 where we finished last week, we introduced the IEEE 802.11 architecture, which shows the layers that the 802 standards cover, primarily focus on the physical layer and the medium access control MAC layer, with a common logical link control used by some of those protocols. So wireless LAN, there are different standards for the physical transmission of bits, so the way to represent the bits and transmit them as some radio signal, there are different approaches, giving us different data rates, and there's a common medium access control protocol, although it has some variants, some are used, some are not. We said there are different physical layers, so over time, since 1997, they've been improved, so new technologies become available, so they've developed new standards, giving us faster data rates, for example. And some of the things that we care about are the data rate, how fast we can send, how far we can send, the transmission range, what frequency do we transmit our signal at, and related what bandwidth, so what range of frequencies do we use, and also related how many non-overlapping channels do we have. We touched upon that last week, we'll see it a bit more this week, and we saw a summary of some of the characteristics for the different physical layers that have been improved over time, and there was another diagram last week as well. Let's just cover the basic principles we're going to assume about the physical layer, in particular the wireless transmission. In most cases, our wireless LAN equipment operates in a point-to-multi-point mode, where one device transmits, and because it's using radio, the energy disperses in all directions, and multiple devices can receive. It's not like one cable connect to another, whether it's point-to-point. There's only two devices that can, or one device transmits, one receives. It's different than that. It's my laptop transmits a signal. It goes in all directions, maybe not equally, with equal strength in all directions, maybe depending upon the shape of the antenna, it may go forward and back at some power level, and up and down at a slightly different power level, but effectively goes in all directions. Therefore, anyone surrounding my transmitter can potentially receive. We call this sometimes broadcast radio. Radio is referring to the range of frequencies we're using. Broadcast means send to everyone. On two dimensions, we illustrate that. We have some transmitting device. It transmits some signal which goes in all directions. Anyone within this circle can receive that signal, where the distance or the radius of this circle, the distance from the transmitter to the edge, would define us the transmission range. That is, anyone outside of this circle cannot receive. Anyone within the circle can receive the signal, if we know the transmission range of our device. Unfortunately, in real life, the transmission range may vary, or it depends on many different factors. We cannot imagine that my laptop transmits in all directions equally. It doesn't provide a perfect coverage of a circle or a sphere in three dimensions. But for simplicity, we normally assume that we transmit, then we provide some coverage. Anyone within that coverage area can receive the signal. With our wireless LAN equipment, we're normally using a range of frequencies which are free to use, but unlicensed or in an unlicensed spectrum, at least in most parts of the world. It's actually up to the country regulators to control which portions of spectrum can be used for which purposes. In most countries, around 100 MHz or more of bandwidth in the 2.4 GHz range is unlicensed, and in most countries around the 5 GHz range is also unlicensed. Most wireless LAN equipment transmits in one of these frequencies, 2.4 GHz or 5 GHz. The most common being 2.4 GHz. Using unlicensed means anyone can use the frequencies, that is, you can buy a wireless LAN transmitter and use it on one of the specific frequencies here, and you don't have to pay to use that range of the frequency. There's no licensing involved, it's unlicensed. But because anyone can use it, the regulator, the organization that controls which frequencies can be used, normally puts some rules on how you can use it. Anyone can use it within some conditions. So those conditions may specify what bandwidth you can transmit at, and in particular what power you can transmit at. That is, they limit the transmission power. So and again, it's up to the country to limit the transmission power. For example, your wireless LAN device may have a limit of one watt. If you have a device that transmits at two watts, you're breaking the law, for example. So there may be rules that say that the maximum transmit power of your device is one watt, or maybe in the past it was 100 milliwatts even. Why? Because if you transmit at a higher power level, you transmit across a higher distance, which is good for you, but you can potentially interfere with more people. The larger the power you transmit at, the larger the circle in two dimensions, and the more other receivers can hear your signal, even those that it's not intended for. So by limiting the transmit power, you limit the number of other receivers that you can interfere with. Still, because anyone can use the frequencies, it's easy to have interference between devices. There's nothing to stop, so if you set up your wireless LAN in your home just for laptops inside your home to an access point, there's nothing to stop your neighbour from setting up one in their home, and they may interfere in the transmissions. So a main part of the 802.11 standard is defining rules for how to cope with that