Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
802.11® Wireless Networks: The Definitive Guide
Foreword
Preface
Prometheus Untethered: The Possibilities of Wireless LANs
Audience
Overture for Book in Black and White, Opus 2
Major Changes from the First Edition
Conventions Used in This Book
Using Code Examples
Safari® Books Online
How to Contact Us
Acknowledgments
1. Introduction to Wireless Networking
Why Wireless?
Radio Spectrum: The Key Resource
The ISM bands
What Makes Wireless Networks Different
Lack of Physical Boundary
Dynamic Physical Medium
Security
A Network by Any Other Name...
The Wonderful Thing About Standards...
2. Overview of 802.11 Networks
IEEE 802 Network Technology Family Tree
802.11 Nomenclature and Design
Types of Networks
Independent networks
Infrastructure networks
Extended service areas
Multi-BSS environments: “virtual APs”
Robust security networks (RSNs)
The Distribution System, Revisited
Interaccess point communication as part of the distribution system
Wireless bridges and the distribution system
Network Boundaries
802.11 Network Operations
Network Services
Station services
Distribution system services
Confidentiality and access control
Spectrum management services
Mobility Support
Designing Networks for Mobility
Proprietary mobility systems
3. 802.11 MAC Fundamentals
Challenges for the MAC
RF Link Quality
The Hidden Node Problem
MAC Access Modes and Timing
Carrier-Sensing Functions and the Network Allocation Vector
Interframe Spacing
Interframe spacing and priority
Contention-Based Access Using the DCF
Error Recovery with the DCF
Using the retry counters
Backoff with the DCF
Fragmentation and Reassembly
Frame Format
Frame Control
Duration/ID Field
Duration: setting the NAV
Frames transmitted during contention-free periods
PS-Poll frames
Address Fields
Sequence Control Field
Frame Body
Frame Check Sequence
Encapsulation of Higher-Layer Protocols Within 802.11
Contention-Based Data Service
Broadcast and Multicast Data or Management Frames
Unicast Frames
Basic positive acknowledgment (final fragment)
Fragmentation
RTS/CTS
RTS/CTS with fragmentation
Powersaving Sequences
Immediate response
Deferred response
Multirate Support
Rate selection and fallback
Frame Processing and Bridging
Wireless Medium to Wired Medium (802.11 to Ethernet)
Wired Medium to Wireless Medium (Ethernet to 802.11)
Quality of Service Extensions
4. 802.11 Framing in Detail
Data Frames
Frame Control
Duration
Addressing and DS Bits
Variations on the Data Frame Theme
Applied Data Framing
IBSS frames
Frames from the AP
Frames to the AP
Frames in a WDS
Encrypted frames
Control Frames
Common Frame Control Field
Request to Send (RTS)
Clear to Send (CTS)
Acknowledgment (ACK)
Power-Save Poll (PS-Poll)
Management Frames
The Structure of Management Frames
Address fields
Duration calculations
Frame body
Fixed-Length Management Frame Components
Authentication Algorithm Number
Authentication Transaction Sequence Number
Beacon interval
Capability Information
Current AP Address
Listen interval
Association ID
Timestamp
Reason Code
Status Code
Management Frame Information Elements
Service Set Identity (SSID)
Supported Rates
FH Parameter Set
DS Parameter Set
Traffic Indication Map (TIM)
CF Parameter Set
IBSS Parameter Set
Country
Hopping Pattern Parameters and Hopping Pattern Table
Request
Challenge Text
Power Constraint
Power Capability
TPC Request
TPC Report
Supported Channels
Channel Switch Announcement
