You are on page 1of 331

WLAN

Wireless Local Area Network


Content & Scope
 Wireless LAN Overview  
 Optional: Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
WLAN Overview

 IEEE 802.11
 Introduction
 Media Access  
 Frame Format  
 Management Operations
 Physical Layers
 Deployment  
 Miscellaneous –
 IEEE 802.11n, IEEE 802.16, & RadioTap
 Lab Exercises
 Next generation WLAN

©NetProWise
Pre-Requisites
WLAN Overview

 Computer Organization – bits, bytes, memory,


integer representation,…
 Desktop terminologies – file, delete, …
 Operating System (Windows, Linux) – compile, shell,
command, …
 OSI Architecture – Layering,….
 TCP/IP
 Ethernet

©NetProWise
WLAN

Module 1 WLAN, Wired Ethernet & TCP/IP


Overview
Wireless LAN
WLAN Overview

 LANs that use


wireless medium
 Connected to
regular LANs for
better reach
 Allows limited
Mobility
 Unique Challenges
& Issues
 Benefits

©NetProWise
WLAN – Advantages
WLAN Overview

 Mobility
 Flexible
 Planning
 Design
 Robustness

©NetProWise
WLAN Standards
WLAN Overview

 IEEE 802.11
 Infra-red
 HIPERLAN/2
 Bluetooth
 …

©NetProWise
History
WLAN Overview

 802.11 standard first ratified in July 1997


 3 PHY’s specified (FHSS, DSSS, and IR) with 1 & 2 Mbps

 2 High Rate PHY’s ratified in Sept 1999


 802.11a 6 to 54 Mbps in 5 GHz ISM band using OFDM
 802.11b 5.5 to 11 Mbps in 2.4 GHz band using DSSS

©NetProWise
Companion or Evolution Specifications
WLAN Overview

 802.11c – support for 802.11 frames


 802.11d – support for 802.11 frames, new
regulations
 802.11e – QoS enhancements in the MAC
 802.11f – Inter Access Point Protocol
 802.11g – High Rate or Turbo Mode – 2.4GHz
bandwidth extension to 22Mbps
 802.11h – Dynamic Channel Selection and Transmit
Power Control
 802.11i – Security Enhancement in the MAC

©NetProWise
IEEE 802.11 WLAN - Architecture
Overview

©NetProWise
Infrastructure & Independent WLANs
Overview

©NetProWise
802.11 Layer Description

802.2
Data Link
New Overview

802.11 MAC Layer

Physical
DS FH IR Layer

©NetProWise
IEEE 802.11 Frame with LLC & MAC

IEEE 802.11 Frame

IEEE 802.11 MAC LLC Data


New OverView

Ethernet Frame

MAC Data

New Overview

©NetProWise
Link Layer – CSMA/CA
 Carrier Sense (CS)
 Media Access (MA)
 Collision Avoidance (CA)
New OverView

©NetProWise
Physical Layers
 Radio
 Spread Spectrum
Technology
New OverView

 Direct Sequence
Spread Spectrum
(DSSS)
 Frequency
Hopping Spread
Spectrum (FHSS)

 Infra Red (IR)

©NetProWise
Challenges & Issues
 Error Prone Medium
 Inherently Shared Medium
 Natural limitations
 Unique problems – Hidden & Exposed Stations
 Mobility
 Regulation
 Cost
 Inter-working

©NetProWise
WLAN Design Goals
 Global Operation
 Low Power
 License-free operation
New OverView

 Robust transmission technology


 Simplified Spontaneous co-operation
 Easy to use
 Protection of investment
 Safety and Security
 Transparency of application

©NetProWise
WLAN Applications
 Inventory Control
 Hospital
 Hotel
New OverView

 Training
 Trade Shows
 Networking old buildings
 IP-Zone

©NetProWise
WLAN Vendors

 WLAN Equipment (AP, Adaptors, Card) Vendors


 Cisco, Nortel, NetGear, Belkin, D-Link, Linksys,…
 WLAN Chip Vendors
New OverView

 Broadcom, Lucent, Intel, …


 WLAN Software Vendors – Mostly Mobile IP
development (Home Agent, Foreign Agent, &
Protocol)
 Cisco, Nortel, …

©NetProWise
IEEE 802.11 Market Size
New OverView

©NetProWise
Demo
 Infrastructure Network
 Two Wireless stations
 One Switch/hub
One AP
New OverView

 One Wired station


 One Wireless adaptor (for monitoring)

AirPcap
Adaptor

©NetProWise
File Transfer Application
 Transfer a file from one wireless station to another
 Capture some IEEE 802.11 frames using the adaptor
& Wireshark
New Overview

 Brief review of the IEEE 802.11 frame

©NetProWise
WireShark Tutorial

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet Basics
 Mobile & Wireless Basics
New Overview

 Introduction to IEEE 802.11  


 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
Relation to OSI Reference Model
New Overview

©NetProWise
LAN Standards

• 802.1 Overview.
• 802.2 LLC.
• 802.3 CSMA/CD (Ethernet).
New Overview

• 802.4 Token Bus.


• 802.5 Token Ring.
• 802.6 DQDB (Distributed Queue Dual Bus MAN standard)
• FDDI
• 802.11 Wireless LANs

802.2 LLC
802.3 802.4 802.5 802.6
CSMA/CD Token Bus Token Ring DQDB FDDI

©NetProWise
IEEE 802.2 Encapsulation
New Overview

©NetProWise
Basic Ethernet Frame Format

22

MAC
Header

©NetProWise
Ethernet Address
 Six Octets in size
 Hard coded to NIC and unique
 Represented in hexadecimal form
 Example: 08:56:27:6f:2b:9c
 Most significant 3 octets code vendor id
 The other 3 octets are vendor generated
 All octets set to “ff” to indicate broadcast
 “01:00:5e” in most significant octets indicates
multicast : Example:
 Multicast address derived from multicast IP address
(Class D)

©NetProWise
Extending LAN Segments
 Due to noise and attenuation, length of LAN
segments are limited to few hundred meters.
 Several different networking elements are used to
extend the span of LANs.
 These enhancements still have to satisfy the round
trip constraint and other constraints suggested by
the standards.

©NetProWise
Repeater
 Repeater is bidirectional Analog amplifier that
amplifies and retransmits signals.
 Layer 1 Device.
 Can double the size of a LAN segment.

Segment 1 Segment 2

R 6
6

©NetProWise
Repeater
 Standard suggests a limit of 4 Repeaters
between any two stations on LAN.
 A maximum of 5 segments.
 Repeaters don’t understand frame formats.
 Collision affect the entire extended network.
 Noise propagates throughout the extended
network.

©NetProWise
Hub
 Hub is a multilink repeater with star topology
 In other respects, a hub is similar to a
repeater

Stations

Hub

©NetProWise
Bridge
 Bridge is a device that connects two or more LAN
segments.
 Unlike Repeater, Bridge receives, processes, and
retransmits frames.
 Bridge is invisible to the other attached computers.

Segment 1 Segment 2

P1 P2
B
P3
Segment 3
©NetProWise
Bridge Characteristics
 Layer 2 Device.
 Can do frame filtering.
 Isolate collision and noise.

©NetProWise
Bridging
 Bridge uses a forwarding table to forward frames.
 Initially, this table is empty.
 Table populated by examining the source address in
frames received.
 If there is no forwarding entry for a frame, then is
forwarded to all the other ports.

©NetProWise
Switches
 Switch is a bridge that is configured to work like a
hub in a star topology.
 Frame received in port is processed and forwarded
to the right port using a forwarding table.
 Each computer thinks it is on segment by itself.
 Unlike bridges, switches support large number of
ports.


P1 P32

Switch
To
Uplink
©NetProWise
Bridge versus Switch
 Bridge:  Switch:
 Supports less than  The workgroup switch,
5 ports (interfaces) one of the smallest,
 Software can support 16/32/64
implementation ports
can easily handle  Port volume requires
the traffic
hardware solution
 Interface connects
 Interface connects to a
to a LAN segment
computer
 Price per port is
higher than  Price per port is very
comparable switch low

©NetProWise
Broadcast Storm

©NetProWise
Invalid Bridging Entry

©NetProWise
Spanning Tree Algorithm(STA)
 Converts a graph with cycle to a rooted tree.
 There are a number of algorithms in the literature:

Root

STA

Bridge

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
Mobile and Wireless Concepts
Characteristics
 Fixed and wired
 Mobile and wired
 Fixed and wireless
 Mobile and wireless

©NetProWise
Signal, Carrier, and Medium
source signal
destination

Carrier
T

• Audio signal travel as Variations in air pressure


• This variation is converted to Variations in Voltage levels to send signal farther
• Carrier is a repeating voltage (wave) – repetition period is known to both ends
• Carrier can travel farther without getting corrupted compared to direct voltage
• Carrier is modified by the signal at the source end in some form
• This modified Carrier – can transport the original signal from source to destination
• To send the modified carrier from source to destination we need a medium
• Using this medium we can direct (and control) the signal to its destination

©NetProWise
Modulation, Multiplexing, and Coding
 Modulation is the process of modifying the carrier with signal
before transmitting it to destination.
 Demodulation is the process of extracting the signal from
the modified carrier at the destination.
 Multiplexing is the process of mixing multiple signals at the
source so that all these signals can be sent in the medium
concurrently.
 Demultiplexing is the process of separating individual
signals at the destination.
 Coding is the digital equivalent of modulation. It maps one
form digital signal to another form of digital signal. Coding is
done for security and easier transmission at the source.
 Decoding the reverse mapping of extracting original digital
signal from the coded signal at the destination.

