liwen01 2024.09.22
preamble
The previous section introduced the working principle of WiFi and the access process of WiFi, here we will analyze the specific packet structure of WiFi to give you a better understanding of the working principle of WiFi and the access process.
The previous article can be viewed via the link below:
《WiFi Basics (4): How WiFi works and the WiFi access process》
(i) 802.11 frames
802.11 Wireless WiFi YesData frames, management frames, control frames Three types of frames.
These frames consist of 9 parts:Frame Control,Duration ID,Address1,Address2,Address3,Seq-ctl,Address4,Frame Body,FCS。
Note that some components are not required in some frames.
A brief description of the functions of the nine sections is given below:
- Frame Control: The Frame Control field is located at the beginning of the frame and is used to define the frame type, subtype, protocol version, frame direction, and some control flags.
- Duration/ID (duration/identifier): This field is used to specify the NAV (Network Assignment Vector) timer for other nodes in the network that are used to control media access.
- Address1To DS: Always indicates the MAC address of the receiver of the frame. If To DS is 1, it indicates the address of the destination AP.
- Address2: Typically indicates the sender MAC address of the frame.
- Address3: Depending on the frame type, this field can represent different addresses
- Sequence Control: This field is used for sequence control and segment management of frames
- Address4: Wireless Distributed System) or relay is used. Typically used to indicate a source or destination address.
- Frame Body: Contains the actual data load or management information. The content and length of this field can vary depending on the type and subtype of the frame.
- FCS (Frame Check Sequence): Used for error detection in frames. Usually a 32-bit CRC checksum, used to verify the integrity of the frame.
(1) Frame Control
(a) Protocol Version [bits 0-1]
Specifies the version number of the protocol. The current 802.11 standard uses version number 00, or 0.
(b) Type [bits 2-3].
Defines the main types of frames.
- 00: Management Frame
- 01: Control Frame
- 10: Data Frame
- 11: Reservations
(c) Subtype [positions 4-7]
Define subtypes of frames, different master types have different subtypes
For managing frames:
- 0000:Association Request
- 0001:Association Response
- 1000:Beacon
For control frames:
- 1101:ACK
- 1011:RTS (Request to Send)
- 1101:CTS (Clear to Send)
For data frames:
- 0000: Data frame (no data type distinction)
- 1000: QoS Data Frames
(d) To DS (to distributed system) [8th position]
Indicates if the frame is sent to a distributed system (i.e., wireless access point AP)
Fetch value:
- 0: frame is not sent to DS (usually a frame sent from STA to AP)
- 1: The frame is sent to the DS (usually a frame sent from the AP to the STA)
(e) From DS (From Distributed Systems) [9th]
Indicates whether the frame is from a distributed system.
Fetch value:
0: Frame is not from DS (usually a frame sent from AP to STA) 1: Frame is from DS (usually a frame sent from STA to AP)
(f) More Fragments [10th place]
Indicates if there are more segments in the current frame.If a data frame is sent in fragments, then this bit is set to 1 for all fragments except the last one。
Fetch value: 0: This is the last clip; 1: There are more clips to follow.
(g) Retry [11th]
Indicates whether the current frame is a retransmission frame. If a previously sent frame was not properly acknowledged, the frame will be retransmitted and this bit will be set to 1.
Fetch value: 0: first transmission; 1: retransmission of the frame
(h) Power Management [12th]
Indicates the power management status of the site.
retrieve a value: 0: Site is in active mode; 1: Site is in power saving mode
(i) More Data [13th]
Set by the AP to indicate whether the site has more data frames waiting to be received.
Fetch value: 0: no more data available; 1: more data available
(j) Protected Frame [bit 14]
Indicates whether the contents of the frame are encrypted or not, using encryption protocols such as WEP, TKIP, and CCMP.
retrieve a value: 0: frame is not encrypted; 1: frame is encrypted
(k) Order (order) [15th]
Indicates whether the frame is processed in strict order, typically used for QoS data frames.
retrieve a value:: 0: does not require strict sequential processing; 1: requires strict sequential processing
The 802.11 Beacon frame above, version 0; frame type 00 is a management frame; subtype 1000 is a Beacon frame.
(2) Duration/ID (Duration/Identifier)
The function of the Duration/ID field varies depending on the type and context of the frame and has two main uses: Network Assignment Vector (NAV) duration and AID (Association ID).