Measurement Request and Measurement Report
Quiet
IBSS DFS
ERP Information
Robust Security Network
Extended Supported Rates
Wi-Fi Protected Access (WPA)
Types of Management Frames
Beacon
Probe Request
Probe Response
IBSS announcement traffic indication map (ATIM)
Disassociation and Deauthentication
Association Request
Reassociation Request
Association Response and Reassociation Response
Authentication
Action frame
Frame Transmission and Association and Authentication States
Frame Classes
Class 1 frames
Class 2 frames
Class 3 frames
5. Wired Equivalent Privacy (WEP)
Cryptographic Background to WEP
Stream Cipher Security
Cryptographic Politics
WEP Cryptographic Operations
WEP Data Processing
WEP data transmission
WEP key length
Types of WEP keys
Manual (static) versus automatic (dynamic) WEP
WEP key numbering and storage
WEP Encapsulation
Problems with WEP
Cryptographic Properties of RC4
Design Flaws of the WEP System
Key Recovery Attacks Against WEP
Key recovery defenses
Dynamic WEP
6. User Authentication with 802.1X
The Extensible Authentication Protocol
EAP Packet Format
EAP Requests and Responses
Type code 1: Identity
Type code 2: Notification
Type code 3: NAK
EAP Authentication Methods
EAP Success and Failure
A Sample EAP Exchange
EAP Methods
Cryptographic Methods
LEAP
Code 13: EAP-TLS
Code 21: EAP-TTLS and Code 25: EAP-PEAP
Noncryptographic EAP Methods
Code 4: MD-5 Challenge
Code 6: Generic Token Card
Code 29: EAP-MSCHAP-V2
Code 18: EAP-SIM and Code 23: EAP-AKA
Other Inner Authentication Methods
Password Authentication Protocol (PAP)
Challenge Handshake Authentication Protocol (CHAP)
MS-CHAP, version 1
802.1X: Network Port Authentication
802.1X Architecture and Nomenclature
802.1X frame filtering
EAPOL Encapsulation
Addressing
802.1X on Wireless LANs
Sample 802.1X Exchange on 802.11
Dynamic keying
7. 802.11i: Robust Security Networks, TKIP, and CCMP
The Temporal Key Integrity Protocol (TKIP)
TKIP Differences from WEP
TKIP initialization vector use and key mixing
TKIP sequence counter and replay protection
The Michael integrity check and countermeasures
TKIP Data Processing and Operation
TKIP key mixing and key construction
TKI P data transmission
TKIP reception
The Michael Integrity Check
Michael data processing
Michael countermeasures
Counter Mode with CBC-MAC (CCMP)
CCMP Data Processing
CCMP data transmission
CCMP reception
Robust Security Network (RSN) Operations
802.11i Key Hierarchy
Pairwise key hierarchy
Group key hierarchy
802.11i Key Derivation and Distribution
Updating pairwise keys: the four-way handshake
Updating group keys: the group key handshake
Mixing Encryption Types
Key Caching
8. Management Operations
Management Architecture
Scanning
Passive Scanning
Active Scanning
Scan Report
Joining
Authentication
802.11 “Authentication”
Open-system authentication
The legacy of shared-key authentication
Defeating shared-key authentication
Preauthentication
802.11 Preauthentication
802.11i Preauthentication and Key Caching
Association
Association Procedure
Reassociation Procedure
Power Conservation
Power Management in Infrastructure Networks
Unicast frame buffering and delivery using the Traffic Indication Map (TIM)
Delivering multicast and broadcast frames: the Delivery TIM (DTIM)
IBSS Power Management
Timer Synchronization
Infrastructure Timing Synchronization
IBSS Timing Synchronization
Spectrum Management
Transmit Power Control (TPC)
Basic operation of transmit power control
Changes to the association process
