Poll
Frame 1, more data

ACK PS-Poll
Frame 1, more data

ACK PS-Poll
Frame 2

ACK

©NetProWise

Buffered frame retrieval process
Beacon interval TIM-Frame TIM-Frame for 1 for 1and2 TIM-Frame TIM-Frame for 2 for 1and2 Busy AP Pspoll Pspoll TIM-No TIM-No Frame Frame

t

station1

CW frame

t

Busy station2 CW defer

t

©NetProWise

Multicast and Broadcast buffer transmission after DTIMS

Beacon interval TIM DTIM

DTIM Interval TIM BC MC DTIM BC MC TIM TIM

AP

t

station1

t

©NetProWise

ATIM Usage
ATIM “Don’t Sleep, I have data for you.”

A

B

C a.Unicast or directional
©NetProWise

ATIM Usage
ATIM “Don’t sleep, I have data for all Of you”

A

E

B

C B. Multicast
©NetProWise

D

ATIM window

Target beacon times Peacon interval Busy ATM Window ATM Window ATM Window ATM Window

t

©NetProWise

ATM effects on Power-saving modes
Target beacon transmission

ATM Window

ATM Window

ATM Window

station1

t

©NetProWise

Effect ATIM on power-saving modes in an IBSS network
ATM Window ATM to 2,3, and 4 ATM Window Sleep ATM Window Sleep t Frame to 4 station2 ATM to 4 ATM to 4 Frame to 4 station3 ACK to 3 ACK to 2 Frame to 1 station4 ACK to 3 Frame to 3 t ATM Window

Frame to 2,3, and 4 station1 ATM to 4

Sleep t

t

©NetProWise

Matching the local timer to a network timer
Beacon/ Probe Response
Network Time

Timestamp + Local offset

Local timer Save TSF Value

Local offset

Time

Begin Join Process

©NetProWise

Distributed Beacon generation
Awake period TBIT Transmission canceled

station1 Beacon

t

station2 Transmission canceled

t

station3

t

©NetProWise

Content
    

Wireless LAN Overview   Ethernet & TCP/IP Basics Mobile & Wireless Basics Introduction to IEEE 802.11   IEEE 802.11 Media Access  - Point Coordinated Function (PCF) IEEE 802.11 Frame Format   IEEE 802.11 Management Operations IEEE 802.11 Physical Layers IEEE 802.11 Deployment - Security  Lab Exercises

    

©NetProWise

Using the PCF
Contention-free repetition interval Contention-free period SIFS PC CFBeacon poll(to statio n1) Other SIFS PIFS
CF-poll(to Station2)+ CF-ACK(to Station1)

SIFS

Contention period

Frame from #1 plus CFACK

Data to Stn4+CFpoll CF-ACK SIFS

CF-END t

NAV

SIFS Set by Beacon

Released CF-End CFMaxduration t

©NetProWise

Data+CF-Ack and Data+CF-poll usage
CFP end DIFS CFP Frame ACK SIFS SIFS CFP foreshortening CFPMaxduration Actual CFP start Frame ACK Beacon CP t

©NetProWise

Data + CF – ACK Usage
SIFS

Mobile Station frames Access Point frames
Data + CF – Poll to MS1

Data + CF - ACK

SIFS

Point Coordination resumes

©NetProWise

Usage of Data+CF-ACK-ACK+CF-poll

SIFS

Mobile stations Access points

Data+CF-ACK From MS1 Data+CF-ACK +CF-poll to MS2 SIFS

Data+CF-ACK From MS2

©NetProWise

CF-poll framing usage

PIFS SIFS SIFS

Mobile stations Access points CF-poll CF-poll to MS2

Data from MS2

©NetProWise

CF – ACK + CF – Poll Usage
SIFS SIFS

Mobile Stations Access Points
Data + CF - Poll to MS 1

Data + CF – ACK From MS1
CF-ACK+ CF-Poll To MS2

Data From MS2

SIFS

©NetProWise

CF- End Frame
MAC header Bytes 2 2 6 6 4
Frame Duration Receiver Address BSSID FCS Control 00x00 - 0xFF-FF-FF-FF-FF 00

bits 2

2

4

1

1

1

1

1

1

1

P rotoc olTy pe = c ontrolub Ty pe = C F - E nd s F rom D sM ore F rag etry P w r M oreW E P O rder S ToD R 0 01 0 0 1 1 1 0 0 0 0 M gm t D ata 0 0 0