interference when multiple people transmit. This defines some assumptions that we are going to make for the rest of the discussion of the wireless LAN. Some simplifying assumptions about the physical layer. So we can study the medium access control layer. First we'll assume that we can define a transmission range. So when a device transmits, the transmission range is the distance at which the, or the maximum distance from which another device can be away from the transmitter that can still successfully receive the transmission. So if I have a transmission range of my laptop of 30 metres, then we'll assume that anyone within 30 metres of my laptop can successfully communicate with my laptop. That's the idea there. If they are 31 metres away, they would not be able to communicate. In practice it's not like that, because the transmission range or the distance between transmitter and receiver at which they can successfully communicate depends upon the obstacles in the environment, the walls, the people, the chairs. It depends upon the frequencies being used so it can vary in different directions. For simplicity we would normally define, okay, there's a transmission range. If you're outside of that, then no interference and no communications. We will assume that our transmissions go in equal strength in all directions. That is omni, or in fact an isotropic antenna is the theoretical antenna. That is when my laptop transmits, if I say I have a 30 metre transmission range, that I mean 30 metres to the left, to the right, up, down and in all directions is the distance at which devices can receive. Again in practice that's not true. That is the antennas, the antenna design has an impact upon the transmission range. It may be that it's further in one direction but less in another direction. But for simplicity, assume in three dimensions the transmission range is defined by some sphere around the transmitter. That's simple. We have a transmission range. Another assumption we will make is that the device cannot transmit and receive it at the same time, which is quite common for devices, for wireless devices. That is it works in a half-duplex operation. You can transmit but while you're transmitting you cannot receive. If you want to receive then you need to stop transmitting. You can do one or the other, not both. Why is that the case? Well, implementing a device, a transceiver that can do both is quite difficult. Because think about if you transmit, you're transmitting some energy out. If you have your receiver on then effectively you're transmitting energy into that receiver at the same time and that will cause interference at the receiver from other transmitters. So in most wireless devices you either transmit or receive, not both. We're half-duplex. Of course in wired networks, that's not the case. In wired networks most cases we have full-duplex operation. In our LAN cables, we have some lying around, full-duplex is very easy, well it's not full-duplex across a wire but inside this LAN cable there are multiple wires. So we transmit on one pair of wires and receive on another pair. So we effectively have full-duplex operation in a wired network, which is better because we can be doing transmitting and receiving at the same time. And we can effectively double the performance of a network using full-duplex. We cannot do that with wireless, not easily anyway. The other thing, the last assumption is that our device cannot successfully receive transmissions from two or more sources at the same time. So if there are two devices transmitting and they're both within range of my laptop, so one device is 10 metres away, another device is 5 metres away, they're both transmitting. If one of them is transmitting to my laptop and the other is transmitting to someone else, my laptop receives both of those transmissions. If they overlap in time, we will assume that my laptop cannot successfully understand either of those transmissions. We say there's a collision between the transmissions or if we talk about frames or packets, a collision between packets. That is we do not receive any data and that's a problem because we need to do something about that. Most likely we'll have to perform a retransmission such that we can receive the data. So if two or more devices transmit at the same time, or at least overlapping in time, and both of those transmissions are received at the receiver, there's a collision at that receiver. We could illustrate that. If we show on the horizontal axis time, let's say we have four devices, A, B, C, and D. Four wireless devices for laptops or one of them is an access point, it doesn't matter. A is going to transmit something to D. B is going to transmit something to C. Assuming they're all within range of each other, which means when A transmits to D, in fact the signal also goes and would be received by C. And similar when B transmits it may be received by D. Focusing on C, let's say A starts transmitting to D, so it's transmitting say for this portion of time, it has some bits to send, a packet to send. It takes some time to transmit it. This diagram is showing it takes this time from here to here to transmit. So A is transmitting during this time. And at the same time or some time later, B starts transmitting, let's draw it here. Let's say at this point in time, B starts transmitting, takes some time, maybe longer than A has to transmit, it's a different piece of data. From the perspective of C, this is a collision, the transmission of the data by A and the transmission of the data by B overlap in time at the receiver C. So from C's perspective, the receiver, there's a