©NetProWise
RF and IR Transport

2.4GHz 2.48GHz

I-Band S-Band M-Band


902 MHz 928 MHz 5.725GHz 5.85GHz
ISM Frequencies

IR Spectrum: 850 to 950 nanometers

©NetProWise
WLAN frequency band

©NetProWise
Signal Representation

 Time domain representation


 Frequency domain representation
 Phase domain representation

©NetProWise
Time domain representation of a signal
Periodic signals:
g (t)=At sin(2∏ftt + ϕ t)
Fourier: ∞ ∞
Σ an Cos(2∏nft)+n=1
g (t)= ½ c+n=1 Σ bn Sin(2∏nft)

T f = 1/T 0
360

0 0 0 0
90 180 270 360

©NetProWise
Square in terms of Sine waves

©NetProWise
Frequency Spectrum
Wireless transmission

©NetProWise
Examples for Frequency allocations
Europe US JAPAN
NMT AMPS,TDMA,CDMA PDC
453-457MHz 824-849 MHz 810-826MHz,
463-467MHz 869-894MHz; 940-956MHz
GSM,TDMA,CDMA
Mobile phones GSM 1429-1465MHz,
Wireless transmission

890-915 MHz, 1850-1910 MHz 1477-1513MHZ


935-960 MHZ; 1930-1990MHz
1710-1785 MHz,
1805-1880 MHz
CT1+
885-887 MHz PACS PHS
Cordless 930-932 MHZ 1850-1910MHz 1895-1918MHz;
telephones CT2 1930-1990MHz JCT
864-868 MHz; PACS-UB 254-380MHz
DECT 1910-1930MHz
1880-1900 MHz;

IEEE802.11
2400-2483MHz IEEE 802.11
Wireless LANs IEEE802.11
2471-2497MHz
HIPERLAN1 2400-2483MHz
5176-5270MHz

©NetProWise
Signal Representation in different domains
f1 f2
T f = 1/T
Amplitude

frequency
A
Frequency Domain

MCosφ

Time Domain Φ

Phase Domain

©NetProWise
Path Loss & Other effects*
 Line of sight (LOS)
 Free Space Loss
 Effect of weather
 Long waves versus Short waves
 Shadowing or Blocking
 Scattering
 Reflection
 Refraction
 Diffraction
 Multi-path propagation
 Delay-Spread

©NetProWise
Multiplexing

 Basic Multiplexing techniques


 Space division multiplexing
 Time division multiplexing
 Frequency division multiplexing
 Code division multiplexing
 Combinations of the above

©NetProWise
Analog Modulation

 Basic Analog Time

V
modulation techniques

Amplitude
 Amplitude modulation
 Frequency T
modulation f = 1/T 0 0 0 0 0
90 180
0 0 0
270 360
90 180 270 360
 Phase modulation Phase
 Combinations of the
Carrier Wave
above

©NetProWise
Digital Modulation

 Basic digital modulation techniques


 Amplitude Shift Keying
 Frequency Shift Keying
 Phase Shift Keying
 Combinations of the above

©NetProWise
Digital Amplitude Modulation
 We can code
 Zero amplitude as 0 or 1
 Non-zero amplitude as 1 or 0

©NetProWise
Frequency Shift Keying

©NetProWise
Phase Shift Keying

©NetProWise
QPSK in the phase domain
Q
Q 11
10

I
1 0 I

00 01

©NetProWise
QPSK in the time domain

©NetProWise
Quadrature amplitude modulation

Amplitude

Phase

©NetProWise
Minimum Shift Keying (data 1011010)
1 1 1 1
Data
0 0 0
Even
bits

Odd
bits
Low
frequency

High
frequency

MSK
signal

©NetProWise
Spread spectrum

p p

f f
p p p

f f
f User signal
Broadband interface
Narrowband interface

©NetProWise
CDMA - Spreading with DSSS

©NetProWise
CDMA - Frequency Hopping Spread Spectrum

tb

User data

0 1 0 1 1 t
f td
f3 Slow hopping
f2 (3 bits/hop)
f1

f td t

f3
f2 fast hopping
(3
f1 hops/bit)
t

©NetProWise
CDM Background
 Vector
 Vector dot-product
 Orthogonality

Binary (11) in vector form: (1, 1)


Vector dot Product:
(1,1).(1,-1) = 1.1+1.-1 = 1+-1 = 0

©NetProWise
4 Mutually Orthogonal or vectors

u: 1 1 1 1

v: 1 1 -1 -1

w: 1 -1 -1 1

x: 1 -1 1 -1

©NetProWise
CDM - Background
For vectors a and b

The square root of a.a is a real number, and is important. We


write

Suppose vectors a and b are orthogonal. Then:

©NetProWise
Code Division Multiplexing
• Data to be transmitted: 1, 0, 1, 1 2 Orthogonal Chip Codes
• Chip Code 1: b – (1,-1); -b – (-1, 1)

a: 1 1
Code data to be transmitted with b
• Transmitted Vector
• 1, -1, -1, 1, 1, -1, 1, -1
b: 1 -1
• Data to be transmitted: 0, 0, 1, 1
• Chip Code 2: a – (1,1); -a – (-1, -1)
• Code data to be transmitted with a
• Transmitted Vector
• -1, -1, -1, -1, 1, 1, 1, 1
• Receiver decoding for b:
• Sum of the transmission vector • (1, -1).(0, -2) = 0+2 = 2 > 0
• 0, -2, -2, 0, 2, 0 , 2, 0
• (1, 1).(0, -2) = 0+-2 = -2 < 0
©NetProWise
CDMA versus TDMA, FDMA

 Unlike TDMA, CDMA transmits data from all the


input channels simultaneously!
 Unlike FDMA, CDMA uses single frequency to
transmit all the input channels simultaneously!

©NetProWise
CDMA Limitation
 It assumes all the channels start and stop their
transmission synchronously!

©NetProWise
Asynchronous CDMA

 CDM assumes all transmitted vectors start at the same


time.
 This limits CDM for transmission from base-to-mobile
where all transmitted vectors can be synchronized
 CDM Asynchronous is used for transmission from mobile-
to-base
 It is an enhancement of CDM
 Unique, Orthogonal, Pseudo Noise signals are used for
arbitrary random starting points.

©NetProWise
CDMA Summary
 CDMA operates by:
 Encoding the each input channel data using a unique
(chip) code
 Summing the encoded data from all the channels
 Transmitting the resulting sum
 On reception, each channel data is separated using
the respective chip (code) from the sum and decoded

©NetProWise
Orthogonal Frequency Division
Multiplexing (OFDM)
 OFDM is based on FDM & TDM
 Carrier Channel is divided into multiple sub carrier
channels
 Each channel carries a portion of the user
information.
 Each sub carrier channel is orthogonal with every
other sub carrier
 OFDM is also referred to as Multi-tone modulation
 Applications: DSL, WLAN, BT, DAB, Powerline
Ethernet

©NetProWise
OFDM – Frequency Domain
Representation

©NetProWise
OFDM versus CDMA
 The mathematics underlying the CDMA is more
complicated than in OFDM
 OFDM encodes a single transmission into multiple
sub carriers. CDMA encodes multiple transmissions
onto a single carrier.
 OFDM handles multi-path spread better.
 Both make use of orthogonal property in
multiplexing signals.

©NetProWise
Hidden and exposed terminals

A B C

A can hear B
C can hear B
A cannot hear C
C cannot hear A sending data

©NetProWise
Near and far terminals

A B C

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
IEEE 802 Network Technology Family
Tree

802
Overview Data Link
And 802.1
Layer LLC
architecture Management 802.2 Logical Link control(LLC) sublayer

802.3 802.5 802.11

802.3 802.5 MAC sublayer


MAC MAC 802.11 MAC

802.11 802.11 802.11a 802.11b


802.3 802.5 OFDM HR/DSSS Physical
FHSS PHY DSSS PHY
PHY PHY PHY PHY Layer

©NetProWise
IEEE 802.2 Encapsulation

©NetProWise
Basic Ethernet Frame Format

22

MAC
Header

©NetProWise
IEEE 802.11 protocol architecture and management

Station management
LLC
DLC

MAC MAC management


PLCP PHY management
PHY

PMD

©NetProWise
Components of 802.11 LANs
Distribution Wireless Stations
System Medium

))))

Access
Point

))))
Access
Point

©NetProWise
Independent and Infrastructure BSSs

Independent BSS

Infrastructure BSS

©NetProWise
Extended Service Set

BSS1

BSS3

BSS2 BSS4

Router

Internet

©NetProWise
Distribution system in common 802.11
access points implementation
Backbone network

Bridge
Bridge
Distribution
system
Wireless
medium Station Station Station
A B C

©NetProWise
Network Services
1. Distribution
2. Integration
3. Association
4. Reassociation
5. Disassociation
6. Authentication
7. De-authentication
8. Privacy
9. MSDU (MAC Service Data Unit) Delivery

©NetProWise
Overlapping BSSs in an ESS

BSS1
BSS2 BSS3

BSS4

©NetProWise
Overlapping Network Types
AP’s
Basic
Service
area

©NetProWise
BSS transition
DS

BSS1,ESS1 BSS2,ESS2
BSS3,ESS3

T=1 T=2

©NetProWise
Inter AP Protocol (IAPP)

 Protocol for handling roaming


 No standard!
 Inter-operability is an issue
 Status of IEEE 802.11f not clear

©NetProWise
ESS transition

ESS1 BSS2 ESS2


BSS4
BSS1 BSS3

Seamless
transition not
supported

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access- Distributed Coordinated
Function (DCF)  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
Challenges for the MAC
 RF Link Quality
 Hidden Node Problem
 Exposed Node Problem

©NetProWise
Positive acknowledgment of data
transmissions

Time
Frame

ACK

©NetProWise
Nodes 1 and 3 are hidden

Area reachable Area reachable


Node 1 Node 3

1 2
3

©NetProWise
RTS/CTS clearing
1 2

RTS
1) RTS
1 CTS
3) Frame 3
4) ACK
Frame

2) CTS ACK

©NetProWise
Power Save

 Battery power is premium in wireless devices


 To Conserve battery WLAN stations alternate
between Active and Power-save modes
 Access Point buffers data for a WLAN station that is
in Power-save mode
 IEEE 802.11 protocol includes provision to
implement WLAN station Power Savings