©NetProWise

CF-End + CF – ACK Frame
MAC header Bytes 2
Frame Duration Receiver Address BSSID FCS Control 00x00 - 0xFF-FF-FF-FF-FF 00

2

6

6

4

bits 2

2

4

1

1

1

1

1

1

1

P rotoc olTy pe = c ontrolub Ty pe = C F - E nd s F rom D sM ore F rag etry P w r M oreW E P O rder S ToD R 0 01 0 + C F -A C K 0 0 0 0 M gm t D ata 0 0 0 1 1 1 0

©NetProWise

CF Parameter Set Information Element
Bytes 1 1
L n th eg 6 CP F Cu t on

1
CP F P rio e d

1
CP F M xD ra n a u tio

2
CP F D rR m in g u e a in

2

E m n ID le e t

©NetProWise

Mobile IP Network
COA Home Network Router HA Router FA MN Foreign network

Internet

CN

Router

©NetProWise

Packet Delivery
3 Home Network Router HA 2 Router FA 4 MN Foreign network

Internet
1

CN

Router

©NetProWise

Mobile Transport (TCP)
Access Point 1

Socket Migration & State Transfer

Internet

Mobile Host

Access Point 2

©NetProWise

Next Generation WLAN – IEEE 802.11n

Comparing IEEE 802.11 Amendments

©NetProWise

IEEE 802.11b versus BlueTooth

©NetProWise

IEEE 802.11n
      

IEEE 802.11g (up to 30 m & 54 Mbps) IEEE 802.11a (up to 30 m & 54 Mbps) IEEE 802.11b (up to 30 m & 11 Mbps) IEEE 802.11n (up to 50 m & 600 Mbps) Developed by IEEE Task Group n (TGn) Chip Vendors – Broadcom, Intel, Atheros, and Marvell. Switch and Adaptor Vendors – Belkin, D-Link, Linksys, and Netgear Some of the other vendors who are contributing to IEEE 802.11n – AirGo, Atheros, Intel, Nortel Networks, Panasonic, Philips Electronics, Qualcomm, Samsung, and Sony

©NetProWise

How IEEE 802.11n works
  

Adds MIMO to the earlier 802.11g technology Makes use of the multi-path propagation. Bonds several existing channels for sending and receiving
Object Antenna

Transmitter With MIMO Signal Processing

Receiver With MIMO Signal Processing

©NetProWise

RadioTap

What is RadioTap

Mechanism to exchange frame information between user application and driver

Addresses the limitations of PrismAVS header format

Using RadioTap arbitrary number of fields can be specified.

Example: One could specify/retrieve FCS for/from a frame.

©NetProWise

RadioTap Header
The radiotap capture format starts with a radiotap header: struct ieee80211_radiotap_header { u_int8_t it_version; /* set to 0 */ u_int8_t it_pad; u_int16_t it_len; /* entire length */ u_int32_t it_present; /* fields present */ } __attribute__((__packed__));

©NetProWise

Some of the Header fields
enum ieee80211_radiotap_type {
IEEE80211_RADIOTAP_TSFT = 0, IEEE80211_RADIOTAP_FLAGS = 1, IEEE80211_RADIOTAP_RATE = 2, IEEE80211_RADIOTAP_CHANNEL = 3, IEEE80211_RADIOTAP_FHSS = 4, … IEEE80211_RADIOTAP_DBM_TX_POWER = 10, IEEE80211_RADIOTAP_ANTENNA = 11, IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12, IEEE80211_RADIOTAP_DB_ANTNOISE = 13, IEEE80211_RADIOTAP_FCS = 14, IEEE80211_RADIOTAP_EXT = 31, };

©NetProWise

Important Characteristics of RadioTap

   