collision and it cannot understand any of the data being transmitted. It treats it all as noise. It cannot interpret what the bits were in this sequence or in this sequence. So we'll later refer to these as frames or as packets, a defined sequence of bits. So if two or more transmit at the same time, we get a collision. And if we get a collision, we don't receive any data, and because normally we want to make sure the data is successfully delivered, sometime later, if we want to get that data from A to D, A will have to retransmit, have to send it again. And that's bad for performance because A transmits the data, realises there's some problem. Later retransmits, if it's successful the second time, that's good, but it's taken a long time to get that original piece of data from A to D in this case. So we want to avoid this case. If we have collisions, our performance will be bad. Of course, we could have multiple, more than two devices transmitting. Be clear, a collision is not just when two devices transmit at the same time, a collision occurs at the receiver. It's not so much about the transmitter, it's the receiver. So if two or more devices transmit at the same time, and they're both within the range of the receiver, there can be a collision at the receiver. Of course, if the two devices transmitting are a long way away from each other, then there may not be a collision. Why is it the case that we consider this a collision? Because if we look at the receiver, it's receiving some energy from A. It has, there's some modulation scheme and it decodes, the signal received, it decodes and gets bits out of it. But the problem is there's also some energy coming from B and those signals overlap in time and basically add together and therefore the total received signal cannot be interpreted by the receiver C. So they cannot understand any data. The same as when I talk and someone else talks in the class, then other students cannot understand because there's a collision in the transmission. Our ears are sometimes a bit better than our receivers because our ears can detect when multiple people transmit. We can detect and make sense of some information, but we're assuming that our receiver, and it's most likely the case, to a more send and it cannot detect what was sent by either. That's all we're going to talk about with the physical layer and now we're going to move up to the medium access control layer and we'll see that those assumptions that we just went through have a large impact about how we send data using the medium access control layer. In fact there are two parts of the MAC, the medium access control, is how to manage the network and then how to send data. So the physical layer is about how to get our bits from A to B, source to a destination. And in fact we don't just send a sequence of bits we see in the MAC, we define a frame. So there's some header, some information we want to send and maybe even a trailer at the end. We transmit that by the physical layer. The management side is how to, I think it's on the next slide, okay. So physical layer, getting the data across the wireless medium. The MAC layer, two main things it defines, how to manage the network. Remember we have an access point, we have laptops, clients. The management of the network includes how does your laptop know that there's an access point nearby, how to discover other devices. Once you know about other devices, how do you join the network? And similar when you want to leave the network, what are the procedures for doing that? So these are the management procedures which we'll go through first, joining a network discovery. Once we discover and join a network then we can send data. So we can start downloading files, sending emails and so on. So another part of the MAC layer is defining how do we efficiently send data across a wireless medium. In particular dealing with these cases of collisions. How do we avoid collisions? What do we do if there is a collision? How do we make sure that if my laptop wants to send and someone else's phone wants to send at the same time that they get some equal sharing of the opportunity to send, some fairness. So that's about the data transmission. The MAC layer is common across all the different physical layers. It doesn't matter if you're using 802.11a, b or g, the mechanisms used here are the same. So we'll go through them. Some parameter values are different but the general mechanisms apply across all the physical layers. There have been some improvements but we'll focus on the basics. What else the MAC layer? I think we've mentioned before the MAC layer uses hardware addresses to identify who we're sending data to and who to respond to. We need an address and we use 48-bit hardware addresses or Ethernet addresses, the same type of addresses that are used in a wired LAN. These are defined by IEEE. Why do we need an address? Well again with broadcast radio or point to multi-point if I transmit and there are multiple receivers in range I want my data to go to one of them. Only five different devices receive my transmission using the destination address, those devices know if that data is to them and they should process it or if it's to someone else and they should ignore it. So we need an address to know who is the data destined to and similar who to respond to when we send data back. So we'll go through the MAC management first and there's access points as you know all around the campus. So let's say this access point has power, it has as you'll see over the next few weeks it has four ports on the, well five ports on the back, a group of four and then a single one will take