(a) Network Assignment Vector (NAV) duration
For most data frames and management frames, the Duration/ID field indicates the remaining frame transmission time. It tells other devices in the network how long the frame will occupy the communications medium, thereby updating their Network Assignment Vector (NAV).The NAV is a timer that instructs devices that they should not access the communications medium for a specific period of time to avoid conflicts.
work unit (one's workplace): Microseconds (µs)
Data frames: The Duration/ID field indicates the time it takes from the start of the current frame to the end of the ACK frame. This includes the data frame transmission time, the SIFS (Short Interframe Gap) time, and the ACK transmission time.
RTS/CTS frames In RTS (Request to Send) and CTS (Clear to Send) frames, the Duration/ID field indicates the remaining time of the entire transmission session, including data frames and corresponding ACK frame transmissions.
(b) AID (Association ID)
In some frames (e.g., Power Save Poll frames), the Duration/ID field contains the site's Association ID (AID), which is a unique identifier assigned by the Access Point (AP) to each associated site. When the field is used for this purpose, the upper two bits of the field are typically set to 11 to represent the AID, while the remaining 14 bits represent the actual AID value.
The CTS frame above, with a Duration of 134 ms, indicates that the transmission will last 134 ms, during which time other devices on the same channel need to be quiet.
(3) Sequence Control
The Sequence Control field is used to manage the serialization and fragmentation of frames. This field helps to ensure that data frames are assembled in the correct order, and detects and handles retransmitted frames.
The Sequence Control field is divided into two parts: Fragment Number: 4 bits and Sequence Number: 12 bits.
(a) Fragment Number [4 digits]
The segment number is used to identify the segmented portion of a frame. Because wireless transmissions can be subject to interference, large frames may be split into smaller segments before transmission, each with a unique segment number
range of values: 0 to 15 (i.e. 2^4 - 1)
The main function of Fragment Number
Segment Management: When a frame is fragmented, the fragment number is used to identify the order of each fragment so that the receiver can correctly reorganize the original frame.
Retransmission management: In some cases, if a segment is lost due to a transmission error, only the lost segment needs to be retransmitted, not the entire frame. The fragment number helps to identify the specific fragment that needs to be retransmitted.
(b) Sequence Number [12 digits]
Sequence numbers are used to identify the order of frames sent by the sender so that the receiver can detect missing frames and reorganize the data correctly.
range of values: 0 to 4095 (i.e. 2^12 - 1)
Sequence Number Main Features.
Framing Sequence Management: The sequence number helps the receiver to put the received frames in the correct order. If the sequence numbers of the received frames are not consecutive, it means that a frame is missing or needs to be retransmitted.
retransmission detection: When frames are retransmitted, the sequence number remains the same, but the fragment number may change. The receiver recognizes the retransmitted frame by its sequence number and decides whether to discard or process it
(c) Principle of operation
Segmented Transport. When a large data frame is sliced, the same sequence number is used for all slices, but the slice number is incremented. For example, assuming a sequence number of 100, a fragment number of 0 indicates the first fragment; a fragment number of 1 indicates the second fragment, and so on.
Frame Retransmission. If a frame is lost during transmission or is judged to be an error by the receiver, the transmitter retransmits the frame. The sequence number of the retransmitted frame is the same as the original frame, but the segment number may change, depending on the segment transmitted.
Looking at the data frame above, it is separated into multiple data frames and the current Sequence Number is 1144.
(ii) Wireless air packets
WiFi is data interaction over the air via wireless telegraphy, hence the termAir Interface Packet (AIP), also referred to as an air interface packetIt contains all the information transmitted over the wireless WiFi network. It contains all the information transmitted over the wireless WiFi network.
(1) lip bales capture
In wired network, we usually use Wireshark to grab all the data from the network card, but in wireless WiFi, the wireless port empty packet data is usually grabbed using Omnipeek.
Omnipeek needs to be used with a data analyzing NIC to capture 802.11 wireless data directly without establishing a link, and is generally used for researching and developing WiFi protocols, analyzing the wireless connection process, and monitoring wireless networks.
There are many online descriptions of how to use Omnipeek, so I'll briefly summarize how to use it here.
- Installing Omnipeek Software and Drivers
- Set the frequency band (channel) to be captured by Omnipeek.
- If the AP is encrypted, a password is required.
