original link: http://blog.csdn.net/myarrow/article/details/9306961
1.802.11 management function – User access process
STA (workstation) to start initialization, formal use, AP transfer data frame before, to go through three stages to access: (1) scan (SCAN)
(2) Certification (authentication)
(3) Association (Association)
1.1 802.11 admin – scan (SCAN)
1 if the wireless site STA set into Ad-hoc (no AP) mode:
The STA first looks for IBSS (the same SSID to which the STA belongs) and, if so, participates (join) or, if not, creates a IBSS and other stations to join.
2 If the wireless site STA set into infrastructure (with AP) mode:
-- Active scanning mode (features: can be quickly found)
• Send Probe Request messages on each channel in turn, get the basic information of BSS from Probe response, Probe response contains information and beacon frame similar
-- Passive scanning mode (features: Find a longer time, but STA power saving)
• Discover the network by listening to Beacon frames sent regularly by the AP, Beacon frames contain the basic information of the BSS to which the AP belongs, and the AP's basic competency level, including: BSSID (AP mac address), SSID, supported rate, supported authentication method, encryption algorithm, Beacons frame send interval, used channel etc. • STA can work in IBSS state when no BSS is found with the desired SSID
1.2 802.11 management function – Certification (authentication)
802.11 support two Basic authentication methods: Open-system authentication 1 is equivalent to No authentication, no security protection capability 2 other ways to ensure that the user Access to the network security, such as address filter, user messages in the SSID
Shared-key Authentication 1) using the WEP encryption algorithm 2 attacker can be monitored by the AP sent plaintext challenge text and STA reply to the ciphertext Challen GE Text calculates WEP KEY
In addition, the STA can terminate the authentication relationship by Deauthentication.
1.3 802.11 management functions – Associations (association)
1) Association
STA via association and an AP, subsequent data packets can only be sent to the AP to establish Association relationship 2) reassociation STA When moving from an old AP to a new AP Reassociation must undergo the authentication process before establishing an association with the new AP reassociation 3) deassociation STA through Deass Ociation and AP Disassociate relationships
2.802.11 related agreements
3.802.11 frame format
3.1 802.11 mac header (Mac headers)
frame Controls (Frame control field)
duration/id (Duration/identity)
Address (Address field)
sequence control (sequence-controlled domain)
3.1.1 Frame Control (frame-controlled field)
Protocol version (Protocol Edition): usually 0;
type (Type field) and subtype (subtype field): Common to indicate the type of frame;
to DS: Indicates that the frame is a frame sent by BSS to the DS;
from DS: Indicates that the frame is a frame sent by the DS to BSS;
more Frag: Used to describe the situation where long frames are segmented, and whether there are other frames;
Retry (retransmission domain): For the retransmission of frames, receive STA Use this domain to eliminate retransmission frames;
PWR MGT (Energy management domain): 1:sta in Power_save mode; 0: in active mode;
more data (more fields): 1: There is at least one data frame to send to the STA;
protected frame:1: The frame body part contains data that has been processed by the key sleeve; otherwise: 0;
Order (ordinal field): 1: Long frame segmented transmission using strict numbering method; otherwise: 0.
3.1.2 Duration/id (Duration/identity)
Indicates how long the frame and its confirmation frame will occupy the channel; for Frame control domain subtypes: Power save-poll frames, this field represents the connection status of the STA (AID, association indentification).
3.1.3 Addresses (address field)
Address field: Source Address (SA), Destination address (DA), Transport Workstation address (TA), receive workstation address (RA), SA and DA are essential, the latter two are only useful for communication across BSS, and the destination address can be a unicast address (Unicast addresses), Multicast addresses (multicast address), broadcast addresses (broadcast address).
3.1.4 Sequence Control (sequence-controlled domain)
Sequence control (Sequence controlled domain): A 12-bit serial number that represents MSDU (Mac Server data unit) or MMSDU (Mac Management Server data unit) (Sequence Number) and a 4-bit fragment number that represents the numbering of each fragment of MSDU and MMSDU (Fragment numbers).
3.2 Frame Body (frame part)
Contains information depending on the type of frame, the main package is the upper level of the data unit, the length of 0~2312 bytes, you can launch, 802.11 frame maximum length is: 2,346 bytes;
3.3 FCS (check field)
Contains 32-bit cyclic redundancy codes.
3.4 Address format
1) Programme I:
A and B are in the same ibss,a->b (the address format of the data frames in the ad hoc wireless self-networking).