in LAN cables. The basic setup is that one of them is you connect to your say called the internet connection and let's say we'd plug this into the SIT wired LAN, the others may be used if you want to plug a PC in here. So we have one of these cable, with a cable going into it, connecting to SIT wired LAN it's connected to our wall or out in the corridor. I turn on my laptop how does it know that there's an access point out there or somewhere nearby? And that's what the first part of the MAC management is. How to discover the presence of an access point. Before we discuss that there's one thing I've skipped or haven't mentioned but in 802.11 there are in fact different modes of operation. The most common mode is that your laptop, the client communicates with an access point. So what's called infrastructure mode. There are access points with cables in them and power and the clients communicate direct with an access point and then usually out to a wired network. I think some of you may know that there's another mode with wireless LAN. What's it called when you don't use an access point? Anyone used it on a phone or a laptop? When there's no access point involved. How's it work? What's it called at least? Wireless LAN when there's no access point. Anyone used it? Let's say there's no access point at your home. You don't have an access point but you've got three friends or two people with a laptop. With wireless LAN you can have an ad hoc connection. So it's got different names but ad hoc is usually the common name. You have an ad hoc connection direct from laptop to laptop or client to client. What's called Wi-Fi direct, a direct connection between two clients. So that's another form of operation but most commonly it's client access point and that's what we're going to describe in most of this topic. Some of the procedures apply for the ad hoc mode but we'll focus on using an access point. So I turn on my laptop, it starts up, my operating system starts, the computer boots, operating system starts, my application starts. I need some wireless network connectivity. The first thing it does is tries to discover the presence of an access point and there are two ways to discover and they both use quite commonly. There's a what's called passive discovery where the access point periodically sends out special types of frames, special types of messages and they are broadcast. So the access point is always transmitting something to everyone, anyone within range. So anyone within range of that access point, when I turn on my laptop, if it's within range of the access point, I'll hear one of these special frames called beacon frames. So it sends out beacons and the meaning of these beacon frames is really saying I am an access point and this is my ID. It's the access point telling everyone within range that it is an access point and then the client can potentially connect with that access point. So that's the first way of discovery. Is periodic broadcast of beacon frames? Any client that receives a beacon frame has discovered an access point. I'll show you the structure of a beacon frame in a moment. Of course in SIT for example there are many access points. There's some downstairs, upstairs, multiple along the corridor. You may be within range of multiple access points. So when I turn on my laptop, what my laptop wireless device may do then is let's say it waits for two seconds and in that two seconds it may receive multiple beacon frames from different access points. It may receive from an access point on this floor and one from upstairs. So I may have multiple access points that I learn about. And then it's up to either the operating system, the user or the client application to choose one of them because we can only connect with one access point at the time. So we learn about access points using some passive discovery, listening or receiving beacon frames, but another way is that the client can actively discover access points. We send a special frame called a probe request. So we probe for access points. So my laptop when it turns on it sends out a probe request. This is broadcast, meaning it's destined to everyone who's within range. If an access point receives this then that access point may then respond with a probe response saying I am an access point. So the probe request is meaning I am looking for an access point. If an access point receives it, it may respond with a probe response. So this is an active discovery method, active in that the client initiates it, whereas the beacon process is a passive discovery where the client just sits there and waits until it hopefully receives a beacon, so two different approaches. In practice it's up to the client software to determine which one to use and how to use them and most cases your operating system will use both. What's the problem with a passive discovery? What's the problem with using beacons? Why we need the others? We need to broadcast the SSID. Everyone can see it. That is we'll see in the beacon frame it includes an identity of the extended service set. So if your access point is always broadcasting that anyone who's within range of that access point can learn the identity of that network. That can be a potential security problem. In fact it's not or at least the way to avoid that problem is not by in practice to provide security in a network you need other techniques than just stopping broadcasting beacons. But yet that's true, that you broadcast, you advertise what your network is called So a security implication, anything else? What else is wrong with or could be a problem with waiting for a beacon? Potentially if many access