The above method can capture all the wireless signals of a channel, the specific use is similar to Wireshark. The captured data frames are as follows:
(iii) Management frames
Manage frames there:Beacon frames, Probe Request detection request frames, Probe Response detection response frames, Authentication frames, De-Authentication de-authentication frames, Association Request connection request frames, Re-Association Association Request Connection Request frame, Re-Association Request, Association Response Connection Response frame.
Here we focus on:Beacon frames, Association Request frames, and Association Response frames.。
(1) Beacon frame
Beacon's Subtype is 1000, so the whole frame type is :001000b, which is 0x08.
Use a filter condition of:.type_subtype == 0x08
All beacon frames can be swiped.
Beacons are periodically broadcast by wireless access points (APs) to announce the presence of a wireless network and provide nearby client devices with the necessary network information so they can join and manage connections.
(a) Functions of the Beacon frame.
Internet Discovery: Beacon frames contain the SSID (Service Set Identifier) of the wireless network, which helps client devices discover and identify the wireless network.
synchronization: Beacon frames carry timestamps, and by receiving Beacon frames client devices can synchronize their clocks with those of the AP, which is critical for coordinating device timing and energy savings.
Delivering Network Configuration Information: Beacon frames contain configuration information about the network, such as supported rates, encryption methods, channel information, etc., to help client devices configure and optimize their connections.
signal broadcasting: Beacon frames also help the client device determine the signal strength so that it can select the appropriate AP to connect to.
(b) How Beacon frames work
Regular broadcasts: The AP sends Beacon frames at regular intervals according to a set Beacon interval (typically 100 TUs, or 102.4 milliseconds) to announce its presence and provide network information.
Client Scan: The wireless client device periodically scans the channel and receives Beacon frames sent by different APs, and uses the information in these frames to select the appropriate A P to connect to.
Network accession and management: Once the client device has selected the appropriate AP, it configures the connection parameters, such as channel, rate, encryption method, etc., using the information in the Beacon frame.
Energy efficiency management: When the device enters power saving mode, it relies on the TIM field in the Beacon frame to determine when it needs to wake up to receive data, reducing unnecessary energy consumption.
(c) Structure of the Beacon frame
Frame Control: Type field for Managed Frames, Subtype field for Beacon
Duration/ID Indicates the time required for frame transmission. Beacon frames are generally set to 0 to indicate that there are no subsequent operations that require the media to be retained.
Address 1 (Destination Address) : Usually set to the broadcast address (FF:FF:FF:FF:FF:FF) because Beacon frames are broadcast frames and are intended for all devices.
Address 2 (Source Address):MAC address of the AP that identifies the wireless access point sending the Beacon frame.
Address 3 (BSSID, Basic Service Set Identifier): The BSSID of the network, which is usually the same as Address 2, except in relay scenarios.
Sequence Control: Contains sequence numbers and segment numbers to manage the order and reorganization of frames.
Frame Body : The main content of a Beacon frame, containing configuration information for the network and time synchronization information. The following are the key fields in the Frame Body:
- Timestamp: Used to synchronize the clock of the client device.
- Beacon Interval): the time interval in TU (Time Unit, 1TU = 1024 microseconds) at which the AP sends Beacon frames.
- Capability Information: Describe the features supported by the AP, such as whether encryption is enabled, whether it is in infrastructure mode, and so on.
- SSID (Service Set Identifier): The name of the network to help the client identify the network.
- Supported Rates: A list of data rates supported by the AP.
- DS Parameter Set: Indicates the channel number to be used.
- Traffic Indication Map (TIM): Used to indicate packets that the AP is staging, especially in power-saving mode, and to tell the client when it needs to wake up to receive data.
- **Country Information: Includes restriction information such as region, channel, etc. (optional).
- RSN Information): If the network is enabled for encryption (e.g., WPA/WPA2), this field contains security information.
(2) Association Request Frame
The Association Request frame is one of the management frames used in 802.11 wireless WiFi networks to establish a connection between a client device (e.g., laptop, smartphone, etc.) and a wireless access point (AP).
This frame is sent by the client device after it has selected an AP, indicating that it wishes to join this wireless network.
Utilization parameters.type_subtype == 0x00
All Association Request frames can be filtered out
(a) Functions of the Association Request frame
Join the Network: Client devices use Association Reques t frames to request to join an AP-managed wireless network.
Delivering client-side capabilities: The frame contains information about the capabilities of the client device, such as supported rates, encryption methods, QoS features, and so on.
Access to web resources: Through the association request, the client is able to obtain the resources allocated by the network, such as IP address, network privileges, etc.