Fields are in strict order (as they are specified in the it_present bitmask) Data is specified in little endian order Field Lengths are implicit Variable length fields are not supported If bit 31 of the it_present field is set, an extended it_present bit_mask is present Natural alignment field requirement – 16, 32,48, …

©NetProWise

Summary

©NetProWise

Summary Slide

Mobile Transport (TCP)

©NetProWise

Historical background of FHSS
Look at the notes section

©NetProWise

FHSS
close

©NetProWise

Overview

Ethernet

BasicsWireless

BasicsIEEE 802.11 Nextgen WLAN

©NetProWise

Content
         

Wireless LAN Overview   Ethernet & TCP/IP Basics Mobile & Wireless Basics Introduction to IEEE 802.11   IEEE 802.11 Media Access   IEEE 802.11 Frame Format   IEEE 802.11 Management Operations IEEE 802.11 Physical Layers IEEE 802.11 Deployment   Lab Exercises

©NetProWise

Some TCP/IP Concepts
         

Layering Protocol Data Units (PDUs) Encapsulation Multiplexing/Demultiplexing IP Address Class Domain Name System (DNS) Client-Server Model Some Tools Routing versus Switching Connection Oriented versus Connectionless

©NetProWise

TCP/IP Layers

Application/Layer

Transport Layer UDP or TCP Networking Layer (IP) Link Layer

Physical Layer

Network

©NetProWise

Protocol Data Units (PDU) & Encapsulation
A p p lic a t io n D a t a
message
datagram segment
IP Header TCP Header A p p lic a t io n A p p lic a t io n D a t a Header

application TCP IP

Data

packet

TCP Header

Data

Ethernet IP Header frame Hdr

TCP Header

Data

Ethernet Trailer

Ethernet

14

20

20 46-1500
©NetProWise

4 Physical Medium

Demultiplexing and Multiplexing
TCP Applications UDP Applications

Stack/suite
TCP ICMP IGMP

Port no

UDP


IPX IP ARP/RARP

protocol type

Ethernet Incoming Frame
©NetProWise

Frame type

Data Networks - Standards
 

IEEE – 802.3, 802.5, 802.11, FDDC, … Internet Society (ISOC)

Internet Architecture Board (IAB)
   

IETF – Engineering Task Force IRTF – Research Task Force IANA – Assigned Number Authority InterNIC – IP Address distribution

Request for Comment (RFCs)

©NetProWise

Addresses used

Four types are addresses are used:
   

Domain Name IP Address Link Layer Address Port Number

They all complement each other in sending and receiving messages.

©NetProWise

Subnet

Host A starting an FTP session with Server B.

Rest of the network

LAN segment 3

B

A

LAN segment 1

LAN segment 2

©NetProWise

Address Structure
 

Domain name: yahoo, google, alcatel, etc. Networking Layer Address - IP Address - unique, but likely to change and move

Example: 192.168.1.128

Link Layer Address - MAC Address - unique & fixed

Example: 08:56:27:6f:2b:9c

Port Numbers – Identifies individual program in a computer

80

©NetProWise

Domain Name System (DNS)

DNS permits meaningful host names to be used instead of host of IP addresses. It’s a distributed database that provides a mapping between host names and IP addresses. There is a function to do IP to host name, another function to do host name to IP mapping. www.touchtelindia.net maps to class C address 202.56.228.42.

©NetProWise

Port Address
  

 

Identifies a service entity. 16 bit in size Well Known Server Ports - 0 to 1023 FTP Port 21, Telnet port 23 Registered Ports - 1024 to 49151 Dynamic or Ephemeral Ports – 49152 to 65535

21
FTP

23
Telnet

TCP
IP 192.168.0.1 Ethernet

00:50:eb:0e:14:7a

Ethernet

©NetProWise

Client Server

  

Networking applications are mostly client-server applications. Iterative server or Concurrent Server. Iterative server handles one client at a time. Concurrent server handles multiple clients concurrently. TCP servers are usually concurrent and UDP servers are usually iterative.