points are transmitting beacons and are transmitting quite frequently then it means that there's potential for interference between beacons and between beacons and data but it has to be quite frequent to do so. The other thing is that you wait for beacons. You turn on your laptop, you're waiting for someone else to do something. Passive discovery means you do not initiate the discovery. So there may be some delay before you learn about the access points. So that can be a small problem sometimes because if an access point only sends a beacon every 10 seconds then your laptop will not know about that access point for a maximum of 10 seconds. So you'll have no network connectivity for 10 seconds. But in fact it's not so much a problem because by default access points send much more frequently say 10 per second and so active discovery can be used in a combination. If you want to quickly find an access point then probe for access points. Once you discover an access point you cannot send data you need to join the network. So that's the discovery phase and once it's discovered you join a network and the procedures or the two steps to join a network there's an authentication step for the access point to check who you are to check that you're allowed to access the network. And once that's successful there's this association step where you associate with an access point and which is really registering the client with the access point. So there's two steps involved there. This diagram tries to show one example of those steps identifying the frame types. We haven't defined the structure of these frames yet I'll show you through an example what they look like but for example in this diagram let's say this is we call this a frame a sequence of bits it has some structure it has a header and the fields are defined. So these are frame types within wireless LAN. One frame type is a beacon another is an authentication request. So here's an example where an access point is periodically sending beacons in fact we only show one in this example. When our client turns on and receives that beacon it has discovered the access point. It may discover multiple and have to choose one of them. Once it's chosen one access point to connect with or to join with it goes through these two steps of authentication and association and the way that they both work is the client sends a request to the access point the access point responds. Both authentication request, response, association request, association response. The authentication request the access point once it receives the request can check whether the client is allowed to access the network. So some security check so there may be some credentials required for example some password needs to be sent or at least some operation using a password and some resulting data sent. The access point checks if it's correct if so it can send back a successful response. If it's not correct then it can send back an error to say it's disassociated or deauthenticated. So if it's successful if that client is allowed to join the network then they move to the next step send to the associate request and then the access point records some information about that client sends back a response and after that they can send data in either direction. Client can send data to the access point and vice versa from access point to client. So at this point we're let's say associated with an access point and we can transfer data. Before that we're not allowed to send any data. There's also procedures for leaving a network so you're shutting down your computer or you click to disconnect from the wireless then the client can disassociate and or deauthenticate and similarly the access point can disassociate can tell the client it's no longer associated with the network. Either can initiate these and once they're initiated then both sides can no longer send data. So they break that connection. There are some other types of messages which that you can re-associate as well. You associate with one access point, you're walking along and you're moving out of the range of that one and getting closer to a second access point you can re-associate with that second access point which saves some time in the association. It assumes that those access points are in the same extended service set. For example WSIIT so they have the same name so there are some other mechanisms. This doesn't show the probe request or probe response. If there was no beacon or as well as a beacon the client can send a probe request and the access point can respond. So that's also possible. Let's look at the frame types. So we have beacons, probes, authentication messages, association messages. In fact there are also de-authentication, disassociate and re-associate. So there's a few more types. These are what we call management frames. They are frames used to manage the network. Where are they? Before we look at the data transfer let's look at the structure of those frames. There's some on the slides but I'll show you an example. Anyone knows Wireshark? Anyone not know? I think not know. I think the EC students have done it as well, they've used Wireshark before. So I think everyone's seen Wireshark. I'm using it here just to display a set of packets which have been captured. I've captured these in the past like one or two. In fact this is from ITS 323 last semester. It's a list of packets which were exchanged across a wireless LAN. So what I did to get these packets was I had my laptop and I listened in to all the packets sent by someone else or by other people. Let's look at some of them just to look at the structure of some of