(b) How Association Request frames work
Scanning and Discovery: Client devices discover available APs through active or passive scanning (e.g., sending probe request frames or receiving beacon frames).
Sends an association request: After selecting the target AP, the client device sends an Association Request frame to the AP to request to join the network.
AP Processing Requests: When the AP receives the request, it checks the capabilities and configuration of the client device for compatibility with the network and determines whether it is allowed to join.
Send a correlation response: If the AP agrees to the request, it returns an Association Response frame indicating the success of the association and assigns an Association ID (AID). If unsuccessful, the AP will give a reason for rejection.
Establish the connection: After the association is successful, the connection between the client device and the AP is established and the client device can start data transmission.
(c) Structure of the Association Request frame
Frame Control : Type field is Admin Frame (00) Subtype field is Association Request (0000).
Duration/ID: Specifies the amount of time required to transmit this frame. or contains the association ID.
Address 1 (destination address) The MAC address (i.e., receive address) of the target AP.
Address 2 (source address) The MAC address of the client device that sent the Association Request.
Address 3 (BSSID, Basic Service Set Identifier) The BSSID of the target network, usually the same as Address 1.
Sequence Control : Contains the sequence number and fragment number of the frame, which are used to manage the ordering and reorganization of frames.
Frame Body The core of the Association Request frame, containing the capabilities and configuration parameters of the client device. The body of the frame contains the following subfields:
-
Capability Information Describes the capabilities of the client device, such as whether it supports encryption, short leading codes, QoS, power management, etc.
-
Listen Interval The interval at which the client device communicates with the A P indicates how often the client device listens for beacon frames. The smaller the value, the more frequently the client checks for beacons sent by the AP and the more power it consumes.
-
SSID (Service Set Identifier) The SSID (network name) of the wireless network that the client device is requesting to join. This field is included if the client device explicitly specifies which network to join.
-
Supported Rates A list of data transfer rates supported by the client device. the AP determines whether it can support the client's request based on this list and selects the optimal transfer rate.
-
Extended Supported Rates If the client device supports more than 8 rates, this field is used to pass more rate information.
-
RSN Information If the network is enabled for WPA/WPA2 encryption, the client sends its supported security features and encryption methods in this field.
-
Power Capability Minimum and maximum transmission power for client devices, typically used in devices that need to be energy efficient or have specific power requirements.
-
Supported Channels The range of channels supported by the client device for the AP to select the appropriate channel for communication.
-
Vendor Specific Some vendor-specific extension fields allow the client and AP to pass additional information specific to the device.
(3) Association Response Frame
Association Response Issued as a response by a wireless access point (AP) upon receipt of an Association Request frame from a client device (e.g., laptop, smartphone, etc.).
The purpose of this frame is to notify the client device whether its association request was successful or not, and in the case of success to assign an Association ID (AID) to allow it to join the network.
Utilization parameters.type_subtype == 0x01
All Association Response frames can be filtered
(a) Functions of the Association Response frame
Confirmation of association request: The AP acknowledges the association request from the client device via the Association Response frame.
Provide association status: The frame informs the client device of the result of its association request (success or failure) and, if it fails, provides the reason for the failure.
segment performance: If the association is successful, the AP assigns an Association ID (AID) to the client device and may provide other necessary network parameters.
(b) How Association Response frames work
Receive association requests: The AP first receives an Association Request frame from the client device.
Processing of requests: The AP decides whether to allow the client device to join the network based on its own capabilities, the current network state, and the capability information of the client device.
Generate an association response: The AP generates an Association Response frame containing the result of the association request and related information.
Sends the correlation response: The AP sends the Association Response frame back to the client device.
Affiliate Success: If the request is successful, the client device will receive the AID and can start normal data transmission.
fail to correlate: If the request fails, the client device receives an error status code informing of the reason for the failure and may need to resend the association request or perform other processing.
Establish the connection:If the association is successful, the connection between the AP and the client device is formally established, and the client can carry out data transmission and further network interaction.
(c) Structure of the Association Response frame
Frame Control The Type field is Admin Frame (00) The Subtype field is Association Response (0001).
Duration/ID Specifies the amount of time required to transmit this frame, or include the association ID.
Address 1 (destination address) The MAC address (i.e., the receiving address) of the client device that sent the association request.
Address 2 (source address) The MAC address of the AP, indicating the device that sent this response frame.
Address 3 (BSSID, Basic Service Set Identifier) The BSSID of the network, usually the same as Address 2.