Changing the transmission power
Dynamic Frequency Selection (DFS)
Basic operation of DFS
Quieting the channel
Measuring
Radar scan
IBSS operation
Action Frames
Measurement Request frame
Measurement Report
TPC Request and Report
Channel Switch Announcement
9. Contention-Free Service with the PCF
Contention-Free Access Using the PCF
PCF Operation
Reserving the medium during the contention-free period
The polling list
Transmissions from the Access Point
Contention-Free Period Duration
Detailed PCF Framing
Contention-Free End (CF-End)
CF-End+CF-Ack
CF Parameter Set
Power Management and the PCF
10. Physical Layer Overview
Physical-Layer Architecture
The Radio Link
Licensing and Regulation
Frequency allocation and unlicensed frequency bands
Other unlicensed bands
Spread Spectrum
Types of spread spectrum
RF Propagation with 802.11
Signal Reception and Performance
The Shannon limit
Path Loss, Range, and Throughput
Multipath Interference
Inter-Symbol Interference (ISI)
RF Engineering for 802.11
RF Components
Antennas
Amplifiers
11. The Frequency-Hopping (FH) PHY
Frequency-Hopping Transmission
802.11 FH Details
802.11 Hop Sequences
Joining an 802.11 Frequency-Hopping Network
ISM Emission Rules and Maximum Throughput
Effect of Interference
Gaussian Frequency Shift Keying (GFSK)
2-Level GFSK
4-Level GFSK
FH PHY Convergence Procedure (PLCP)
Framing and Whitening
Frequency-Hopping PMD Sublayer
PMD for 1.0-Mbps FH PHY
PMD for 2.0-Mbps FH PHY
Carrier sense/clear channel assessment (CS/CCA)
Characteristics of the FH PHY
12. The Direct Sequence PHYs: DSSS and HR/DSSS (802.11b)
Direct Sequence Transmission
Encoding in 802.11 Direct Sequence Networks
Radio Spectrum Usage in 802.11 Direct Sequence Networks
Channel energy spread
Adjacent channel rejection and channel separation
Maximum theoretical throughput
Interference response
Differential Phase Shift Keying (DPSK)
Differential Binary Phase Shift Keying (DBPSK)
Differential Quadrature Phase Shift Keying (DQPSK)
The “Original” Direct Sequence PHY
PLCP Framing and Processing
DS Physical Medium Dependent Sublayer
Transmission at 1.0 Mbps
Transmission at 2.0 Mbps
CS/CCA for the DS PHY
Characteristics of the DS PHY
Complementary Code Keying
High Rate Direct Sequence PHY
PLCP Framing and Scrambling
HR/DSSS PMD
Transmission at 1.0 Mbps or 2.0 Mbps
Transmission at 5.5 Mbps with CCK
Transmission at 11 Mbps with CCK
Clear channel assessment
Optional Features of the 802.11b PHY
Characteristics of the HR/DSSS PHY
13. 802.11a and 802.11j: 5-GHz OFDM PHY
Orthogonal Frequency Division Multiplexing (OFDM)
Carrier Multiplexing
Orthogonality Explained (Without Calculus)
Guard Time
Cyclic Extensions (Cyclic Prefixes)
Windowing
OFDM as Applied by 802.11a
OFDM Parameter Choice for 802.11a
Structure of an Operating Channel
Subchannel modulation techniques
Forward error correction with convolutional coding
Subchannel interleaving
Operating Channels
OFDM PLCP
Framing
Preamble
Header
Data
Trailer
OFDM PMD
Encoding and Modulation
Radio Performance: Sensitivity and Channel Rejection
Clear Channel Assessment
Transmission and Reception
Acknowledgment
An example of OFDM encoding
Characteristics of the OFDM PHY
14. 802.11g: The Extended-Rate PHY (ERP)
802.11g Components
Compatibility Changes
Protection
ERP Physical Layer Convergence (PLCP)
ERP-OFDM Framing
Single-Carrier Framing with 802.11g
PBCC coding
DSSS-OFDM framing
ERP Physical Medium Dependent (PMD) Layer
Clear Channel Assessment (CCA)
Reception Procedure