©NetProWise

IPCONFIG
 

List IP configuration for a host Usage
 

ipconfig ipconfig /all

Exercise 1: Explore different options of ipconfig. Find out ipconfig equivalent in Linux/Unix.

©NetProWise

Ping Command
 

Checking for IP connectivity Usage:
  

ping localhost ping <itself> ping <Otherhost>

Loopback 127.0.0.1

Loopback Interface
 

Used for Inter Process Communication (IPC) Loopback address 127.*.*.*

©NetProWise

Netstat

©NetProWise

ARP

©NetProWise

Networking Hierarchy
    

Computer LAN segments Subnets Networks Interconnected Networks

©NetProWise

Subnet

Host A starting an FTP session with Server B.

B

A
©NetProWise

Network
   

Hosts and Router ports within a subnet share the same subnet ID. Subnet is a link layer broadcast domain Router is the gateway between subnets Router terminates subnet broadcast

192.168.1

Router Port
192.168.3 192.168.9
©NetProWise

192.168.2

Packet Switching and Routing
1. Switching Network sender

receiver

X.25, ATM, FR

2. Routing

Network sender

receiver

IP, IPX

©NetProWise

Connection Oriented Messaging
A S Sequencing guaranteed S S S Global address not needed in message Ideal for 1-to-1 communication Establishes a dedicated pipe first exchange between A & B

S After the message exchange, pipe is removed

S No Need for big transfer tables

B

©NetProWise

Connectionless Messaging
A R Sequencing not guaranteed R Global address needed R R R Needs big transfer tables
©NetProWise

No dedicated pipe between A & B Pipe is shared

R Inherently robust

Ideal for 1-to-n communication

B

Connection Oriented & Connectionless Networking with IP
 

IP is connectionless networking Both connection-oriented and connectionless transport could be offered on top IP. TCP is a connection-oriented protocol, UDP is connectionless protocol

©NetProWise

IP Packet Routing in a Subnet
1.

2.

3.

4. 5.

Host A checks if Server B is in the same subnet. It is. Host A sends a broadcast frame asking for the MAC address of Server B (IP Address). This request frame is seen by all hosts & servers within the subnet. Server B responds to Host A with its MAC address. Host A saves the Server’s IP address and MAC address in its ARP table and starts sending /receiving frames to/from Server B.

©NetProWise

ARP Table or ARP Cache
 

ARP stands for Address Resolution Protocol Each entry in an ARP table contains an IP Address and the corresponding MAC Address. ARP entries live only for a short duration - 2 to 10 mins
Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\hari>arp -a

Interface: 10.0.0.224 --- 0x2 Internet Address 10.0.0.2 Physical Address 00-80-c6-f9-29-a7 Type dynamic

C:\Documents and Settings\hari>
©NetProWise

Out of Subnet Packet Routing
1.

2.

3.

4.

5.

6.

Host A checks if Server B is in the same subnet. It is not. Host A sends a broadcast frame asking for the MAC address of Gateway (Router Port). This request frame is seen by all hosts & servers within the subnet. Router A responds to Host A with its Port 1 MAC address. Host A saves the Server’s IP address and Router Port 1 MAC address in its ARP table and starts sending /receiving frames to/from Router A. Router A Routes packets from host A to Server.

©NetProWise

Physical Layer

Restricted to Wireline

©NetProWise

Network Interface Controller (NIC)
 

NIC Card RJ45 Connector, Cable

Ethernet Cables

RJ45 Socket

©NetProWise

PC

IC

on

ne

ct

or

RJ45 10Base-T

Crossover Cable RJ-45 PIN RJ-45 PIN 1 Rc+ 3 Tx+ 2 Rc6 Tx3 Tx+ 1 Rc+ 6 Tx2 Rc©NetProWise

Straight Through Cable RJ-45 PIN RJ-45 PIN 1 Tx+ 1 Rc+ 2 Tx2 Rc3 Rc+ 3 Tx+ 6 Rc6 Tx-

Notes Page

©NetProWise

Link Layer

Responsible for
 

Creating a frame and sending it to next node Receiving a frame and Processing it
   

Error check Flow control De-multiplexing Class of Service

©NetProWise

Link Layers
      

Ethernet IEEE 802 Encapsulation FDDI CDDI PPP SLIP ATM

©NetProWise

Serial Line IP (SLIP RFC 1055)

Motivation

Versus

©NetProWise

SLIP Frame Format (RFC 1055)

  

END (0xC0) and ESC (0xdb) are used to create the frame. No type field! IP address issue No Frame Check Sequence (FCS) or CRC!