Sequence Control Contains the sequence number and segment number of the frame, which are used to manage the sequence and reorganization of frames.
Frame Body The core of the Association Response frame, containing the association results and configuration parameters. The following are keywords in the Frame Body
-
Capability Information) describes the capabilities of the AP, such as supported encryption methods, short leading codes, QoS, power management, and other features. The content of this field is similar to the Capability Information field in the Association Request frame, but is determined by the AP.
-
Status Code Indicates the result of the association request. Common status codes include: 0 (Success): the association request was successful. 1-65535 (Reason for Failure): such as insufficient resources, AP does not support the function requested by the client, authentication failure, and so on.
-
Association ID (AID, Association ID) If the association is successful, the AP assigns a unique Association ID (AID) to the client device.The AID is a short identifier used to identify the client device and is commonly used when communicating between the AP and the client, especially in power saving mode.
-
Supported Rates A list of data transfer rates supported by the AP, usually included in the response frame to confirm the rate match between the client device and the AP.
-
HT Capabilities (High Throughput Capabilities, optional) If the AP supports 802.11n or higher standards (e.g., 802.11ac), this field may be included to describe the AP's high throughput capability.
(iv) Control frames
Control frames are included:ACK (Answer), RTS (Request to Send), CTS (Permission to Send), PS-Poll Power Saving Mode-Polling Frames.
Since none of these frames carry solid parts, they are relatively straightforward.
(1) ACK frames
ACK Frame (Acknowledgement Frame) Used to acknowledge received data frames or management frames.
This is an important mechanism for ensuring reliable data transmission, especially in wireless networks where the wireless channel is susceptible to interference and data loss.ACK frames are sent from the receiver to the sender to indicate that the data has been successfully received and does not need to be retransmitted.
(a) Functions of ACK frames
Confirmation of receipt: When the device successfully receives a data frame or a management frame, it sends an ACK frame to inform the sender that the frame has been received.
Reduced retransmission : By acknowledging reception in a timely manner, ACK frames help reduce unnecessary retransmissions and optimize network efficiency.
Guaranteeing Reliability: The ACK mechanism is an important part of the 802.11 protocol in providing reliable data transmission, ensuring that the sender knows if the data arrived successfully.
(b) How ACK frames work
Sends a data frame: Device A sends a data frame (e.g., Data frame) to Device B.
Receive and process data frames: Device B receives the data frame and checks the data integrity (via the FCS field).
Sends an ACK frame: If the data frame is correct, Device B sends an ACK frame to Device A after a short time slot (called SIFS, Short Interframe Space).
Confirmation of receipt: When device A receives the ACK frame, it knows that device B has successfully received the data frame and can therefore continue to send the next data frame. If the ACK frame is not received, device A retransmits the data frame within the specified number of retransmissions.
(c) Structure of the ACK frame
The Type field is Control Frame (01) and the Subtype field is ACK (1101) via the.type_subtype == 0x1d
ACK frames can be filtered out
(2) RTS and CTS frames
RTS frames (Request to Send Frame) and CTS frames (Clear to Send Frame) are used to resolve channel contention and hidden node problems that may occur in wireless communications.
RTS frames reduce data frame collisions by requesting channel occupancy rights to ensure that the sender can exclusively occupy the channel for data transmission.
(a) Functions of RTS/CTS frames
Avoiding collisions: In environments where multiple devices share the same wireless channel, RTS frames help coordinate communication between devices and reduce frame collisions caused by sending data simultaneously.
Solving the hidden node problem: When two devices are not able to communicate directly with each other, but both are able to communicate with the AP, the RTS frame helps to ensure that these devices do not send data at the same time, thus avoiding channel contention.
Controlled channel access: Through the RTS/CTS (Clear to Send) mechanism, a device can request permission to briefly occupy a channel, ensuring that its data transmission is not interfered with by other devices.
(b) How the RTS/CTS mechanism works
RTS frames work in conjunction with CTS frames (Clear to Send) to form the RTS/CTS mechanism. This is one of the 802.11 protocols used to solve the problem of channel contention and collision. The steps are as follows:
Send RTS Frame: When device A prepares to send a larger data frame, it first sends an RTS frame to device B requesting permission to occupy the channel. the RTS frame includes the destination address (device B) and the channel occupation time.