Characteristics of the ERP PHY
15. A Peek Ahead at 802.11n: MIMO-OFDM
Common Features
Multiple-Input/Multiple-Output (MIMO)
Channel Width
MAC Efficiency Enhancements
WWiSE
MAC Enhancements
Channels and radio modes
Protection
Aggregation, bursting, and acknowledgment
The WWiSE MIMO PHY
Structure of an operating channel
Modulation and encoding
Interleaver
Space-time block coding
Modulation rates
MIMO and transmission modes
WWiSE PLCP
The SIGNAL-N field
WWiSE PMD
Characteristics of the WWiSE PHY
TGnSync
TGnSync MAC Enhancements
Channels, radio modes, and coexistence
Aggregation and bursting
Protection
Powersaving
TGnSync PHY Enhancements
Structure of a channel
Basic MIMO rates
Transmit modes
Optional coding
Optional short guard interval
TGnSync Physical Transmission (PLCP and PMD)
Legacy header
High Throughput header
High-Throughput training fields
Data, tail, and padding
TGnSync PMD
Comparison and Conclusions
16. 802.11 Hardware
General Structure of an 802.11 Interface
Software-Defined Radios: A Digression
A Few Words on 802.11 Hardware Implementations
Learning more about cards: FCC filings
Implementation-Specific Behavior
Rebooting Interface Cards
Scanning and Roaming
Rate Selection
Reading the Specification Sheet
Sensitivity Comparison
Delay Spread
17. Using 802.11 on Windows
Windows XP
Card Installation
Third-party 802.1X stacks and the driver update process
Cisco client software
Choosing a Network
Configuring Security Parameters and 802.1X
Configuring EAP Methods
EAP-TLS
PEAP version 0
Clearing credentials from the registry
SecureW2: TTLS with ZeroConfig
WPA Configuration and Installation
Windows 2000
Dynamic WEP Configuration
Windows Computer Authentication
How It Works
18. 802.11 on the Macintosh
The AirPort Extreme Card
Software Installation
Configuring and Monitoring an AirPort Interface
Basic configuration with the AirPort status icon
Configuration with the System Preferences application
Monitoring the wireless interface
802.1X on the AirPort
Configuring EAP Methods
TTLS configuration
PEAP configuration
The Keychain
Adding to the keychain
Troubleshooting
19. Using 802.11 on Linux
PCMCIA Support on Linux
PCMCIA Card Services Overview
Interface names in Linux
Hotplug system for automatic configuration
PCMCIA Card Services Installation
Monitoring the Cards
The lights are not useful
Troubleshooting Resource Conflicts
IRQs
I/O ports
Linux Wireless Extensions and Tools
Compiling and Installing
Interface Configuration with Wireless Tools and iwconfig
Finding networks
Setting the network name
Setting the network channel
Setting the network mode and associating with an access point
Setting the data rate
Configuring static WEP keys
Tuning 802.11 parameters
Agere (Lucent) Orinoco
Compiling and Installing
PCMCIA configuration
Doing it yourself
Configuring the orinoco_cs Interface
Atheros-Based cards and MADwifi
Driver Architecture and the Hardware Access Layer (HAL)
Requirements
Building the Driver
Using the Driver
802.1X on Linux with xsupplicant
Requirements
Compiling and Installing xsupplicant
Configuring xsupplicant
Pseudorandom number generation
Connecting and Authenticating to a Network
WPA on Linux
20. Using 802.11 Access Points
General Functions of an Access Point
Types of Access Points
For the home: residential gateways
For the office: enterprise access points
For the large office: wireless switches
Power over Ethernet (PoE)
Types of PoE
Selecting Access Points
Are Access Points Really Necessary?
