802.11ac Frame Format
Carpenter, Tom. CWAP:
Certified Wireless Analysis Professional: Official study guide: Edition
CWAP-402. Certitrek Publishing, 2016.
Duration/ID - As
implied by its name, this field actually has two purposes. The first is that it
can contain the duration of the frame itself. The duration is used to set the
NAV timer by other clients. The AID is used when PS-Poll frames are transmitted
to tell the AP that the transmitting STA is awake and that it can send any
buffered frames the STA has waiting.
Address 1, 2, 3, 4 -
Depending on if the frame is being transmitted with an IBSS, from an AP to a
STA, STA to an AP, or as part of a mesh network, these addresses can indicated
different things as shown below.
Carpenter, Tom. CWAP:
Certified Wireless Analysis Professional: Official study guide: Edition
CWAP-402. Certitrek Publishing, 2016
In the table above
RA is the Receiver Address, and DA is the Destination Address. TA is the
Transmitting Address, and SA is the Source Address. It may seem like some of
these are redundant. However remember that the MAC address of the AP radio is
often going to be different than the BSSID. Or in the case of a mesh, the RA is
the next "hop" in the mesh, where the DA is the intended final
recipient of the frame.
Sequence Control -
This is a 16-bit field that’s used to help orchestrate fragmented frames in a
transmission to help alleviate duplicate frames in the case that they arrive.
It's made up of two parts. First is the 4-bit fragment number and second is a
12-bit sequence number. The sequence number remains the same for every
fragmented MSDU, giving each frame making up that fragmented MSDU the same
sequence number *but* a different fragment number. This allows the receiving
device to know what MSDU the frame is from, and if it has already received that
piece of the puzzle and know what order they should go in as sometimes they can
be received out of order. The Sequence numbers start at 0, and for every
fragmented MSDU that needs breaking up and transmitting, it goes up by 1 until
it reaches 4095 and then it just starts again.
QoS Control - This is
another 16-bit field that classifies the frames category for queuing. The first
three bits in this field map to a value of 0 to 7 which signifies the 802.11e
User Priority (UP) for the frame. This field is also called the Traffic
Indicator (TID). Remember that the eight UP's map to the 4 Access Cateories
(AC) set forth by the WiFi Alliances WMM Certification. Also remember that The
lower the number, the lower the priority. For example 1 and 2, are AC_BK (WMM
Background) which is the lowest prioity. Fun fact, the lowest of the numbers
(0) maps to Best Effort which is a step above Background. This is because in
making the mapping, they wanted it to be backwards compatible with non-QoS
devices, but not completely hamstring them just because they weren't QoS
capable.
HT Control - This
16-it field specifies certain HT and VHT capabilities. Such as antenna
selection and beamforming.
Frame Body - This
field contains the actual payload (MSDU) that’s being transmitted. When the
field is encrypted, it will add overhead to the field. Either 20 or 16 bytes of
overhead depending on if TKIP/RC4 (20 bytes) or CCMP/AES (16 bytes) is being
used.
FCS - Frame Check
Sequence - This field is used to detect if there have been issues in the
communication of the frame. A Cyclic Redundancy Check (CRC) is used over the
entire MAC Header and Frame Body. The receiving STA will run a CRC and should
come up with the same FCS to determine if anything has gone wrong during
transmission.
No comments:
Post a Comment