Lab Q/A
What fraction of the frames sent to the AP signal that the client is powering down?
16/822 or 2% of frames sent to the api have their power management bit sent. Indicating that they are about to sleep.
What are the Type and Subtype values of Association Request / Association Response frames?
Association Request is Type 0 (Management) and Subtype 0. Association Response is Type 0 (Management) and Subtype 1.
How often are Beacon frames sent for the main AP? You may find the Beacon interval given in the Beacon frame itself, or change the Time display to be show the interval since the last frame. (Under View, select Time Display Format, and "Seconds Since Previous Displayed Packet".)
Beacon frames are sent by the "djw" AP every 102.4 milliseconds, or a rate of roughly 10/second. Beacons show up regularly in the trace, and when there is no active data transfer they are often the main traffic.
What is the BSS ID used by the most active wireless conversations? A BSS ID value identifies an AP, so this BSS ID identifies the most active AP, presumably the AP we are monitoring. To help find it, you can sort on the source or destination address by clicking on the column heading.
By inspecting the address fields on frames, the AP has a BSS ID of 00:16:b6:e3:e9:8f.
What are the Type and Subtype values for the Probe Request / Probe Response frames?
Probe Request is Type 0.(Management) and Subtype 4. Probe Response is type 0. (Management) and Subtype 5
What data rates does the main AP support? The rates are listed under tagged parameters
The AP supports 1, 2, 5.5, 6, 9, 11, 12, 18, 24, 36, 48, and 54 Mbps. The rates are given in two tagged parameters as supported rates and extended supported rates (since there are many of them). The 1, 2, 5.5, and 11 Mbps rates are marked "B", meaning that they are 802.11b legacy rates rather than 802.11g rates.
What rate is the Beacon frame transmission? The answer to this question will be found on the Radiotap header, or more conveniently displayed in the column you added in an earlier step.
The Beacon frames for this AP are all transmitted at a rate of 1 Mbps. This is typical. A low rate is used to allow the Beacons to be received over a larger area around the AP (since a lower rate can generally be received with a weaker signal).
What is the channel frequency? To find the frequency, expand the Radiotap header of any frame and look for the Channel frequency.
The Channel frequency is 2462 MHz, or 2.462 GHz. It is known as "802.11b/g channel 11"
What is the range of RSSI and hence variation in SNRs in the trace? Give this as the strongest and weakest RSSI and the dB difference between them.
The RSSIs range from -44 dBm (strongest) to -69 dBm (weakest signal). This is a variation of 25 dB or around a factor of 300 in the SNR.
What is the SSID of the main AP? This is one of the tagged parameters in the Beacon frame
The SSID is "djw". This can be seen in the tagged parameters, or in the Info field.
What is the broadcast Ethernet address, written in standard form as Wireshark displays it?
The broadcast address is ff:ff:ff:ff:ff:ff. This is 48 bits of "all 1s"written in standard form.
Which bit of the Ethernet address is used to determine whether it is unicast or multicast/broadcast?
The broadcast/multicast or "group" bit is shown by Wireshark as ".... ...1 .... .... .... ...." or a one in the low-order bit of the first address byte. We could also write this 01:00:00:00:00:00. This bit is actually the bit that is transmitted on the wire first because Ethernet defines the transmission order to be the "least significant bit of each byte first".
Which Ethernet header field is the demultiplexing key that tells it the next higher layer is IP? What value is used in this field to indicate "IP"?
The demultiplexing key for Ethernet is the Type field. It holds 0x800 when the higher layer is IP.
Which IP header field is the demultiplexing key that tells it the next higher layer is TCP? What value is used in this field to indicate "TCP"?
The demultiplexing key for IP is the Protocol field. It has value 6 when the higher layer is TCP.
List in the order they are sent the IEEE 802.11 fields in an Acknowledgement frame and their lengths in bytes. Do not break down the Frame Control field into subfields, as we have already looked at these details
The fields are Frame Control (2 bytes), Duration (2 bytes), Receiver Address (6 bytes), and Frame Check Sequence (4 bytes).
What rates are used? Give an ordered list of rates from lowest to highest. Hint: you can click the Rate column to sort by that value.
The rates are 1, 6, 12, 18, 24, 38, 48, and 54 Mbps. This is most of the possible 802.11b/g rates.
. How many Control frames are in the trace, and what is the most common subtype?
There are 1391 Control frames or 37% of the total. The most common Control frame is the Acknowledgement frame with subtype 13. The fraction of Control frames should be comparable but likely lower than the fraction of Data frames due to Acknowledgements(as each non-broadcast Data frame is acknowledged)
Give an estimate of the retransmission rate as the number of retransmissions over the number of original transmissions. Show your calculation.
There are 1430 original data frames and 353 retransmission Data Frames. Our estimate of the retransmission rate is 353/1430 = 25%
How many Data frames are in the trace, and what is the most common subtype of Data frame?
There are 1783 Data frames, or 48% of the total (3731) frames. The most common Data frame is simply called "Data" with subtype 0. The fraction of Data frames will depend heavily on whether there are active data transfers during the trace; there is a small transfer during this trace.
How many Management frames are in the trace, and what is the most common subtype?
There are 557 management frames or 15% of the total. The most common management frame is the Beacon Frame with the subtype 8. Management Frames are likely to occur at a regular background-rate due to beacons. The fraction of the trace they occupy depends on whether there are active transfers.