Cisco 1200 Access Point
Setting Up the 1200
Configuring Radio Interfaces
Internetworking
Configuring Security
Configuring WPA-PSK
Monitoring
Troubleshooting
Apple AirPort
First-Time Setup
The Management Interface
Configuring the wireless interface
Configuration of the LAN interface
Access control
21. Logical Wireless Network Architecture
Evaluating a Logical Architecture
Mobility
Defining “mobility”
Security
Performance
Backbone Engineering
Beacons, BSSIDs, and VLAN integration
IP addressing
Network Services
DHCP
Operating system login
Client Integration
Topology Examples
Topology 1: The Monolithic Single-Subnet Network
Mobility
Address assignment through DHCP
Security
Backbone engineering
Performance
Client integration
Topology 2: “E.T. Phone Home” or “Island Paradise”
Mobility
Security
Performance
Backbone
Client
Topology 3: Dynamic VLAN Assignment
Mobility
Security
Performance
Backbone
Client
Topology 4: Virtual Access Points
Mobility
Security
Performance
Backbone
Client
Choosing Your Logical Architecture
22. Security Architecture
Security Definition and Analysis
Wireless LAN Security Problems
Your credentials, please: authentication
Secrecy over the air: encryption
Secrecy and integrity of the whole network: rogue access points
Network integrity: traffic injection
Network availability: denial of service
Network integrity and availability: rogue clients
Network integrity: traffic separation
Authentication and Access Control
Station Authentication and Association
Link-Layer Authentication
WPA Personal (preshared key)
802.1X-based EAP authentication
Network Layer Authentication
Integrating User Authentication Through RADIUS
RADIUS authentication and Microsoft Windows databases
Ensuring Secrecy Through Encryption
Static WEP
Dynamic WEP Keying with 802.1X
Improved RC4-Based Encryption: TKIP
CCMP: Encryption with AES
Higher Layer Security Protocols (IPsec, SSL, and SSH)
Selecting Security Protocols
Applying Security in the Protocol Stack
Compound binding vulnerabilities
Encryption
Security certifications
Network support
Choose Authentication
Choosing an EAP method
Authentication architecture
Choose Encryption
Multiple SSID support
Rogue Access Points
Detection
Physical Location
Disabling Rogue APs
And now, a word from your lawyers
23. Site Planning and Project Management
Project Planning and Requirements
Network Requirements
Coverage Requirements
Coverage and physical installation restrictions
Performance Requirements
Exploring the coverage/quality trade-off and total area throughput
Client limitations
Realistic throughput expectations
Number of users per access point
Mobility Requirements
Network Integration Requirements
Physical integration
Logical integration
Physical Layer Selection and Design
2.4 GHz (802.11b/g) Channel Layout
Limitations of the 2.4 GHz channel layout
5 GHz (802.11a) Channel Layout
Mixed Channel Layouts (802.11a+b/g Networks)
Planning Access-Point Placement
The Building
Constraints on AP placement
Buildings in progress
The Preliminary Plan
The preliminary report
Radio Resource Management and Channel Layout
Refining and Testing the Plan
Validation and test tools
RF fingerprint collection
Preparing the Final Report
Using Antennas to Tailor Coverage
Antenna Types
Antenna cabling
Antenna diversity
Amplifiers: bring on the heat
24. 802.11 Network Analysis
Network Analyzers
802.11 Network Analyzers
Ethereal
Compilation and Installation
Setting the Wireless Interface for Monitor Mode
Cisco Aironet cards
Prism cards
Orinoco cards
Atheros-based cards
Running Ethereal
Capturing data
Data Reduction
Capture filters
Display filters
Using Ethereal for 802.11 Analysis
Display filters
Understanding the LLC header to isolate a protocol
802.11 Network Analysis Checklist
Display Filter Primitives
Excluding Beacon frames
Isolating traffic from one station
Isolating a protocol
Common Troubleshooting Tasks
Authentication troubleshooting
Key distribution troubleshooting
Performance troubleshooting
Decrypting WEP traffic
RADIUS analysis
Other Tools
Finding, Measuring, and Mapping Networks
WEP Key Recovery
Key recovery time estimates
Authentication
25. 802.11 Performance Tuning
802.11 Performance Calculations
Example Calculation
Other components to a performance model
Block acknowledgments
Improving Performance
Tunable 802.11 Parameters
Radio Management
Beacon interval
RTS threshold
Fragmentation threshold
Retry limits
Tuning Power Management
Listen interval
DTIM Period
ATIM window
Timing Operations
Scan timing
Timers related to joining the network
Dwell time (frequency-hopping networks only)
Summary of Tunable Parameters
26. Conclusions and Predictions
Standards Work
New Standards
Task group E: quality of service extensions
Task group K: radio resources
Task group N: high-throughput (100+ Mbps) MIMO PHY
More distant standards
Related standards
Current Trends in Wireless Networking
Security
Authentication protocols
Admission control
Rogue device control
Deployment and Management
Planning a network
Backhaul
Mini-"regulators” and arbitrators
Guest access
Applications
Location
Voice
Datacasting
Protocol Architecture
Federations and mobility
Future protocols
The End
Glossary
Index
About the Author
Colophon
Copyright
← Prev
Back
Next →
← Prev
Back
Next →