Receiving CTS frames: If Device B receives an RTS frame and the channel is free, it sends a CTS frame after a short SIFS (Short Interframe Space) to Device A. The CTS frame includes the time allowed to occupy the channel.
Other equipment waiting: During the RTS/CTS exchange between Device A and Device B, the other devices (those that can hear the CTS frame) go into a waiting state (NAV, Network Assignment Vector) and do not occupy the channel until the data transmission is complete.
Sending Data Frames: Upon receipt of the CTS frame, Device A confirms that the channel has been assigned to it and starts sending data frames to Device B. The CTS frame is then sent to Device A, and Device B is then sent to Device B.
ACK Confirmation: After Device B successfully receives a data frame, it sends an ACK frame to confirm data reception.
(c) Importance of RTS/CTS frames
Solving the hidden node problem: In a wireless network, a hidden node is two devices that cannot communicate directly with each other but can communicate with the same AP. the RTS/CTS mechanism ensures that no hidden node interferes with data transmission by requiring all devices to perform an RTS/CTS exchange before sending data.
Reduced probability of collision: Through the RTS/CTS mechanism, devices handshake before transmitting large data frames to ensure that the channel has been reserved. This greatly reduces the need to retransmit data due to collisions and improves network efficiency.
Optimize channel usage: Although the RTS/CTS mechanism itself adds some control frame overhead, in high-traffic or high-interference environments it is effective in minimizing collisions, thus improving overall network throughput and efficiency
(d) RTS/CTS frame structure
- RTS Type field is Control Frame (01), Subtype field is RTS (1011), Integration Type is 0x1b
- CTS Type field is Control Frame (01), Subtype field is CTS (1100), Integration Type is 0x1c
(3) PS-Poll frames
PS-Poll Frame (Power Save Poll Frame) is used to poll the receive cache for frames when the device is communicating with an access point (AP) in power save mode.
Its main purpose is to help devices in power saving mode manage power efficiently while ensuring that important data frames are not missed.
(a) Functions of PS-Poll frames
Frame acquisition in power saving mode: When the device is in power saving mode, it periodically enters the active state and requests the AP to send cached data frames by sending PS-Poll frames.
Optimize battery usage: By reducing the amount of time the device is active, PS-Poll frames help the device acquire data while consuming as little power as possible.
Channel efficiency: PS-Poll frames ensure that the AP sends cached frames only when the device is ready to receive data, thus increasing the efficiency of channel usage.
(b) How PS-Poll framing works
The workflow of PS-Poll frames involves interactions between the device and the AP to ensure that the device in power-saving mode can receive data frames efficiently. The specific steps are as follows:
Device enters power saving mode: The device periodically enters power-saving mode, turning off most wireless features to conserve power.
AP Cache Data Frames: When the AP has data frames that need to be sent to a device that is in power saving mode, it caches these frames and sets a flag in the Beacon frame indicating that there are data frames waiting to be sent.
Device Polling AP: The device periodically wakes up and sends a PS-Poll frame to the AP asking if there is a data frame to be received.
AP responds to PS-Poll frames: Upon receiving a PS-Poll frame, the AP sends the data frame immediately, depending on the cache situation. If there are multiple frames to be sent, the AP will continue to cache the remaining frames until the device sends another PS-Poll frame.
Device receives data frames: After the device receives a frame from the AP, if the AP indicates that there are more frames to be received, the device can choose to continue polling or return to power saving mode.
(c) Importance of PS-Poll frames
Extended battery life: The use of PS-Poll frames allows the device to minimize the amount of time the wireless function is on, thus effectively extending battery life.
Channel Occupancy Optimization: The PS-Poll mechanism ensures that the AP sends data frames only when requested by the device, avoiding unnecessary channel utilization and thus improving network efficiency.
For mobile devices: The PS-Poll framing mechanism is particularly important in mobile devices, such as smartphones and laptops, which rely on battery power and where power management is critical to the user experience.
(d) PS-Poll frame structure
Type field is Control Frame (01), Subtype field is PS-Poll (1010), Integration Type is: 0x1a
Note that in PS-Poll frames, the Duration field is usually used to represent the device ID to help the AP recognize which device is polling the frame. So the Duration field in the above screenshot is actually parsed incorrectly, and instead of representing the time, it represents the ID.
wind up
The above is a brief introduction to some of the control frames and management frames of WiFi, if there are any errors, please point them out in the comment section, thank you.
The next article will introduce WiFi roaming and router's serial-parallel connection, Mash, AC+AP networking.