Wireless frames work mainly in 2 layers of TCP/IP stack – Layer 2 and Layer 1.
Layer 1, 2 are subdivided into two sublayers.
Layer 2 sublayers:
LLC (Logical Link Control) – Data units received from the higher layers called MAC service Data Units are processed here (MSDU). The max. Length of an MSDU = 0-2304 bytes and an Aggregated MSDU = 7935 bytes.
MAC (Medium Access Control) – This layer uses a MAC header with the MSDU to form MPDU (Mac Protocol Data Unit). MPDU in Mac Layer = PSDU (Physical layer Service Data Unit) in Physical Layer
Max. Length of MPDU = 4095 bytes
Max. Length of A-MPDU = 64k
Layer 1 sublayers:
PLCP (Physical layer Convergence Procedure) uses PPDU (Physical layer Protocol Data Unit) that includes HDR to PSDU along with the preamble to synchronize between the transmitter and receiver.
PMD (Physical Medium Dependent) – Modulated bits
Frame Format
Duration (in microseconds) specifies the time that is allocated for the successful transmission of MAC frame.
ID indicates the association ID of a wireless station during a power save mechanism and used only in PS-Poll frame.
Type and Subtype decides on type and subtypes of a wireless frame.
Wireless frames are mainly classified into three types:
- Management Frames (Type 0) – mainly handles joining and leaving of wireless stations with
a BSS. There is no MSDU in this type of frames.
| Subtype | Bits |
| Association Request | 0000 |
| Association Response | 0001 |
| Reassociation Request | 0010 |
| Reassociation Response | 0011 |
| Probe Request | 0100 |
| Probe Response | 0101 |
| Beacon | 1000 |
| ATIM | 1001 |
| Disassociation | 1010 |
| Authentication | 1011 |
| Deauthentication | 1100 |
| Action | 1101 |
| Action No ACK (NACK) | 1110 |
- Control Frames (Type 1) – controls the delivery of frames and includes no MSDU in this frame.
| Subtype | Bits |
| Block Ack Request (BAR) | 1000 |
| Block Ack | 1001 |
| PS-POLL | 1010 |
| RTS | 1011 |
| CTS | 1100 |
| ACK | 1101 |
- Data Frames (Type 2) – actual data with or without MSDU.
| Subtype | Bits |
| Data | 0000 |
| Null Data | 0100 |
| QoS Data | 1000 |
| QoS Null Data | 1100 |
To DS indicates transmission of frame to AP
From DS indicates transmission of wireless frame from AP
Address 1 – Destination Address (DA)
Address 2 – Source Address (SA)
Receiver Address (RA) – Next hop address
Transmitter Address (TA) – Intermediate source address from which wireless frame is transmitted to the next hop.
| To DS | From DS | Address 1 | Address 2 | Address 3 | Address 4 |
| 0 | 0 | DA | SA | BSSID | |
| 0 | 1 | DA | BSSID | SA | |
| 1 | 0 | BSSID | SA | DA | |
| 1 | 1 | RA | TA | DA | SA |
Sequence Ctrl indicates the sequence of a wireless frame and More Fragment field is set if more fragments are to be received or transmitted in a specific sequence control.
Power management bit is set when a wireless station is going to sleep
More Data field is set when sleeping station wakes up to receive the buffered data and finds out that are more buffered data to be received. So the station remains awake till it receives all the buffered data and more data = 0.
WEP – indicates that encryption is enabled and the receiver is required to decrypt the data to read the data
Order bit is set for all non-QoS frames to indicate that the order should be maintained.
References:
CWNA Official Study Guide
CWAP Official Study Guide
Home 