©NetProWise
MAC Access Modes
 Distributed Coordination Function (DCF)
 Point Coordination Function (PCF)

Contention-free “Normal”
delivery Delivery

PCF

DCF

©NetProWise
Using the NAV for virtual carrier sensing

RTS data
Sender
SIFS SIFS
SIFS
CTS ACK1
receiver t
DIFS
NAV(RTS)
NAV NAV(CTS)

Defer access Contention


Window

Carrier Sensing
1. Physical Carrier Sensing
2. Virtual Carrier Sensing

NAV – Network Allocation Vector

©NetProWise
Interframe spacing relationship

Contention
window(randomized
back-off
mechanism)
DIFS DIFS
PIFS
Medium busy SIFS frame transmission

Otherstationbuffer

anddeferframes

Slot
time

©NetProWise
Contention Based Access using DCF
 If the medium has been idle for longer than DIFS, transmission
can begin immediately. Both carrier-sensing are employed
 Delivery/non-delivery of the last frame decides whether to wait DIFS
or EIFS.
 If the medium is busy, then access deferral is applied.
 Error Recovery is the responsibility of the sender
 Sender expects acknowledgement for all transmitted frames.
Specifically, for all unicast frames.
 Retransmit frame until it is successful.
 Multi frame sequence may update the NAV
 RTS Threshold, Fragmentation threshold decide when to use RTS
and when to fragment respectively.

©NetProWise
Error Recovery with the DCF
 Short Retry Counter
 Long Retry Counter
 Lifetime Counter

©NetProWise
MAC – Flow Chart

©NetProWise
Other Rules Applied
 Error Recovery is the responsibility of the sender
 Sender expects acknowledgement for all transmitted
frames.
 Retransmit frame until it is successful.
 Multi-frame Sequence can update NAV with each step.
 Fragments get the same priority as CTS/RTS, ACK
 Packets that are larger than configured RTS threshold
must have RTS/CTS exchange (Extended Frame
Sequence).
 Packets larger than fragmentation threshold must be
fragmented.

©NetProWise
Error Recovery with DCF
 Error indication – Lack of positive ACK or NAK
 Short Retry Counter
 Long Retry Counter

©NetProWise
Back-off with the DCF
 Contention Window or back-off window follows DIFS
 Contention Window is divided into slots.
 Slot length medium (speed) dependent
 Stations Randomly choose a slot
 All slots are equally likely selections
 Station that picks the earliest slot wins

©NetProWise
DSSS contention window size
31 slots
Initial Previous DIFS
attempt frame
63 slots
1st Previous DIFS
transmission frame

127 slots
2nd Previous DIFS
transmission frame

255 slots
3rd Previous DIFS
transmission frame

511 slots
4th Previous DIFS
transmission frame

Contention window =1,023slots


5th Previous DIFS
transmission frame

Contention window =1,023slots


6th Previous DIFS
transmission frame

©NetProWise
Fragmentation and Reassembly

DIFS
SIFS SIFS SIFS SIFS Block of
Sender slots
RTS Fragment0 Fragment1 Fragment2

CTS ACK0 ACK1 ACK2 t


receiver

SIFS SIFS SIFS


SIFS

RTS Fragment0 Fragment1


NAV

CTS ACK0 ACK1 t

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
Generic 802.11 MAC frame

Direction of Transmission

Least Most
Significant bit Significant bit
bytes 0-
6 6 2312
2 2 6 6 2 4

Frame Duration Address Sequence


Address Address Address Frame
control ID control FCS
1 2 3 4 body

©NetProWise
Frame control field

bytes 0-
6 6 2312
2 2 6 6 2 4
Frame
control Duration Address Address Address Sequence Address
ID control 4 Frame FCS
1 2 3 body

2 2 1 1 1 1 1 1 1 1
bits 4

To DS From More Retry Pwr


protocol Type=data Sub type DS frag
More WEP order
Mgmt Data

b2 b3

©NetProWise
Type field
 Type field encodes (b3 b2)
 Management Frames (00)
 Control Frames (01)
 Data Frames (10)
 Reserved (11)

©NetProWise
Management Subtypes (00)
 Association Request (0000 – b7 b6 b5 b4)
 Association Response (0001)
 Reassociation Request (0010)
 Reassociation Response (0011)
 Probe Request (0100)
 Probe Response (0101)
 Beacon (1000)
 ATIM - Announcement Traffic Indication Message
(1001)
 Disassociation (1010)
 Authentication (1011)
 Deauthentication (1100)

©NetProWise
Control Frame (01)
 Power Save (PS)-Poll (1010 – b7 b6 b5 b4)
 RTS (1011)
 CTS (1100)
 Acknowledgment –ACK (1101)
 Contention-Free(CF)-End (1110)
 CF-End+CF-Ack (1111)

©NetProWise
Data Frames (10)
 Data (0000 b7 b6 b5 b4)
 Data+CF-Ack (0001)
 Data+CF-Poll (0010)
 Data+CF-Ack+CF-Poll (0011)
 Null data (no data transmitted) (0100)
 CF-Ack (no data transmitted) (0101)
 CF-Poll (no data transmitted) (0110)
 Data+CF-Ack+CF-Poll (0111)

©NetProWise
ToDS and FromDS bits
ToDS =0 ToDS = 1
D ata fram es W ireles s S tation of
F ro m D S = 0 A ll fram es of IB S S Infras tru c ture netw ork
D ata fram es rec eived for a W ireles s
F ro m D S = 1 s tation in an infras truc tu re netw
D ata
ork fram es on "w ireles s bridg e"

©NetProWise
More Fragments bit
 Behaves like IP Fragmentation flag

©NetProWise
Retry bit
 This bit is set to 1 in retransmitted frames
 Receiver can eliminate duplicate frames using this
WLAN Overview

bit

©NetProWise
Power Management bit
 Used to conserve battery life
 If set to 1 indicates that the sender will be in power-
WLAN Overview

saving mode after this atomic exchange.


Overview

 Access points cannot be in power-saving mode


WLAN

©NetProWise
More data bit
 Indicates that there is at least one frame available
for a dozing station.
WLAN Overview

 Set by an AP

©NetProWise
WEP (Wired Equivalent Privacy) bit
 Indicates that the frame has gone through WEP
processing
WLAN Overview

©NetProWise
Order bit
 Frames and fragments can be transmitted in order
WLAN Overview

©NetProWise
Duration /ID Field
Duration
(NAV) 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15
WLAN Overview

0
Least significant Most significant

Contention Free Period


frames 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1

PS-Poll
frames 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

AID (range: 1-2007)


Least significant Most significant 1 1

©NetProWise
Sequence control field

bytes 0-
WLAN Overview

6 6 2312
2 2 6 6 2 4

Frame Duration Address Address Address Sequence Address Frame


control ID 1 2 3 control 4 body FCS

bits
4 12

Fragment number Sequence number

©NetProWise
Address Fields
 4 – Address Fields
 Destination, Source, Receiver, Transmitter, & BSSID
WLAN Overview

©NetProWise
Frame Check Sequence
 FCS is checked by the receiver
 The result of this checking is sent as an
WLAN Overview

acknowledgement by the receiver


 Recalculated during hop.

©NetProWise
IP Encapsulation in 802.11
6 6 2 Variable 4

Destination Type IP
Ethernet Source
MAC 0X800(IP) Packet FCS
MAC
0X0806(ARP)
WLAN Overview

Recalculate
12 1 1 1 3 Copy Copy

802.1h SNAP SNAP Ethernet


MAC Control IP
DSAP DSAP Tunnel Type
headers 0x03(UI) Packet FCS
0xAA 0xAA 0x00-00F8

12 SNAP header
SNAP SNAP RFC 1042 IP
RFC1042 MAC DSAP DSAP Control Encapsulation
Type Packet FCS
headers 0xAA 0xAA 0x03(UI) 0x00-00-00

24 or 30

802.11 802.11 SNAP SNAP Control RFC 1042 IP


MAC DSAP DSAP 0x03(UI) Encapsulation Type Packet
FCS
headers 0xAA 0xAA 0x00-00-00

©NetProWise
Contention-Based Data Services
 Broadcast and Multicast Frames
 Directed Frames
 Basic
 Fragmented
 RTS/CTS Lockout
 RTS/CTS Fragmented
 Power Savings Mode

©NetProWise
Broadcast/multicast data and broad cast
management atomic frame exchange

DIFS
DIFS Contention window
Contention window For next exchange
End or prior SIFS Data(bc/mc)
Frame Management(bc)
data
exchange

NAV Prior
t
exchange

©NetProWise
Basic positive acknowledgment of
data(unicast frames)

DIFS

SIFS SIFS

station2 data
data
station1 ACK
t

SIFS

ACK+SIFS
station2
NAV
station1 t

©NetProWise
Fragmentation

SIFS SIFS

station2 Data frag1 Data frag2 Data frag3


data
station1 ACK1 ACK2 ACK3 t
SIFS
SIFS SIFS
NAV3=ACK+SIFS

NAV2=data3+2xACK+3xSIFS

NAV1=data2+2xACK+3xSIFS
NAV station2
station1 ACK1=data2+2xACK NAV2=data3+2xACK t

