## Carrier Sensing
- CSMA/CA still requires carrier sensing
- Physical carrier sensing in Wireless networks is problematic
- Hidden node problem (what CSMA/CA is supposed to solve)
- RTS threshold
- Small frames are just sent
## Virtual Carrier Sensing
- The Network Allocation Vector (NAV)
- NAV allows reservation of channel for a period of time (max 32,767 microseconds)
- NAV is a countdown timer for a _channel_ (not network)
- When NAV reaches 0, the channel is free
- Station sending RTS sets NAV
- AP will retransmit CTS with shorter NAV
- Allows atomic operations
## Interframe Spacing
- Way of prioritizing traffic
- Higher priority traffic waits less time after channel is idle
- Short interframe space (SIFS)
- CTS, ACK, fragments
- Frames in multi-frame sequence
- DCF interfame space (DIFS)
- Normal wait time
- Extended interframe space (EIFS)
- For errors
## Contention-Based Access
- Distributed Coordination Function (DCF)
- Know how to spell it
- Exponential backoff when medium is not idle
- Fair game if idle longer than DIFS (idle includes NAV)
- Unless previous frame had errors, then EIFS
- Sender expects ACK for unicast, responsible for retransmit
## Backoff
- Backoff window follows DIFS
- Also called contention window
- Window filled with random slots
- Stations pick a random slot before attempting to access medium
- Even the first time
- Size of backoff window increases with failures
## Fragmentation
- Fragments separated by SIFS
- Allows station to retain control during fragment burst
- Avoid interference
- MTU separate from fragmentation threshold
- Often frag threshold = RTS/CTS threshold
## Fragmentation
## Fragmentation
## Frame Format
- Compared to Ethernet, missing preamble + type
- Encapsulation data (type) contained in 802.11 MAC Payload
## Frame Control
## Frame Types
- The Frame Type / Subtype is set in the Frame Control field
- Data frames
- Control frames
- Management frames
## Management Subtypes
- Association Request/Response
- Reassociation Request/Response
- Probe Request/Response
- Beacon
- Disassociation
- Authentication/Deauth
- etc.
## Control Subtypes
- PS-Poll
- RTS/CTS
- ACK
- etc.
## Frame Control
- From or To distribution system (how to interpret address fields)
- ToDS is 1 when data frame toward AP
- More fragments
- Retry bit set for retransmissions
- PM indicates if station is sleepy
- More data indicates buffered frames available for dozing station
- Protected bit set if frame encrypted
- Order bit indicates the desire for strict ordering
## Duration/ID
- This is the NAV
- Except during PS-Poll
- Becomes AID
## Addressses
- Destination
- Final recipient
- Source
- Unicast MAC of sender
- Receiver
- Immediate recipient
- Transmitter
- Station transmitting frame onto Wireless
- BSSID
- AP MAC
## Address Fields
- ToDS, FromDS affects what shows up in Address fields
- FromDS
1. RA/DA
1. TA/BSSID
1. SA
1. not used
- ToDS
1. RA/BSSID
1. TA/SA
1. DA
1. not used
## Address Fields
- FromDS AND ToDS (wireless bridge)
1. RA
1. TA
1. DA
1. SA
## Sequence Control
- Broken into Frag ID and Sequence
- Like the ID/Frag offset field in IP
- Allows for fragmentation reassembly
- 802.11 does not allow pipelining
- Only one outstanding frame at a time
## Frame Check Sequence
- Checksum
- This is a CRC
- All fields in header and body included
- No ACK if FCS fails
## Encapsulation
- More complicated than Ethernet
- Uses 802.2 LLC
- Payload always starts with LLC header
- SNAP DSAP and SSAP originally supposed to be large enough for number of protocols
- Oops
- Now we ALSO tack on the Type field
- Other fields essentially hard-coded
## Encapsulation
## Broadcast / Multicast
- Group address in Address 1 field
- Cannot be fragmented
- NAV set to 0 (no frames to follow)
- Lower service quality due to lack of ACK
## Unicast
## Powersaving
- The radio amplifiers in the system are, by far, the most power-hungry pieces
- AP buffers and sleeping stations wait
- Stations wakes up periodically to send PS-Poll frames
- AP can respond immediately or wait
- Implied NAV of SIFS + ACK
- Gives AP a chance to respond
- Station cannot go back to sleep until TIM bit in beacon is clear
## Powersaving Immediate Response
## Powersaving Deferred Response
## Wireless to Wired Bridging
1. FCS checked
1. Check Address 1 against BSSID (AP MAC)
1. Remove duplicates
1. Decrypt
1. Re-assemble fragments
1. Address 3 to Ethernet destination
1. Address 2 to Ethernet source
1. Type from SNAP copied to Ethernet Type
1. Recalculate FCS and append
1. Transmit
## Management Frames
- Services like auth, assoc, and reassoc
- Never passed to the distribution system
- Never relayed by APs
- No LLC
## Association Request
- Capability information
- Listen interval
- SSID
- Supported rates
## Association Response
- Capability information
- Status code
- Association ID*
- Supported rates
## Reassociation
- Same ESS
- Different AP (BSS)
- Like association
- Includes Current AP Address
## Probes
- Active attempt to look for networks
- Wardriving
## TIM
- Included in Beacons
- TIM is up to 2008 bit bitmap
- Each bit is 0 or 1, based on association ID
- If 1, AP has frames for waiting station
## Auth and Deauth
- Deauth can be spoofed
- Great if you need a handshake...