the frames. The first frame, the highlighted orange frame is a beacon frame. As we see from the summary information it's a beacon. It sounds a bit wet, makes some space. And in this case we can see the source and destination addresses. So the sources are an address of some device, an access point. Because it's coming from a beacon, beacons send access points. I'm getting confused at the end of the day. Access points send beacons. This is the address of an access point. I don't know where it was where I did this I think in the other building. Note the destination address. This is a special address for hardware addresses. Similarly in IP addresses we have special case addresses. We have the local loopback address. We have directed broadcasts. We have net masks and so on. In hardware addresses we also have special addresses. And this all Fs address in binary is all ones. So 48 ones, because our MAC address is 48 bits in length. And this is just in hexadecimal form, all Fs. This address is the broadcast address. This means that the frame is destined to everyone who receives it. So it was transmitted by an access point. The destination is the broadcast address. Which means anyone who receives this frame should process the frame. Any for example laptop, any client that receives the frame should process it. So my access point transmits this frame. My laptop receives it, someone else's mobile phone receives it, someone's tablet receives it. Because of the destination address is the broadcast address, all of those client devices will process this frame. That is they'll look at the contents and may perform some operations based upon that frame. So this is broadcast. Now it gets confusing because in the wireless LAN everything we transmit is broadcast. When I transmit that frame everyone within range receives it. But you only process it if the destination address says so. So let's try and illustrate that. Here's my access point. And there are three devices. And they have some MAC address, whatever. They have their own MAC address. Those MAC addresses identify those devices. The access point also has a MAC address. Let's say it's the one shown as the source up here. I'm not going to write it down. When the access point transmits something these clients are all within range. So let's say the range is covers all of those devices. So they're all within range. So when it transmits because it's broadcast radio all devices receive that frame. So that's our broadcast radio working. But when they receive it they look at the destination address in the frame to determine whether they process it. There's a difference between receiving it and then doing something with that frame. They'll only process that frame if the destination address in the frame matches their address or if the destination address is one of these special addresses like the broadcast address. So in this case our access point sends the frame. The destination is the all-f's address. All three will receive and all three will process that frame. If the destination instead of the all-f's, if the destination was, for example, our AA address, that is this address. If the destination of our frame was this client address, again all three receive that frame, only this client processes the frame. The other two clients discard the frame. They throw it away. They don't do anything with it. So even though they all receive it, it's broadcast radio, only one of them processes. That's a unicast transmission. So it gets confusing sometimes about we talk about broadcast, everyone receives it but in fact only some of them process it depending upon the destination address. The beacon is of course a broadcast to all devices, hence that special case destination. Let's look at the structure of that beacon frame. With Wireshark it presents information, so we capture the frame and it presents in some aims to be user-friendly format to summarize the information about that frame. Normally we can look at it at a layered perspective. We could draw the packet and I know some of you have been taking my lab last week and you had to draw packets or this week. How do you draw this packet? The beacon frame. Do you want to draw the packet? Yeah? Okay. Just draw on the board what you think of this frame and the hint, focus on this part. How do you draw that packet? So when I say draw the packet normally we at least identify the headers and the data inside that packet. And what type of header? So we give the header a name, usually the name of the protocol. The beacon. Okay, he's on the right track. Let's say management is a summary. Management. Okay, show everyone. So he's drawn the frame. Is it correct? That's the question. So by looking, Wireshark shows in a convenient form of the, if we look, I think in a layered perspective from the top layer in our five or our layered stack and going down, this is the top most and so on. So we draw the packet normally as saying, okay, this information is contained inside a beacon frame. This is contained inside something else and so on. And that's the way he's drawn it, that the management information is contained inside a beacon frame and then that's inside radio tab. And Wireshark, this top level frame refers to the whole thing. So that's just the way we read Wireshark. But it's wrong. Okay, don't copy it down. That's how I've taught some of you to read Wireshark, but there's a special case here. That's my point, that this radio tab header is not a real header. There is no header for the radio tab. What radio tab is, it's some information that Wireshark is reporting about the wireless transmission. So in fact, if we want to