©NetProWise
RTS/CTS lockout

SIFS

RTS data
data
CTS ACK
t
SIFS SIFS

Data=
ACK+SIFS

RTS=3xSIFS+Data+ACK
NAV
CTS=RTS-(CTS+SIFS) t

©NetProWise
RTS/CTS with fragmentation

SIFS SIFS

station2 RTS Data frag1 Data frag2


data
station1 CTS ACK1 ACK2 t
SIFS
SIFS SIFS
Data2

Data1

RTS
NAV station2
station1 CTS ACK1 t

©NetProWise
Immediate power-saving(ps)poll
response

SIFS

Station PS-poll ACK


data
Access point data
t
SIFS

Medium seized
by data frame
Implied:
Station SIFS+ACK
NAV
Access point
data t

©NetProWise
Immediate power-saving(ps)poll
response with fragmentation

SIFS SIFS

PS-poll ACK1 ACK2


Station
data
Access point data1 data1
t

SIFS

Medium seized
by data frame
Implied:
ACK1
Station NAV
NAV
Access point data1 t

data2

©NetProWise
Deferred PS-poll response example

one or more atomic


frame exchanges
SIFS
Zzz..
station PS-poll ACK
data
Access Point ACK DIFS Data Beacon
Frame t

Contention DIFS DIFS


SIFS
window

Implied
station
NAV Access Point Data
t

©NetProWise
Generic Data Frame
0-
2 2 6 6 6 2 6 2,312 4
F r a m De u r a At i od nd r Ae sd sd 1r Ae sd sd 2r Se se sq 3- AC dt l d r Fe sr as m4 e
C o n t Ir Do l ( r e c e ( vSi ee r n) (d Fe i rl t) e r i n g ) ( O p t i Bo no ad ly)

©NetProWise
Duration setting on final fragment

DIFS
Contention window
SIFS
Last fragment
station1
station1 ACK

SIFS

Second to Last Fragment:


fragment SIFS+ACK
NAV

©NetProWise
Duration settings on nonfinal fragment

SIFS
fragmentX
fragmentX+1
station1
station2 ACKX ACKX+1

SIFS SIFS

Duration in FragmentX:fragmentx+1+3xSIFs+2xACK
NAV

©NetProWise
Use of the Address Fields

A ddres s 1 A ddres s 2
Func tion ToDS From DS (rec eiver) (trans m itter) A ddres s 3 A ddres s 4
IB S S 0 0 DA SA B S S ID not us ed
To A P (infra) 1 0 B S S ID SA DA not us ed
From A P (infra) 0 1 DA B S S ID SA not us ed
W DS (bridge) 1 1 RA TA DA SA

©NetProWise
BSSID
 Each BSS is assigned a BSSID
 48-bit binary identifier
 In infrastructure BSS, the BSSID is the MAC address
of the wireless interface in the AP.
 IBSS must create its BSSID using random
generation
 The Universal/Local bit is set to 1
 The Individual/Group bit is set to 0

©NetProWise
Address Field Usage in Frames to the
Distribution System

SA/TA RA(BSSID)
DS

))))

AP DA
Client

Sever

©NetProWise
Address Field Usage in Frames from the
Distribution System

TA(BSSID)
RA/DA DS

))))
AP
SA
Client

Sever

©NetProWise
Wireless Distribution Systems

RA

802.11
SA
TA
))))

DA
AP
Client

Sever

©NetProWise
Data Frame of subtype Null
Mobile Station Access Point

Header FCS

Null frame;PM = 1

Frame Control
Mobile
station is
resting,
ACK begin
buffering
Power frames
Management = 1

©NetProWise
Frame Types
 Data
 Control
 Management

©NetProWise
IBSS data Frame

bytes
2 2 6 6 2 6 4
F r a m e D u r a t io nR e ID
c e i veSr o u r c eB S S ID S e q - c Ft l r a m e FCS
C o n t ro l a d r e s s /a d d r e s s B ody 0-
D e s t in a t io n 2,312
a d d re s s

bits 1 1
2 2 4 1 1 1 1 1 1
P r o t oT cy op l e S= u db a tTTayo pD e sF r o m MD os r e R Fe rt ar yPg w r M og rme Wt E PO r d e r
0 0 0 1 0 0 D a ta

0000,Data
0010,Null

©NetProWise
Data Frames from the AP
bytes 0-
2 2 6 6 2 6 2,312 4

F r a mD eu r a tRi o An / DS I DAo u rB c Se S S I De q -F cr at lm e FC S
C o n tro l a d d re s s B ody
bits 1 1
2 2 4 1 1 1 1 1 1
P r o t oT cy op l e S= u db a tTTayo pD e sF r o m MD os r e R Fe rt ar yPg w r M og rme Wt E PO r d e r
0 0 0 1 0 1 D a ta
0000:Data
1000:Data + CF - ACK
0100:Data + CF - Poll
1100:Data + CF – ACK + CF - Poll
1010: CF – ACK
0110:CF - Poll
1110: CF – ACK + CF - Poll
©NetProWise
Data Frames to the AP
bytes 0-
2 2 6 6 6 2 2,312 4

F r a mD eu r a tRi o An S I DA / DT A S e q -F cr at lm e FC S
C o n t r o l ( B S S ID ) B ody
bits 1 1
2 2 4 1 1 1 1 1 1
P r o t oT cy op l e S= u db a tTTayo pD e sF r o m MD os r e R Fe rt ar yPg w r M og rme Wt E PO r d e r
0 0 0 1 1 0 D a ta
0000:Data
0100:Data + CF - ACK
0010:Null
1010: CF – ACK (no data)

©NetProWise
WDS (Wireless DS) Frame
bytes 0-
2 2 6 6 6 2 6 2,312 4

F r a mD ue r a R t i Ao n T A I DD A S e q S - Ac tF l r a m e F C S
C o n tro l B ody
bits 1 1
2 2 4 1 1 1 1 1 1
P r o t oT cy op l e S= u db a tTTayo pD e sF r o m MD os r e R Fe rt ar yPg w r M og rme Wt E PO r d e r
0 1 0 0 1 1 D a ta

©NetProWise
Frame Control Field in Control Frames

Bits
2 2 4 1 1 1 1 1 1 1 1

P r o t To yc po el S = u bd aTT t oya Dp eFs r o mM Do sr e RF er at rgPy w r MM go mr e tW D Ea tPOa r d e r


0 1 0 00 0 0 0 0 0 0

©NetProWise
RTS Frame
Bytes MAC header

2 2 6 6 4
F ra m e D u ra t io n R e c e ive r A d d reTra
s s n s m it t e r A d d reF sCsS
C o n t ro l

bits 1 1 1 1 1
2 2 4 1 1 1
P r o t o cT oy lp e S= u b T y p e T=o DR sTFSr o m D Ms o r e RF er at rgy P w r MM g omr et D Wa t Ea P O r d e r
0 C 0o n t r o1 l 1 0 1 0 0 0 0 0 0 0
1 0

©NetProWise
Duration field in RTS frame
SIFS

RTS Expected frame

station1 transmission
station2 CTS ACK

SIFS SIFS

Duration in RTS:3xSIFs+ACK+frametime
NAV

©NetProWise
CTS Frame

Bytes MAC header

2 2 6 4
Frame Duration Receiver Address FCS
Control

bits 1
2 2 4 1 1 1 1 1 1 1
P r o t o cT oy lp e S= u b T y p e T =o DCs TF Sr o m D Ms o r e RF er at rgy P w r MMg omr et D Wa t Ea P O r d e r
0 C 0o n t r o0 l 0 1 1 0 0 0 0 0 0 0
1 0

©NetProWise
CTS duration
SIFS

RTS Expected frame

station1 transmission
station2 CTS ACK

SIFS SIFS

Duration in CTS:RTS-CTS-1xSIFS
NAV
Duration in RTS:3xSIFs+ACK+frametime

©NetProWise
ACK Frame

Bytes MAC header

2 2 6 4
Frame Duration Receiver Address FCS
Control

bits 1
2 2 4 1 1 1 1 1 1 1
P r o t oT cy op l e S =u b T y p Te o =D sA C K F r0o m MD so r e R Fe rt ar yPg w r M og rme t WD aE t aPO r d e r
0 C o 0n t 1r o 0l 1 1 0 0 0 0 0
1 0

©NetProWise
Duration in non-final ACK frames

SIFS
fragmentX
fragmentX+1
station1
station2 ACKX ACKX+1

SIFS SIFS

Station 1’s
previous duration Duration in FragmentX=coverage to end of ACK+1

NAV
Station 2’s Duration in ACKX=Fragment X duration-ACK-
previous duration 1xSIFS

©NetProWise
PS-Poll Frame
MAC header
Bytes
2 2 6 6 4
Fram e A s s oc iati B S S ID Trans m itter A ddres sFCS
Control on ID
(A ID)

bits
2 2 4 1 1 1 1 1 1 1 1
P r o t o cT oy lp e S= u b T y p e T=o DA sCF Kr o m D Ms o r e RF er at rgy P w r MMg omr et D Wa t Ea P O r d e r
0 C 0o n t r o0 l 1 0 1 0 0 0 0 0 0 0
1 0

©NetProWise
Generic Management Frame
Information
MAC header elements and
Fixed fields
2 2 6 6 6 2 0-2,312 4
F r a m eD u r a t iDo nA S A B S S ID S e q - C Ft lr a m e FCS
C o n tro l B ody

©NetProWise
Authentication Algorithm Number Field

16 Bits
Authentication algorithm
Least Significant number Most Significant

©NetProWise
Authentication transaction sequence
number field

16 Bits
Authentication transaction
Least Significant sequence number Most Significant

©NetProWise
Beacon Interval Field

16 Bits
Beacon interval
Least Significant Most Significant

©NetProWise
Capability Information Field

Bits

ESS IB S S C F - P o l la b leP r iva c Sy h o r t P B C C C h a n n e l aRg ei lsi t ey r ve d


P r e a m b (l 8e 0 2 . 1 1( 8b 0) 2 . 1 1 b )

©NetProWise
Current AP Address Field

Bytes

Current AP (MAC)