IP Datagram c0 c0 db dc db db dd c0

©NetProWise

PPP
Motivated by the deficiencies of SLIP. Includes type field. IP address could be exchanged Includes Frame Check Sequence (FCS) or CRC!

©NetProWise

PPP Encapsulation Format (RFC 1548)
flag 7E addr FF ctl 03 protocol Information flag 7E

CRC

1

1

1

2

Upto 1500

2

1

protocol
0021

IP Data gram

2

protocol
C021

Link Control Data

2

Escape Sequence: 7D and 5E 7E 7D 7D and 5D

protocol
8021

Network Control Data

2

©NetProWise

Loopback IP Interface
127.0.0.1 is Loopback IP Interface. This allows a client to communicate with a server on the same host. Any packet sent to this IP address will be looped back to the same host from the host’s Link layer. DNS maps localhost to 127.0.0.1. Datagrams that are multicast and broadcast are looped back to localhost. Anything sent to host’s IP address is sent to localhost. Datagrams sent only to localhost do not appear on the network!
©NetProWise

Loopback Interface
IP output function IP input function

Place on IP input Queue

YES

Dest IP Multicast/Broadcast? NO

Place on IP input Queue

Loopback Driver

YES

Dest IP is local IP? NO IP ARP ARP Demultiplex

Ethernet Driver

send

receive

Ethernet
©NetProWise

Local Area Network (LAN)

Initial LANs provided connectivity between computers which are co-located within a short distance of few meters using shared medium. This solution of interconnecting computers does not scale well. Thus, it is still limited to computers that are in physical proximity.

©NetProWise

What is Ethernet?
     

 

Ethernet is a LAN Link Layer Standard Most popular LAN standard Least Expensive Comes in Half-duplex and Full-duplex forms Comes in several speeds 10/100/1000/10000 Mbps Comes with several media options (wireless, fiber, coaxial, twisted pair,…) Wireless LAN variations 802.11x (CSMACA) Initial competition from Token Ring, later from ATM, now none!

©NetProWise

Ethernet History
    

Developed by Xerox Corporation. Initially controlled by DEC, Intel, and Xerox. IEEE started its standardization in late 80s. IEEE 802.2 Specifies LAN Message Format. IEEE 802.3 Specifies Ethernet Hardware standard for Ethernet. Issue with Internet TCP/IP standard!

©NetProWise

Typical Ethernet Configuration

©NetProWise

Media Access – Carrier Sense Multiple Access Collision Detection (CSMA-CD)

Sense the media (Carrier Sense). If the medium is idle, transmit, otherwise go to next step. If the medium is busy, continue to listen until medium is idle, then transmit immediately. If a collision is detected during transmission:
  

Transmit a jam signal for one slot. Wait for a random time and reattempt (up to 16 times). Random time generated according to exponential back-off .

Collision is detected by monitoring the voltage, high voltage ⇒ two or more transmitters are colliding.
©NetProWise

IP Layer

IPv4 Header Format (RFC 791)

©NetProWise

Subnet Addressing

netid

subnetid

hostid

©NetProWise

Subnets
  
IP Address is divided into 3 parts

Network Id, Subnet Id, Host Id

Subnet Id need not start on 8 bit boundaries Applies to Class A, B, and C

254 subnets

254 hosts 8-bits Host Id

16-bits Net Id

8-bits Subnet Id

Subnetting a Class B Address
©NetProWise

Subnet Mask
   

Each host needs to know its IP addresses Host also must know its subnet Ids Subnet Id is Specified with 32 bit mask Subnet Mask is also represented by dotted decimal notation Examples:
16 bits 8 bits 8 bits

netid 11111111 11111111 netid 11111111 11111111

subnetid hostid 11111111 00000000 subnetid 1111111111
©NetProWise

= 255.255.255.0

hostid 000000 = 255.255.255.192

Host Sending

 