draw this packet, this frame, we'll draw it just as this. It's an 802.11 frame. It contains something about the beacon and specifically about the management information. Sometimes we'll just refer to this or simply this is a beacon frame. So when you look at Wireshark, don't be or be careful when you see radio tab, the radio tab header. It's not a real header from what we think of when we draw a packet. What is it? It's some information when we zoom in, some information about the wireless transmission. For example, the data rate that we sent with. The frequency we sent, we used. Something about the signal strength. This is not contained inside the packet. It's what your receiver measures. And it's simply passed from your driver, your wireless device to your driver to Wireshark so that you can see some of these statistics or details. But it's not a real header. That's my main point here. It's just something that Wireshark does to make it a bit more convenient to see that information. What does it actually show us, the radio tab header? Things about the physical layer. The data rate of this transmission, the frequency, some information about the radio transmission. For example, what frequency range or what spectrum was used, the 2.4 gigahertz or the 5 gigahertz. What modulation scheme was used, CCK and so on. Signal strength, something about the physical layer. So that's a special case we see when you capture wireless land frames. You may see the radio tab header. Simply don't be confused about that. It's not a real header. What we draw the frame as is drawn on the board here. Let's look inside and see some details. So a beacon frame contains information, or the information we'll see here. It's structured into two parts really. This general part, shown as the beacon here, and then the more specific features or fields for the beacon. We'll see some other frames, not beacons probe request, probe response and so on, have a similar structure, and there's some common parts to them. So there's a type and subtype. So a one byte field, eight bits that identifies the type of wireless land frame, and in fact there are subtypes of wireless land frames. There are many different types and subtypes. I don't have a list on the lecture notes, but I have a web page here that lists some of them. You don't have to remember them. There are what's called, there are three types. There are management types, management type frames, type zero, and within the management type there are multiple subtypes. There's our beacon, which is subtype eight. There's probe request, probe response, the ones we've mentioned, association request and response, reassociation and so on. So they are all management frames. Then we'll see later when we look at the data transfer, there are data frames, type two, and there's just one subtype there, type zero, that's the frames that contain actual user data. And there are a set of control frames, things for helping the data transfer. For example, acts. We send some data, we get an acknowledgement back. So there's an act frame, and there's some similar RTSCTS, which we'll discuss later. So there's three types, and within some of those types there are subtypes. I'll point you to this website, you may use it in your assignment. Then there's what's called this frame control field, which shows us the version, well it gives us the version, the type, the subtype and a set of flags. Flags are one or in some cases two bit values that indicate some feature is on or off. For example, this flag, the fourth bit here indicates whether we're using power management or not, to save power or not. In this case, no. The last two bits indicate what sort of, what mode we're using. Access point or ad hoc mode, and what direction that data is traveling in. Is it going to an access point or coming from an access point? So some of the features, if we use fragmentation, is this a retransmission, no, and so on. So some flags are used in that header. There's a duration field which we'll not discuss, it's not relevant for the beacon at the moment, but it's relevant for the data transfer, we'll see that. And of course the source and destination address include the frame. In fact, in the wireless land frame there are three types of addresses included. At least three. There's the original source, the final destination and the BSS ID. What is the BSS ID normally? It identifies the basic service set and where does the value come from? The access point. The BSS ID is the access point MAC address. So the access point in this case has a MAC address, in fact you'll see these, it's written on the bottom of them, or in the configuration. The BSS ID is normally the access point MAC address. We're not going to confuse it with the ESS ID, which is the name, for example, WSIIT, the name of the entire network. In this case the destination is our broadcast address, everyone. The source is the access point. So the source and the BSS ID address are the same. In other cases when we see data transmission we'll see that they differ, but there are three addresses normally in the header. We may have fragmentation, we may have to divide data into multiple fragments and we'd record which fragment here and we can have sequence numbers. So you will see that this frame is sequence number 2418. If you look at the next one we'll see it's 2419. So the access point periodically sends beacons and just increments the sequence number. And then we see some information which is specific to the beacon, some parameters. And these are mainly parameters or these are information about the access point. So the access point sends out beacons, whoever receives a beacon learns about that access point. What do they learn? They learn the information in these two sets of parameters, the fixed and the tagged parameters. There's a time stamp that the access point uses, so when we receive multiple beacons we can see the difference in time. We have a beacon interval. This is saying how often this access point sends beacons. In this case about 10 per second, so every 100 milliseconds, 102.4 milliseconds, but about every 100 milliseconds this access point sends a beacon frame. 