Bit 0 Bit 47

©NetProWise
Listen interval Field

Bits
Listen interval
Least Significant Most Significant

©NetProWise
Association ID Field

Bits 1-13 14 15
Association ID 1 1

Least Significant Most Significant

©NetProWise
Timestamp Field

1-7
Bytes
Timestamp
Least Significant Most Significant

Bits 0 Bits 63

©NetProWise
Reason Code Field

Bits
Reason Code
Least Significant Most Significant

©NetProWise
Status Code Field

Status Code
Least Significant Most Significant

©NetProWise
Generic management frame information
element

bytes 1 1 Length(in bytes)

E l e m e n t ID
le n g t h

©NetProWise
Service Set Identity Information
Element

Bytes 1 1 0-32

E l e m e nL te ID
n g t hS S ID
0

©NetProWise
Supported Rates information element
Data rate label
Element ID length least most
1 significant significant Mandatory

Data rate element

D a t a r a t e 1= 2 DM a bt ap 1Ms r a bt epo =sp 1t i o n a l 0

©NetProWise
FH Parameter Set information Element

Bytes 1 1 2 1 1 1

E l e m eL ne tn gI DtDh w e l l HT oi mp eHs oe pt p Ha tot pe r Inn d e x


0 5

©NetProWise
DS Parameter Set information element

Bytes 1 1 1

E l e m eL ne t n IDg t Ch u r r e n t
3 1 Channel

©NetProWise
Traffic Indication Map Information
Element

Bytes 1 1 1 1 2 2

E l e m Le en nt gI DCt h F P C Fo uP nC t F P MC FA PX D u r
3 1 P e r i oD du r a t iRo en m a i n i n g

©NetProWise
IBSS Parameter Set Information
Element

Bytes 1 1 2
E le m e n Lt eIDn g t h A T IM
3 1 W in d o w

©NetProWise
Challenge Text Information Element

Bytes 1 1 1-253
E le m e n tL ID
e n g t h C h a lle n g e
3 1 Tex t

©NetProWise
Beacon frame

bytes MAC header

2 2 6 6 6 2 Variable 4
F ra m e
D u ra t io n
c o n t ro l DA SA B S S ID s e q c t rl F ra m e B o d y F C S

bytes
8 2 2 Variable 7 2 8 4 Variable

Tim e s t a mB pe a c o Cn a p a b ilit y FH DS CF IB S S
In t e rva in
l fo S S ID p a ra m e t e rspeatra m e t e rspeatra m e t e rspeat ra m e t e rsTIM
et

Mandatory optional

©NetProWise
Probe Request Frame
Bytes MAC header Frame body

2 2 6 6 2 Variable Variable 4
F r a m D e u r aD t iAo n S A B S S SI D e q -S c S t l I D S u p p o rte d F C S
C o n tro l R a te s

©NetProWise
Probe Response Frame

bytes MAC header

2 2 6 6 6 2 Variable 4
F ra m e
D u ra t io n
c o n t ro l DA SA B S S ID s e q c t rl F ra m e B o d y F C S

bytes
8 2 2 Variable 7 2 8 4 Variable

Tim e s t a mB pe t w e e nC a p a b ilit y FH DS CF IB S S
In t e rva l in fo S S ID p a ra m e t e rsp ea tra m e t e rsp ea tra m e t e rspeatra m e t e rs e t

©NetProWise
ATIM Frame
Bytes MAC header

2 2 6 6 6 2 4
F r a m De u r a Dt i Ao n SA B S S IDS e q - Fc Ct l S
C o n tro l

©NetProWise
Disassociation and Deauthentication
Frames
Bytes MAC header

2 2 6 6 6 2 2 4
F r a m De u r a Dt i oA n SA B S S ISD e q - Bc Ot l D YF C S
C o n tro l

Bits

Reason Code

©NetProWise
Association Request Frame
Bytes MAC header Frame body

2 2 6 6 6 2 2 2 variable variable 4
F r a Dm u e rDa At i oS n A B S SS eI DqC - a cp Lt a li sb Sit lei St ny I D S u p p o r t e Fd C S
C o n tro l In fo In t e r v a l R a te s

©NetProWise
Reassociation Request Frame

Bytes Frame body


MAC header

2 2 6 6 6 2 2 2 6 Variable Variable 4
F r a mD ue r Da tA i o Sn A B S SS I eD q C - ac ptL la i sb ti Clei t nuy r r Se nS t I AD P S u p p o rte dF C S
C o n tro l I n f o I n t e Ar v da dl r e s s R a te s

©NetProWise
(Re)Association Response Frame

Bytes MAC header Frame body

2 2 2 variable
2 2 6 6 6 2 4
F r a m D eu r Da tAi o n S A B S S SI De q -C ca tpl aS bt ai lAit tusy ss o Sc ui ap t pi oo nr t e d F C S
C o n tro l I n f o c o d I De R a te s

©NetProWise
Authentication Frames

MAC header Frame body

2 2 2 variable
2 2 6 6 6 2 4
F r a m e D u r a t io
D An SA B S S ID S e q - c At l u t h e n t icAa ut iot hne n t i cSa t aiot un s C h a lle n g e FCS
C o n tro l A lg o r i t h m T r a n s a c t ioC no d e T e x t
N u m b e r S e q .N o

©NetProWise
Overall 802.11 State Diagrams
State3
Class
1,2, and
Authenticated
3 frames and
Associated
Successful Disassociation
[re] association
Class 1 and 2 State2
frames or Authenticated Deauthorization
[re] association and
failure Unassociated
Successful
[re] authentication Deauthorization
Class 1 frames or State1
authentication
Unauthenticated
failure
and
Unassociated

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment - Security 
 Lab Exercises

©NetProWise
Two Approaches
 Wired Equivalent Protocol (WEP)
 IEEE 802.1X

©NetProWise
Security Objectives
 Confidentiality
 Authentication
 Integrity

©NetProWise
Cryptography with Wired Equivalent
Protocol (WEP)
 Employs RC4 PRNG to Encrypt/Decrypt data
 RC4 PRNG
 Symmetric Algorithm
 40 bit encryption key + 24 bit initialization vector
 64 bit string is used as seed to PRNG to generate a “key
sequence”
 ICV (integrity check value) is computed for plaintext
(CRC-32)
 ICV is concatenated to data stream
 Key Sequence is XORéd to data stream to create
ciphertext.
 Ciphertext and IV (24 bits) are sent to receiver

©NetProWise
Generic Stream Cipher operation

s ourc e D es tination
D ata K ey s tream c iphers tream K ey s tream R ec eived data
0 1 1 1 0
1 1 0 1 1
0 1 1 1 0
1 0 1 0 1
1 0 1 0 1
0 1 1 1 0
0 0 0 0 0
0 1 1 1 0
. . . . .

©NetProWise
Keyed stream cipher operation

Source Destination

Key Key
Cipher Cipher
Cipher
text PRNG
PRNG
Data Data

XOR XOR

©NetProWise
WEP operations – Confidentiality &
Integrity

Integrity
24-bitIV
check
40-bit
WEP key ICV
64-bitRC4
RC4
RC4 key stream (as long as
algorithm frame+ICV)
+ =

24-bitIV
Cipher frame+ICV

Frame IV header Frame ICV trailer


FCS
header (4bytes) Body (4 bytes)

Clear Encrypted Clear

©NetProWise
WEP Keying
 Uses a set of up to four default keys
 May also use pairwise mapped keys

©NetProWise
WEP frame extension

IVheader

F ra m e In it ia lis a t io n In t e g r i t y c h e c k
P a d K e y ID
F ra m e b o d y FCS
h e a d e r ve c to r V a lu e

©NetProWise
Limitations of WEP
 Integrity check
 It is based on CRC, predictable; effective in finding
single-bit alterations with high probability
 It should be based on hashing (unpredictable)
 Reuse of key stream is a major weakness
 IV field is not encrypted.
 Key distribution
 Key must be distributed to all stations participating in
an 802.11 service set.
 802.11 fails to specify a key distribution mechanism
 Manually configuring the keys is not scalable
 Users can view these keys
 Keys can be accessed through SNMP interface!

©NetProWise
Some Solutions for WEP
 Change default key
 change WEP key frequently
 Password Protect Client Drives and Folders
 Change Default SSID
 Use Sessions Keys If Available
 Use MAC Filtering If Available
 Use A VPN

©NetProWise
Two Approaches
 Wired Equivalent Protocol (WEP)
 IEEE 802.1X

©NetProWise
IEEE 802.1x

 Based on IETF’s Extensible Authentication Protocol


(EAP) – RFC 2284
 Simply an Authentication protocol; Secrecy and
Integrity are not provided
 User is authenticated, however, the network is not
authenticated; user might end up giving his/her
credentials to the wrong network

©NetProWise
EAP Architecture

AKA/ Token
Methods TLS
SIM card

EAP
EAP

Link
PPP 802.3 802.11
Layers

©NetProWise
EAP Packet Format

Bytes 1 1 2 Variable

C o d eI d e n Lt ief i ne gr t Dh a t a

©NetProWise
EAP Request and Response Packets

Bytes 1 1 2 1 Variable

C
I
L

d
T

o
T

e
y

d
y

n
p

e
p
1: Request

t
e

i
e

f
2: Response

i
h
-

e
D

r
a
t
a

©NetProWise
EAP Success and Failure Frames

Bytes 1 1 2

C ode IdentifierL ength

3: Success
4
4: Failure

©NetProWise
Sample EAP Exchange
End-User Authenticator
System

1:Request / Identity
2:Response / Identity
3:Request / MD5 - Challenge
4:Response/NAK,generic token card
5:Request/ Generic token card
6:Response/ Generic token card (bad)
7:Request/ Generic token card
8:Response/ Generic token card (good)
9:Success

©NetProWise
802.1x Architecture
Authenticator
Authentication
Supplicant Sever
EAPOL
RADIUS

(PAE) (PAE)