2) Programme II:
The address format in the wireless data frame emitted from the AP.
3) Programme III:
The address format in the wireless data frame that is sent to the AP.
4) Programme IV:
The address format in a wireless data frame transmitted through a wireless distribution system. 4. WLAN Topology
The WLAN has the following three network topologies:
1) Independent basic Service Set (independent BSS, IBSS) network (also known as Ad-hoc Network);
2 basic services Set (basic service Set, BSS) network;
3 Extended Service Set (Extent Service Set, ESS) network.
Their respective characteristics are as follows: 4.1 ibss-no AP
Also known as AD HOC Network (wireless from the network): IBSS (Independent BSS, independent basic Service set), no AP, direct communication between the site.
4.2 bss-has AP
Also known as the Infrastructured Network (infrastructure Network): Have access point, APS, wireless site communications first through the AP.
4.3 ess-has ap and DS
ESS: Infrastructured Network (DS: Allocation system, AP: Access point, ssid:ess extended Service Set identifier. A mobile node uses the SSID of an ESS to join the extended service set, and once the ESS is added, the mobile node can roam from one BSS to another in the ESS.
5.802.11 frame Types
For different functions of frames, the Mac frames in 802.11 can be subdivided into the following 3 categories:
• Data frames: For transmitting data during competitive and non competitive periods;
• Control frames: For the competition during the handshake communication and positive confirmation (RTS Channel reservation, CTS booking success, ACK, etc.), the end of the non-competitive period, for the transmission of data frames to provide auxiliary functions;
• Management frame: Mainly used for the STA and AP consultation, relationship control, such as association, certification, synchronization and so on.
The type (Type field) and the subtype (subtype field) in the Frame control field indicate the types of frames, when the b3b2 bit of type is 00 o'clock, the frame is an administrative frame, and 01 o'clock, the frame is the control frame, and 10 o'clock is the frame of data. The subtype further determines the frame type, such as subdivision of the management frame into association and authentication frames
5.1 Management frame (Management frame)
Type |
Subtype |
Frametype |
00 |
0000
|
Association request (connection requests)
|
00
|
0001 |
Association response (Connection response)
|
00
|
0010 |
Reassociation request (reconnection requests)
|
00
|
0011 |
Reassociation Response (reconnection response)
|
00
|
0100 |
Probe request (probe requests)
|
00
|
0101 |
Probe Response (Probe response)
|
00
|
1000
|
Beacon (Beacon, AP issued when passive scan, notify)
|
00
|
1001 |
ATIM (Notification transmission indication message)
|
00
|
1010 |
Disassociation (Disconnect, notify)
|
00
|
1011 |
Authentication (authentication)
|
00
|
1100 |
Deauthentication (cancellation of certification, notify)
|
00
|
1101~1111
|
Reserved (reserved, unused) |
Atim:announcement traffic Indication Message,atim is transmitted only during the Atim window, and the Atim is not loaded.
5.2 Control Frame
Type |
Subtype |
Frametype |
01 |
1010 |
Power Save (PS)-Poll (provincial-polling)
|
01
|
1011 |
RTS (Request to send, reservation channel, frame length 20 bytes)
|
01
|
1100 |
CTS (purge send, i.e. clear to send, consent reservation, frame length 14 bytes)
|
01
|
1101 |
ACK (Confirmation)
|
01
|
1110 |
Cf-end (no competition cycle ends)
|
01
|
1111 |
Cf-end (no competition cycle end) +cf-ack (no competition cycle confirmation) |
RTS and CTS are used for channel reservations, cf-end+cf_ack and ACK are used to confirm that frames are received correctly.
1) Ack frame
5.3 Frame (data frame)
Type |
Subtype |
Frametype |
10 |
0000 |
Data (date)
|
10
|
0001 |
Data+cf-ack
|
10
|
0010 |
Data+cf-poll
|
10
|
0011 |
Data+cf-ack+cf-poll
|
10
|
0100 |
Null data (none: Data not transferred)
|
10
|
0101 |
Cf-ack (data not transferred)
|
10
|
0110 |
Cf-poll (data not transferred)
|
10
|
0111 |
Data+cf-ack+cf-poll
|
10
|
1000 |
Qos Data
|
10
|
1001 |
Qos Data + cf-ack
|
10
|
1010 |
Qos Data + cf-poll
|
10
|
|