100 milliseconds later it sends another one and another one. And in fact we see that in our capture at the top. This is one beacon frame, about 100, in this case 110 milliseconds later a second one and at 200 milliseconds 300 multiple beacon frames. That's in fact the default rate at which beacons are sent. Then there's a list of capabilities that this access point offers so the client knows what the access point can do and can choose it. For example, we will not go through them all, does it support encryption using WEP for security? Some features which are supported by the physical layer, short preamble, some optional features which are available in the standard. So a list of features are given there. And then some other parameters which are usually optional. We see what they are, scroll down. The ESS ID is simply or sometimes we just see it short as the SS ID. This is the name of the network. So that's advertised by the access point in this case, ITS 323 in this example. The supported data rates, remember our physical layer provides some data rate. In fact, what the data rates we've mentioned are mainly the maximum data rates. Normally multiple data rates are supported and the devices choose one which suits them. So in this case, we can see the data rates supported by the access point. One megabit per second, two, five and a half, up to 18 megabits per second. What devices support 18 megabits per second? What standard do you think is being used by this access point? IEEE 802.11, what letter? A, B, G or N. Anyone want to guess? A. All right, there's one wrong answer and that's B. B supports up to 11 megabits per second. And we see that this one supports more than 11. In fact, it tells you here B supports one, two, five and a half and 11. G supports higher rates and the same frequency. So 11A is only operating in the 5 gigahertz. 11G in the 2.4 gigahertz and we saw above was 2.4. So this would be G, possibly N, but I can tell you because we use one of those access points, it's G. So it supports 18 megabits per second, but G supports up to 54 megabits per second. These are mandatory data rates. So of the set of data rates, some devices must support some of them, this set. Others are optional. So it's up to the device whether it supports it and we see later extended supported data rates. We see 24 up to 54 megabits per second. So in fact, the access point supports one, two, five and a half, 11, six, nine, 12, 18, 24, up to 54 megabits per second data rates. And the client and access point will choose a data rate which they both support and that gives them appropriate connectivity. And we'll discuss later that it can automatically switch between them. You can be using 54 and drop down to 48 or you can be on 18 and increase up to 24. It's a feature of most devices. The rest is some other characteristics supported by the access point. Current channel, so channel nine. DTIM is about, is used mainly for power save when you want to save power and turn off or make your client sleep. What else can I recognize? And there may be some specific parameters which depend upon the manufacturer. So some companies support it, some don't. Maybe it wasn't 11G, maybe it was a different access point. I think when I did this experiment I used one of the newer access points, the white one we've got, which does support 11N. It looks like it here. So it supports 11N, high throughput, multi-media capabilities. So many different features of the access point are advertised here. When the client receives this beacon it knows what features that access point supports. When it receives beacons from multiple access points, it can use those features to select the best one, select the one it wants. And to disregard others. So that's the structure of the beacon frame. Just to finish, before we look at our access points, we can filter based upon the type and the subtype. So we just looked at beacon frames which were subtype 8 from this table. Beacons were type 0, subtype 8. We can also find the probe requests and probe responses. Probe requests, for example. I hope there's one there, 4 and 5, subtype 4. So we can see probe requests and they have the same structure or effectively the same structure. It's just a different type. We see the probe requests and the general management features here. The features supported by the client in this case. And we see this is the same as in the beacon. And in the probe response, similar structure again. Just different frame type. All the features supported by the access point. We can also, we will not do it today. You can look and you'll do it in your assignment is your capture traffic. So you'll get a capture like this and you should be able to see the other types of frames. The beacons, the probes, the authentication and association messages. And you can see the structure of the headers. Let's stop there because I want to distribute the access points and record who has them. We'll continue tomorrow with a little bit more about the structure and then move on to how do we send data. Once we've discovered and joined a network, how do we send data across that network?