Enterprise edge/ Enterprise Core/


ISP access ISP backbone

©NetProWise
EAPOL Frame Format
MAC header

Bytes 6 6 2 1 1 2 variable 4
Des tination
S ourc e E thernetV ers ionP ac k etP ac k etP ac k et F CS
A ddres s A ddres sTy pe 1 Ty pe B ody B ody
88-8E Length

©NetProWise
Typical EAPOL Exchange
Supplicant Authenticator Radius

EAPOL RADIUS
1:EAPOL - Start
2:Request / Identify
3:Response/ Identify 3:Radius – Access - Request
4:EAP - Request 4: Radius – Access - Challenge
5:EAP- Response 5: Radius – Access - Request
6:EAP- Success 6: Radius – Access - Accept

(Access allowed )
7:EAP – Logoff
(Access blocked )

©NetProWise
EAPOL Exchange on an 802.11 Network
Supplicant Authenticator Radius

802.11
1:Association request RADIUS
2:Association response
EAPOL
3:EAPOL - Start 3:Radius – Access - Request
4: Request / Identity 4: Radius – Access - Challenge
5:EAP- Response/ Identify 5: Radius – Access - Request
6:EAP- Request 6: Radius – Access - Accept
7:EAP – Response
8:EAP – Success
9:EAPOL – Key (WEP)

©NetProWise
802.11x Supporting Public Ethernet Ports
ISP
Client RADIUS
1: Authenticate
6: Billing

4: Allow Corporate
Finance
2: Authenticate
5: Accounting 3: Allow

Internet

Corporate
AP
RADIUS

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment - Security 
 Lab Exercises

©NetProWise
Relationship Between Management Entities

MLME

MAC MAC MIB


SME
PLME
PHY
PHY MIB

©NetProWise
Management Operations
 Scanning
 Scan Report
 Joining

©NetProWise
Scanning
 Scanning is the first activity when a station wants to
join a service set.
 The following parameters are used in scanning:
 BSSType (independent, infrastructure, or both)
 BSSID (individual or broadcast)
 SSID (“network name”)
 Scan Type (active or passive)
 ChannelList
 ProbeDelay
 MinChannelTime
 MaxChannelTime

©NetProWise
Passive Scanning
Beacon
Client
AP1
))))

AP2
Found BSSs:
BSS1,AP1
BSS2,AP2
AP3
BSS3,AP3

AP4
))))

©NetProWise
Active scanning
Probe
response
Probe
request

Minimum
Mobile station
response SIFS SIFS
(scanner)
DIFS time DIFS

Probe Request ACKX ACKX

Probe Response

AP1
Contention t
window
Probe

Response
AP2 t

©NetProWise
Scanning Report
 At the end of scanning a report is produced
 This report includes
 BSSID
 SSID
 BSSType
 Beacon interval (integer)
 DTIM period (integer)
 Timing parameters
 PHY parameters, CF parameters, and IBSS
parameters
 BSSBasicRateSet

©NetProWise
Joining
 Joining is a precursor to association
 User intervention or automatic
 Automatic then the decision based on power level
and signal strength

©NetProWise
Authentication

©NetProWise
Open- system authentication Exchange

1: Form – source (Identity)


Client Authentication algorithm – 0 (open system)
Sequence number - 1
AP

2:Authentication algorithm – 0 (open system)


Sequence number – 2
Status code

©NetProWise
Shared-Key Authentication Exchange
1: Form – source (Identity)
Authentication algorithm – 1 (Shared Key)
Sequence number - 1

Client 2:Authentication algorithm – 2 (Shared Key)


Sequence number – 2
Status code –0 (Successful)
Challenge text (clear) AP

3:Authentication algorithm – 2 (Shared Key)


Sequence number – 3
Challenge text

4:Authentication algorithm – 2 (Shared Key)


Sequence number – 4
Status code

©NetProWise
Time savings of preauthentication
5

AP1 AP2
4

3
1 BSS1
BSS2

A. No preauthorization

©NetProWise
Scan Report
 Beacon interval
 DTIM period
 Timing parameters
 PHY parameters, CF parameters, IBSS parameters
 BSSBasicRateSet

©NetProWise
Joining
 Choosing which BSS to join
 User intervention
 Automatic

©NetProWise
Time Savings of Preauthentication
3

AP1 AP2

1.5 2

1 BSS1
BSS2

A. No preauthorization

©NetProWise
Association Procedure
1: Association request

Client 2: Association response


“Here is your association ID.”

3:Traffic
AP

©NetProWise
Reassociation Procedure

1:Reassociation request
“My old AP WAS..”

Client 2: Reassociation response


“I am your new AP, and here
is Your new association ID.” Old AP 4: IAPP
3:IAPP “Why
“Please send certainly ..”
Any buffered
Frames for..”

5:(Optional )
“Here are some frames
Buffered from your old AP

New AP

©NetProWise
Reassociation with the same access point

BSS
1

3: Reassociation
Exchange AP

©NetProWise
PS-Poll Frame Retrieval
AP

PS-Poll
Time
Frame 1, more data

ACK
PS-Poll
Frame 1, more data
ACK
PS-Poll
Frame 2
ACK

©NetProWise
Buffered frame retrieval process
Beacon

interval
TIM-Frame TIM-Frame TIM-Frame TIM-Frame TIM-No TIM-No
for 1 for 1and2 for 2 for 1and2 Frame Frame

Busy

AP
t
Ps- Ps-
poll poll

station1 CW t
frame

Busy

station2 CW
defer t

©NetProWise
Multicast and Broadcast buffer
transmission after DTIMS

Beacon DTIM Interval


interval

DTIM TIM DTIM TIM TIM


TIM

BC MC BC MC
AP
t

station1 t

©NetProWise
ATIM Usage

ATIM “Don’t
Sleep, I have
data for you.”

C
B
a.Unicast or directional

©NetProWise
ATIM Usage

ATIM “Don’t sleep,


I have data for all
Of you”

A
E

B C
D
B. Multicast

©NetProWise
ATIM window

Target
beacon times

Peacon
interval

Busy

ATM
Window
ATM
Window
ATM
Window
ATM
Window
t

©NetProWise
ATM effects on Power-saving modes

Target beacon transmission

ATM ATM ATM


Window Window Window

station1 t

©NetProWise
Effect ATIM on power-saving modes in
an IBSS network

ATM ATM ATM ATM


Window Window Window Window
ATM to 2,3, and 4
Frame to 2,3, and 4 Sleep
Sleep
station1 t
ATM to 4

Frame to 4
Sleep
station2
t
ATM to 4 ATM to 4
Frame to 4

station3 t
ACK to 3 ACK to 2 ACK to 3
Frame to 1 Frame to 3

station4
t

©NetProWise
Matching the local timer to a network timer

Beacon/ Timestamp +
Probe Response Local offset
Network
Time

Local offset Time


Local
timer

Save Begin
TSF Join
Value Process

©NetProWise
Distributed Beacon generation
Awake period

TBIT Transmission
canceled

station1 t

Beacon

station2 t
Transmission
canceled

station3
t

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  - Point Coordinated Function
(PCF)
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment - Security 
 Lab Exercises

©NetProWise
Using the PCF

Contention-free repetition interval

Contention-free period
Contention
SIFS SIFS PIFS SIFS period

PC CF-
CF-poll(to Data to
Beacon poll(to Station2)+
statio Stn4+CF- CF-END
CF-ACK(to
n1) Station1) poll
Other Frame t
from #1
plus CF- CF-ACK
ACK

SIFS SIFS
NAV
Released
Set by Beacon
CF-End

CFMaxduration t

©NetProWise
Data+CF-Ack and Data+CF-poll usage

CFP end

DIFS
CFP
Beacon CP
Frame Frame

ACK ACK t

SIFS SIFS
Actual
CFP start
CFP foreshortening

CFPMaxduration

©NetProWise
Data + CF – ACK Usage

SIFS

Mobile
Station Data + CF - ACK
frames

Access Data + CF – Poll Point


Coordination
Point to MS1 SIFS resumes
frames

©NetProWise
Usage of Data+CF-ACK-ACK+CF-poll

SIFS

Data+CF-ACK Data+CF-ACK
Mobile stations From MS1 From MS2

Access Data+CF-ACK
+CF-poll to MS2
points

SIFS

©NetProWise
CF-poll framing usage

PIFS

SIFS
SIFS

Mobile stations Data from MS2

Access CF-poll CF-poll


points to MS2

©NetProWise
CF – ACK + CF – Poll Usage

SIFS
SIFS

Mobile Data + Data


Stations CF – ACK From MS2
From MS1
Data + CF CF-ACK+
Access - Poll to MS 1 CF-Poll
Points To MS2

SIFS

©NetProWise
CF- End Frame
MAC header
Bytes 2 2 6 6 4
Frame Duration Receiver Address BSSID FCS
Control 00x00 - 0xFF-FF-FF-FF-FF
00

bits 1 1
2 2 4 1 1 1 1 1
P rotoc olTy pe = c ontrol
S ub Ty pe = C F - E nd
ToD s F rom D sM ore F ragR etry P w r M oreW E P O rder
0 01 0 0 1 1 1 0 0 0 0 M gm t D ata 0 0
0

©NetProWise
CF-End + CF – ACK Frame
MAC header

Bytes 2 2 6 6 4
Frame Duration Receiver Address BSSID FCS
Control 00x00 - 0xFF-FF-FF-FF-FF
00

bits 1 1
2 2 4 1 1 1 1 1
P rotoc olTy pe = c ontrol
S ub Ty pe = C F - E nd
ToD s F rom D sM ore F ragR etry P w r M oreW E P O rder
0 01 0 + C F -A C K 0 0 0 0 M gm t D ata 0 0
0 1 1 1 0

©NetProWise
CF Parameter Set Information Element

Bytes 1 1 1 1 2 2
Element ID Length CFP CFP CFP CFP
6 Count Period MaxDuration DurRemaining

