mac frame format
frame format
It mainly consists of 3 parts:
- mac heaad: including frame control (Frame Control), duration (Duration), address (Address), etc.
- frame body: represents the data field. The length of this part of the content is variable, and the specific stored content is determined by the frame type (type) and subtype (sub type)
- fcs (Frame Check Sequence, frame check sequence): used to ensure frame data integrity
MAC head
Frame control area
Length: 2 bytes in total, 16bit
Protocol Version
Represents the version number of an 802.11 MAC frame . The current value is 0.
Type和Subtype
These two fields are used to indicate the type of MAC frame . MAC frames in 802.11 can be divided into three types, namely control, data, and management, and each type of frame is used to complete different functions.
To DS和From DS
Only used in frames of data type. Indicates the source and destination addresses of the frame
More Fragments
Indicates whether the data is fragmented . Only data and management frame types are supported.
Retry
If the value is 1, it indicates that the packet is retransmitted .
Power Management
Indicates whether the STA sending the frame is in the active mode or in the power-saving mode . PM being 1 means that the STA will enter the PS state, otherwise it will enter the Active state.
The 802.11 specification defines two power-related states for STA : //Usually the ap has no ps mode, and the wired power supply
- Active mode.
- PS (Power Save) mode. In PS mode, the wireless device will turn off the transceiver (transceiver) to save power.
Turn off the transceiver to save power while ensuring the continuity of data transmission:
a) AP understands the power status of its associated STA. When STA is in ps mode, AP caches data and waits for STA to activate before sending the data to STA
b) AP sends cached data regularly , STA will periodically accept in ps mode, when receiving cache data from ap, it will activate to enter Active mode and receive ap cache frame through PS-POLL control frame
Scenarios where the PM field is useless:
1. The management frame that the AP does not cache
2. The frame sent by the AP
3. The frame sent by the STA to an AP that has not yet been associated with it
More Data
PM field=1: AP has cached data . The AP buffers some data frames for those STAs in power saving mode, and the STAs periodically check whether there is data to receive.
More Data indicates the remaining cached data . That is, whether the buffer data STA of the ap has been obtained. If the value is 0, it indicates that the STA has received the data frame
Protected Frame
Indicates whether the data is encrypted .
Order
Indicates that the receiver must process the frame in order.
Duration/ID field
A total of 2 bytes 16bit,
its specific meaning varies according to Type and Subtype, and can be roughly divided into 2 categories:
- For PS-POLL frames, this field indicates the value of AID. Among them, the last 2 bits must be 1, and the first 14 bits take a value from 1 to 2007. This is the meaning of the domain name ID
- For other frames, it represents how long it will be before the arrival of the next frame, and the unit is microseconds. This is the meaning of the domain name Duration
Address area
IEEE 802.3[19] protocol, MAC address features :
- The MAC address can be expressed in 6-byte hexadecimal
- The composition of MAC address includes two parts. The digits 0 to 23 are the codes that the manufacturer applies to organizations such as the IETF to identify the manufacturer, also known as the "Organizationally Unique Identifier" (OUI). The last 24 digits are a unique number for all network cards manufactured by each manufacturer
- The 48th bit is used to indicate whether this address is a multicast address or a unicast address, 0 is unicast, 1 is multicast
- The 47th bit indicates whether the MAC address is globally unique or locally unique. Therefore, this bit is also called the G/L bit
The 802.11 MAC frame header contains five MAC address definitions :
-
BSSID
is the mac address of the AP in the basic BSS.
In IBSS, it is a local unique MAC address.
For the MAC broadcast address, its name is wildcard BSSID . -
Destination Address (DA)
MAC packet final receiver -
The source address (Source Address, SA)
originally sent the address of the MAC packet -
Send the STA address (Transmitter Address, TA)
to send the MAC packet to the STA address in the WM -
The receiving STA address (Receiver Address, RA)
receiver is also an STA, so RA is the same as DA.
If the receiver is not a wireless workstation, but such as a PC in the Ethernet, then DA is the MAC address of the machine, and RA is the MAC address of the AP (transit) . Indicates that the frame will be sent to the AP first, and then the AP will forward it to the PC.
Address1 receives
Address2 send
Address3 carries other information to help mac frame transmission
Sequence Control域
The length is 16 bits, the first 4 bits represent the fragment number (Fragment Number), and the last 12 bits are the frame sequence number (Sequence Number)
Sequence Number: STA will set a frame sequence number every time it sends a data frame. Note that control frames do not have a frame sequence number. Additionally, retransmitted frames do not use a new frame sequence number.
Fragment Number: Used to control fragmented frames. If the amount of data is too large, the MAC layer will send it in fragments. Each fragment frame has a corresponding fragment number
management frame
Format
The Frame Body in the management frame carries specific management information data. The 802.11 management information data can be roughly divided into two types:
- Fixed-length field: Refers to information with a fixed length, and the specification is called Fixed Field
- Information element: Refers to information of variable length. Obviously, there must be a parameter in this kind of information to indicate the final data length
fixed length field
Authentication Algorithm Number : the authentication type used in the authentication process
0: stands for Open System Authentication.
1: Represents Shared Key Authentication.
2: stands for fast BSS switching (Fast BSS Transition).
3: Represents SAE (Simultaneous Authentication of Equals). The method used for mutual authentication between two STAs is commonly used in Mesh BSS networks.
65535: represents the manufacturer's custom algorithm
Beacon Interval field : Indicates the interval between sending Beacon signals, in Time Units
Capability Information : It is used to declare what kind of function this network has
. ESS/IBSS: In the infrastructure network, the AP will set the ESS bit to 1 and the IBSS bit to 0. Conversely, in the IBSS, the STA sets the ESS bit to 0 and the IBSS bit to 1. In Mesh BSS, both bits are 0.
Privacy: If data confidentiality (data confidentiality) needs to be maintained during transmission, the AP sets this bit to 1, otherwise it is 0.
Spectrum Mgmt: If dot11SpectrumManagementRequired in the MIB corresponding to a certain device is true, this bit is 1. According to the description of dot11SpectrumManagementRequired in 802.11 MIB, it is related to the TPC (Transmission Power Control) and DFS (Dynamic Frequency Selection) functions introduced earlier.
Radio Measurement: If the value of dot11RadioMeasurementActivated in the corresponding MIB of a certain device is true, then this position is 1, which is used to indicate that the wireless network supports Radio Measurement Service
Reason Code : This field is 2 bytes long. Used to notify Diassociaton, Deauthentication and other operations (including DELTS, DELBA, DLS Teardown, etc.) of failure reasons
Status Code : This field is 2 bytes long and is used to feedback the processing result of an operation. 0 means success
information element
Element ID: Indicates different information element types
Length: Indicates the length of the Information field
Depending on the Element ID, Information contains different information
802.11 upper layer protocol encapsulation
RFC 1042 specifies the SNAPheader (Sub Network Access Protocol) conversion method, adding 4 fields between MAC headers and Type.
DSAP (Destination Service Access Point, target service access point).
SSAP (Source Service Access Point, source service access point).
Control (control field, the value is set to 0x03, representing Unnumbered Information, that is, unnumbered information).
OUI (fixed at 0x000000).