Host  knows its IP address and subnet id  knows its MAC address  knows its Gateway’s IP address Application provides Server’s  (Destination) IP address IP/Link Layer maintains ARP cache Server’s MAC address is required to complete the datagram

©NetProWise

Host Receiving IP datagrams
 

IP layer on host can be configured to do routing in addition to acting as host When IP datagram is received, IP layer checks if the destination IP is one of its own IP addresses or an IP broadcast
 

If so the datagram is delivered to protocol module specified in the protocol field in datagram If not then  If the host is configured as a router, then the datagram is forwarded using the IP routing table  Else the datagram is silently dropped

©NetProWise

Address Resolution Protocol (ARP)

ARP finds the physical address of a host given its IP address by issuing an ARP broadcast within the subnet This information stored in ARP cache and used in IP datagram transmission ARP cache is a table where each entry contains host’s IP address and corresponding physical address ARP entries also contain host name and expiration counter. Default expiration time is 20 mins ARP command can be used to list the entries of an ARP cache - Example: arp –a ARP request timeout, Proxy ARP, Gratuitous ARP

©NetProWise

hostname

hostname

Resolver

(1)

FTP (2)
Establish connection with IP address

IP address

TCP ARP (5) (6)
ARP Request (Ethernet broadcast)

(4) (8)

(3) IP (9)

Send IP datagram to IP address

Ethernet Driver

Ethernet Driver

Ethernet Driver

ARP

(7)ARP
©NetProWise

IP

IP Fragmentation

Transport layer can send datagrams which are larger than MTU Larger datagrams are fragmented at the source by IP layer Assembled at the destination IP layer Fragments can be fragmented recursively IP fragmentation strongly discouraged!

  

©NetProWise

Characteristics of TCP
 

Connection-oriented (state based) Reliable

Timeout, Buffering, Checksum, Acknowledge Different from message exchange, message transparent

Exchanges Byte Stream

Duplex

©NetProWise

TCP Header Format (RFC 793)
IP Header TCP Header

TCP data

20

20

18

4

6

TCP Segment

©NetProWise

TCP Message Flags

SYN

    

Synchronize Sequence Numbers to initiate connection. RSTReset Connection. PSH Push data to receiving process ASAP. URG Urgent pointer is valid. ACK Acknowledgement is valid. FIN Sender is finished sending.

©NetProWise

TCP - Connection Establishment
1.

2.

3.

SYN: Requesting end (client) sends the destination port and source initial sequence number (ISN) with SYN flag Client set. 1. SY N ACK & SYN: The server ACKs this with its own ISN, the N next expected sequence ACK, SY 2. number from the client with SYN flag set. 3 . AC K ACK: The client must ACK this SYN with server’s ISN time plus 1.

Server

©NetProWise

TCP data flow
Open Connection …
databyt e

Client

Server

time

Ack for databyte databyte
Ack for databyte

… Close Connection
©NetProWise

TCP – Connection Termination
1. 2.

3. 4.

FIN: Client sends a FIN ACK: Server ACKs client’s FIN FIN: Server sends a FIN ACK: Client ACKs server’s FIN

Server Client
1 . F IN

2. ACK

time

. . .
3. FIN
4 . AC K

©NetProWise

Some TCP Terminologies

Half-open: Server is waiting for SYN requests from client Half-close: Client has no more requests and sent its FIN and Server has even ACKed the FIN. But Server has some more data to send to the client. Active/Passive close: It is said that the first host to issue a FIN performs the active close , then the other and second one becomes the passive close. Maximum Segment Size (MSS)

©NetProWise

Sliding Window

Sliding Window parameter is used to:  Guarantee the reliable delivery of data.  Ensure the that the data is delivered in order.  Enforces flow control between the sender and receiver.

©NetProWise

Sign up to vote on this title
UsefulNot useful