©NetProWise
Mobile IP Network
COA

Home Router Router


MN
Network HA FA

Foreign
network

Internet

CN Router

©NetProWise
Packet Delivery

Home Router Router


MN
Network HA 2 FA
4 Foreign
network

Internet

CN Router

©NetProWise
Mobile Transport (TCP)
Access Point 1

Socket Migration &


State Transfer Internet

Mobile Host Access Point 2

©NetProWise
Next Generation WLAN – IEEE
802.11n
Comparing IEEE 802.11 Amendments

©NetProWise
IEEE 802.11b versus BlueTooth

©NetProWise
IEEE 802.11n
 IEEE 802.11g (up to 30 m & 54 Mbps)
 IEEE 802.11a (up to 30 m & 54 Mbps)
 IEEE 802.11b (up to 30 m & 11 Mbps)
 IEEE 802.11n (up to 50 m & 600 Mbps)
 Developed by IEEE Task Group n (TGn)
 Chip Vendors – Broadcom, Intel, Atheros, and Marvell.
 Switch and Adaptor Vendors – Belkin, D-Link, Linksys,
and Netgear
 Some of the other vendors who are contributing to
IEEE 802.11n – AirGo, Atheros, Intel, Nortel Networks,
Panasonic, Philips Electronics, Qualcomm, Samsung,
and Sony

©NetProWise
How IEEE 802.11n works
 Adds MIMO to the earlier 802.11g technology
 Makes use of the multi-path propagation.
 Bonds several existing channels for sending and
receiving
Object Antenna

Transmitter Receiver
With With
MIMO MIMO
Signal Signal
Processing Processing

©NetProWise
RadioTap
 What is RadioTap
 Mechanism to exchange frame information between
user application and driver
 Addresses the limitations of PrismAVS header
format
 Using RadioTap arbitrary number of fields can be
specified.
 Example: One could specify/retrieve FCS for/from a
frame.

©NetProWise
RadioTap Header
The radiotap capture format starts with a radiotap header:

struct ieee80211_radiotap_header {
u_int8_t it_version; /* set to 0 */
u_int8_t it_pad;
u_int16_t it_len; /* entire length */
u_int32_t it_present; /* fields present */
} __attribute__((__packed__));

©NetProWise
Some of the Header fields
enum ieee80211_radiotap_type {
IEEE80211_RADIOTAP_TSFT = 0,
IEEE80211_RADIOTAP_FLAGS = 1,
IEEE80211_RADIOTAP_RATE = 2,
IEEE80211_RADIOTAP_CHANNEL = 3,
IEEE80211_RADIOTAP_FHSS = 4,

IEEE80211_RADIOTAP_DBM_TX_POWER = 10,
IEEE80211_RADIOTAP_ANTENNA = 11,
IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12,
IEEE80211_RADIOTAP_DB_ANTNOISE = 13,
IEEE80211_RADIOTAP_FCS = 14,
IEEE80211_RADIOTAP_EXT = 31,
};

©NetProWise
Important Characteristics of RadioTap
 Fields are in strict order (as they are specified in the
it_present bitmask)
 Data is specified in little endian order
 Field Lengths are implicit
 Variable length fields are not supported
 If bit 31 of the it_present field is set, an extended
it_present bit_mask is present
 Natural alignment field requirement – 16, 32,48, …

©NetProWise
Summary

©NetProWise
Summary Slide
 Mobile Transport (TCP)

©NetProWise
Historical background of FHSS

Look at the notes section

©NetProWise
FHSS
close

©NetProWise
Overview Ethernet BasicsWireless BasicsIEEE 802.11 Nextgen WLAN

©NetProWise
Content
 Wireless LAN Overview  
 Ethernet & TCP/IP Basics
 Mobile & Wireless Basics
 Introduction to IEEE 802.11  
 IEEE 802.11 Media Access  
 IEEE 802.11 Frame Format  
 IEEE 802.11 Management Operations
 IEEE 802.11 Physical Layers
 IEEE 802.11 Deployment  
 Lab Exercises

©NetProWise
Some TCP/IP Concepts
 Layering
 Protocol Data Units (PDUs)
 Encapsulation
 Multiplexing/Demultiplexing
 IP Address Class
 Domain Name System (DNS)
 Client-Server Model
 Some Tools
 Routing versus Switching
 Connection Oriented versus Connectionless

©NetProWise
TCP/IP Layers

Application/Layer

Transport Layer
UDP or TCP

Networking Layer (IP)

Link Layer

Physical Layer
Network

©NetProWise
Protocol Data Units (PDU) &
Encapsulation
A p p lic a t io n D a t a

A p p lic a t io n
A p p lic a t io n D a t a
message Header application

datagram TCP
Data
segment Header TCP

TCP
IP Header Data
packet Header IP

Ethernet TCP Ethernet


IP Header Data Ethernet
frame Hdr Header Trailer

14 20 20 4
46-1500 Physical Medium
©NetProWise
Demultiplexing and Multiplexing
TCP Applications UDP Applications

Stack/suite
TCP Port no UDP

ICMP IGMP


IP protocol type
IPX ARP/RARP

Ethernet Frame type


Incoming Frame

©NetProWise
Data Networks - Standards
 IEEE – 802.3, 802.5, 802.11, FDDC, …
 Internet Society (ISOC)
 Internet Architecture Board (IAB)
 IETF – Engineering Task Force
 IRTF – Research Task Force
 IANA – Assigned Number Authority
 InterNIC – IP Address distribution
 Request for Comment (RFCs)

©NetProWise
Addresses used
 Four types are addresses are used:
 Domain Name
 IP Address
 Link Layer Address
 Port Number

 They all complement each other in sending and


receiving messages.

©NetProWise
Subnet
 Host A starting an FTP session with Server B.
LAN
segment 3
Rest of
the
network
B

LAN segment 1 LAN segment 2


A

©NetProWise
Address Structure

 Domain name: yahoo, google, alcatel, etc.


 Networking Layer Address - IP Address - unique,
but likely to change and move
 Example: 192.168.1.128
 Link Layer Address - MAC Address - unique & fixed
 Example: 08:56:27:6f:2b:9c
 Port Numbers – Identifies individual program in a
computer
 80

©NetProWise
Domain Name System (DNS)
 DNS permits meaningful host names to be used
instead of host of IP addresses.
 It’s a distributed database that provides a mapping
between host names and IP addresses.
 There is a function to do IP to host name, another
function to do host name to IP mapping.
 www.touchtelindia.net maps to class C address
202.56.228.42.

©NetProWise
Port Address
 Identifies a service entity. 21 23
 16 bit in size FTP Telnet
 Well Known Server Ports - 0 to
TCP
1023 IP
 FTP Port 21, Telnet port 23 192.168.0.1
 Registered Ports - 1024 to Ethernet

49151 00:50:eb:0e:14:7a
 Dynamic or Ephemeral Ports –
49152 to 65535 Ethernet

©NetProWise
Client Server
 Networking applications are mostly client-server
applications.
 Iterative server or Concurrent Server.
 Iterative server handles one client at a time.
 Concurrent server handles multiple clients
concurrently.
 TCP servers are usually concurrent and UDP servers
are usually iterative.

©NetProWise
IPCONFIG
 List IP configuration for a host
 Usage
 ipconfig
 ipconfig /all

 Exercise 1: Explore different options


of ipconfig. Find out ipconfig
equivalent in Linux/Unix.

©NetProWise
Ping Command
 Checking for IP connectivity
 Usage:
 ping localhost
Loopback
 ping <itself>
 ping <Otherhost> 127.0.0.1
 Loopback Interface
 Used for Inter Process Communication (IPC)
 Loopback address 127.*.*.*

©NetProWise
Netstat

©NetProWise
ARP

©NetProWise
Networking Hierarchy
 Computer
 LAN segments
 Subnets
 Networks
 Interconnected Networks

©NetProWise
Subnet
 Host A starting an FTP session with Server B.

A
©NetProWise
Network
 Hosts and Router ports within a subnet share the same subnet ID.
 Subnet is a link layer broadcast domain
 Router is the gateway between subnets
 Router terminates subnet broadcast

192.168.1
192.168.2
Router
Port
192.168.3

192.168.9

©NetProWise
Packet Switching and Routing
1. Switching

Network
sender receiver X.25, ATM, FR

2. Routing

Network
sender receiver IP, IPX

©NetProWise
Connection Oriented Messaging
Establishes a dedicated pipe first
A
exchange between A & B
S
Global address not
Sequencing
needed in message
guaranteed S
S
S
Ideal for 1-to-1
S communication
S
After the message No Need for
exchange, pipe is big transfer
removed tables
B
©NetProWise
Connectionless Messaging
No dedicated pipe between A & B
A Pipe is shared
R
Global address needed
Sequencing not
guaranteed R
R
R
Ideal for 1-to-n
R communication
R
Inherently robust Needs big
transfer
tables
B
©NetProWise
Connection Oriented &
Connectionless Networking with IP

 IP is connectionless networking
 Both connection-oriented and connectionless
transport could be offered on top IP.
 TCP is a connection-oriented protocol, UDP is
connectionless protocol

©NetProWise
IP Packet Routing in a Subnet
1. Host A checks if Server B is in the same subnet. It
is.
2. Host A sends a broadcast frame asking for the MAC
address of Server B (IP Address).
3. This request frame is seen by all hosts & servers
within the subnet.
4. Server B responds to Host A with its MAC address.
5. Host A saves the Server’s IP address and MAC
address in its ARP table and starts sending
/receiving frames to/from Server B.

©NetProWise
ARP Table or ARP Cache
 ARP stands for Address Resolution Protocol
 Each entry in an ARP table contains an IP Address and the
corresponding MAC Address.
 ARP entries live only for a short duration - 2 to 10 mins

Microsoft Windows XP [Version 5.1.2600]


(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\hari>arp -a

Interface: 10.0.0.224 --- 0x2


Internet Address Physical Address Type
10.0.0.2 00-80-c6-f9-29-a7 dynamic

C:\Documents and Settings\hari>


©NetProWise
Out of Subnet Packet Routing
1. Host A checks if Server B is in the same subnet. It is
not.
2. Host A sends a broadcast frame asking for the MAC
address of Gateway (Router Port).
3. This request frame is seen by all hosts & servers
within the subnet.
4. Router A responds to Host A with its Port 1 MAC
address.
5. Host A saves the Server’s IP address and Router Port
1 MAC address in its ARP table and starts sending
/receiving frames to/from Router A.
6. Router A Routes packets from host A to Server.

©NetProWise
Physical Layer
 Restricted to Wireline

©NetProWise
Network Interface Controller (NIC)

 NIC Card
 RJ45 Connector, Cable

Ethernet
Cables

or
ct
ne
on
IC
PC
RJ45 Socket

©NetProWise
RJ45 10Base-T

Crossover Cable Straight Through Cable


RJ-45 PIN RJ-45 PIN RJ-45 PIN RJ-45 PIN
1 Rc+ 3 Tx+ 1 Tx+ 1 Rc+
2 Rc- 6 Tx- 2 Tx- 2 Rc-
3 Tx+ 1 Rc+ 3 Rc+ 3 Tx+
6 Tx- 2 Rc- 6 Rc- 6 Tx-
©NetProWise
Notes Page

©NetProWise
Link Layer
 Responsible for
 Creating a frame and sending it to next node
 Receiving a frame and Processing it
 Error check
 Flow control
 De-multiplexing
 Class of Service

©NetProWise
Link Layers
 Ethernet
 IEEE 802 Encapsulation
 FDDI
 CDDI
 PPP
 SLIP
 ATM

©NetProWise
Serial Line IP (SLIP RFC 1055)
 Motivation

Versus

©NetProWise
SLIP Frame Format (RFC 1055)
 END (0xC0) and ESC (0xdb) are used to create the
frame.
 No type field!
 IP address issue
 No Frame Check Sequence (FCS) or CRC!

IP Datagram

c0 db

c0 db dc db dd c0

©NetProWise
PPP

Motivated by the deficiencies of SLIP.


Includes type field.
IP address could be exchanged
Includes Frame Check Sequence (FCS)
or CRC!

©NetProWise
PPP Encapsulation Format (RFC 1548)

flag addr ctl flag


protocol Information CRC
7E FF 03 7E
1 1 1 2 Upto 1500 2 1

protocol IP Data gram


0021
2

protocol Link Control Data Escape Sequence:


C021
2 7E 7D and 5E

7D 7D and 5D
protocol Network Control Data
8021
2

©NetProWise
Loopback IP Interface

127.0.0.1 is Loopback IP Interface.


This allows a client to communicate with a
server on the same host.
Any packet sent to this IP address will be
looped back to the same host from the host’s
Link layer.
DNS maps localhost to 127.0.0.1.
Datagrams that are multicast and broadcast
are looped back to localhost.
Anything sent to host’s IP address is sent to
localhost.
Datagrams sent only to localhost do not
appear on the network!
©NetProWise
Loopback Interface

IP output IP input
function function

Place on
YES Dest IP Multicast/Broadcast?
IP input Queue
Place on
IP input Queue NO

Loopback YES Dest IP is local IP?


Driver
NO IP

Ethernet ARP ARP Demultiplex


Driver
send receive

Ethernet
©NetProWise
Local Area Network (LAN)
 Initial LANs provided connectivity between computers
which are co-located within a short distance of few
meters using shared medium.
 This solution of interconnecting computers does not
scale well. Thus, it is still limited to computers that are in
physical proximity.

©NetProWise
What is Ethernet?

 Ethernet is a LAN Link Layer Standard


 Most popular LAN standard
 Least Expensive
 Comes in Half-duplex and Full-duplex forms
 Comes in several speeds 10/100/1000/10000 Mbps
 Comes with several media options (wireless, fiber,
coaxial, twisted pair,…)
 Wireless LAN variations 802.11x (CSMACA)
 Initial competition from Token Ring, later from ATM,
now none!

©NetProWise
Ethernet History
 Developed by Xerox Corporation.
 Initially controlled by DEC, Intel, and Xerox.
 IEEE started its standardization in late 80s.
 IEEE 802.2 Specifies LAN Message Format.
 IEEE 802.3 Specifies Ethernet Hardware standard
for Ethernet.
 Issue with Internet TCP/IP standard!

©NetProWise
Typical Ethernet Configuration

©NetProWise
Media Access – Carrier Sense Multiple Access Collision Detection
(CSMA-CD)

 Sense the media (Carrier Sense). If the medium is idle,


transmit, otherwise go to next step.
 If the medium is busy, continue to listen until medium is
idle, then transmit immediately.
 If a collision is detected during transmission:
 Transmit a jam signal for one slot.
 Wait for a random time and reattempt (up to 16 times).
 Random time generated according to exponential back-off .
 Collision is detected by monitoring the voltage, high
voltage ⇒ two or more transmitters are colliding.

©NetProWise
IP Layer
IPv4 Header Format (RFC 791)

©NetProWise
Subnet Addressing

netid subnetid hostid

©NetProWise
Subnets

 IP Address is divided into 3 parts


 Network Id, Subnet Id, Host Id
 Subnet Id need not start on 8 bit boundaries
 Applies to Class A, B, and C

254 subnets 254 hosts


8-bits 8-bits
16-bits Net Id
Subnet Id Host Id

Subnetting a Class B Address

©NetProWise
Subnet Mask

 Each host needs to know its IP addresses


 Host also must know its subnet Ids
 Subnet Id is Specified with 32 bit mask
 Subnet Mask is also represented by dotted decimal
notation
 Examples:

16 bits 8 bits 8 bits


netid subnetid hostid
11111111 11111111 11111111 00000000 = 255.255.255.0

netid subnetid hostid


11111111 11111111 1111111111 000000 = 255.255.255.192
©NetProWise
Host Sending

 Host
 knows its IP address and subnet id
 knows its MAC address
 knows its Gateway’s IP address
 Application provides Server’s
 (Destination) IP address
 IP/Link Layer maintains ARP cache
 Server’s MAC address is required to complete
the datagram

©NetProWise
Host Receiving IP datagrams

 IP layer on host can be configured to do


routing in addition to acting as host
 When IP datagram is received, IP layer
checks if the destination IP is one of its own
IP addresses or an IP broadcast
 If so the datagram is delivered to protocol module
specified in the protocol field in datagram
 If not then
 If the host is configured as a router, then the
datagram is forwarded using the IP routing
table
 Else the datagram is silently dropped

©NetProWise
Address Resolution Protocol (ARP)

 ARP finds the physical address of a host given its IP


address by issuing an ARP broadcast within the subnet
 This information stored in ARP cache and used in IP
datagram transmission
 ARP cache is a table where each entry contains host’s IP
address and corresponding physical address
 ARP entries also contain host name and expiration
counter. Default expiration time is 20 mins
 ARP command can be used to list the entries of an ARP
cache - Example: arp –a
 ARP request timeout, Proxy ARP, Gratuitous ARP

©NetProWise
hostname
hostname
Resolver (1) FTP
IP address
(2) Establish connection
with IP address

TCP
Send IP datagram to
(3) IP address
(4)
(5)ARP IP
(8) (9)
(6) Ethernet
ARP Request (Ethernet broadcast) Driver

Ethernet Ethernet
Driver Driver

ARP (7)ARP IP
©NetProWise
IP Fragmentation
 Transport layer can send datagrams which are
larger than MTU
 Larger datagrams are fragmented at the source by
IP layer
 Assembled at the destination IP layer
 Fragments can be fragmented recursively
 IP fragmentation strongly discouraged!

©NetProWise
Characteristics of TCP
 Connection-oriented (state based)
 Reliable
 Timeout, Buffering, Checksum, Acknowledge
 Exchanges Byte Stream
 Different from message exchange, message
transparent
 Duplex

©NetProWise
TCP Header Format (RFC 793)

IP Header TCP Header TCP data

20 20 18

4 6

TCP Segment

©NetProWise
TCP Message Flags
 SYN Synchronize Sequence Numbers to initiate
connection.
 RSTReset Connection.
 PSH Push data to receiving process ASAP.
 URG Urgent pointer is valid.
 ACK Acknowledgement is valid.
 FIN Sender is finished sending.

©NetProWise
TCP - Connection Establishment

1. SYN: Requesting end (client) Server


sends the destination port
and source initial sequence
number (ISN) with SYN flag
set. Client
1. SY
2. ACK & SYN: The server ACKs N
this with its own ISN, the
next expected sequence AC K , S YN
2.
number from the client with
SYN flag set. 3 . AC
K
3. ACK: The client must ACK
this SYN with server’s ISN time
plus 1.

©NetProWise
TCP data flow

Open Connection

Client Server
databyt
e

time Ack for databyte


databyte
Ack for
databyte


Close Connection
©NetProWise
TCP – Connection Termination
1. FIN: Client sends a FIN Server
2. ACK: Server ACKs client’s
FIN
Client
3. FIN: Server sends a FIN
1 . F IN
4. ACK: Client ACKs server’s
FIN
2. ACK
.
.
time .
3. FIN
4 . AC
K

©NetProWise
Some TCP Terminologies
 Half-open: Server is waiting for SYN requests from
client
 Half-close: Client has no more requests and sent its
FIN and Server has even ACKed the FIN. But Server
has some more data to send to the client.
 Active/Passive close: It is said that the first host to
issue a FIN performs the active close , then the other
and second one becomes the passive close.
 Maximum Segment Size (MSS)

©NetProWise
Sliding Window
 Sliding Window parameter is used to:
 Guarantee the reliable delivery of data.

 Ensure the that the data is delivered in order.

 Enforces flow control between the sender and receiver.

©NetProWise