9Wireless networks
9.1Introduction
This chapter is mostly dealing with Wi-Fi, and secondly with Bluetooth. Before diving into these, we will look at the overall picture. You can structure the huge selection of wireless networks in many ways. In approximate descending order of link-distance:
–Global
No system has a global wireless link that allows you to talk from anywhere to anywhere without some kind of relay station. Satellite phones are a good example. Here, we have an uplink from the transmitting satellite phone to the satellite, and a downlink to the receiver, typically connected to the normal telephone network (today part of the internet). Similarly, a mobile phone connects wirelessly to a base station, which via the internet is connected to the server you are addressing, or to another base station that completes the call to another mobile phone.
“KNL Networks” (kyynel.net) has taken another approach. With the help of short-wave radio links and software defined radio, they provide internet to ships in the middle of the ocean. Over water, a single long link is necessary, while on land the distance of a single link is at maximum 600 km (375 miles). In this scenario, there are repeaters for longer distances.
–LPWAN
Low power wide area networks are an interesting group of networks. They have a range of 15–50 km, which is comparable to mobile/cellular networks. The transfer rates are however just a small fraction of what is possible with mobile. The duty-cycle is typically also very low, resulting in as low as 1 kB data/day or even lower. Why is this suddenly interesting, when we now have high-definition video on our phones?
Naturally, the key is low power consumption. These networks can run for a year or more on a single coin cell battery. As always, the sheer technical parameters are not the only interesting ones. Even more important is the way you become a member of the club, for example, the “Sigfox” company owns the technology of the same name, and is the only operator using it, so if you want Sigfox, you depend on them to make a network in your area. With “LoRa” you have the freedom to make your own network; however, Semtech is the only provider of the necessary LoRa transceiver chips.
Most LPWANs use the ISM band. This is 868 Mzh in Europe, 908 MHz in the US and Canada, and similar in the rest of the world. This is pleasantly far away from 2.4/5 GHz used by Wi-Fi, and penetrates buildings a lot better. The major advantage of the ISM band is that it, like 2.4 GHz, requires no license, but since the ISM bands differ in the regions, you cannot use equipment from one region in another.
–3G/4G
The original differences between the terms “cell phone” and “mobile phone” are sort of forgotten and they tend to mean the same. The “cell” term refers to the network. A given city is divided into cells with a base station which the phone connects to. The relatively short range inside a city is often perceived as a disadvantage, but it has an important upside. Since the air is essentially a shared medium, and the number of licensed frequency slots is limited, we would be in serious trouble if all phones had a reach of say 100 km. The relatively small cells allow the operator to reuse the same frequency over and over in a big city at the same time. If you want a device to use this network, the short range becomes a problem in rural areas.
Another problem is the power usage that enforces mains-supply or large batteries. Finally, 3G/4G requires a SIM card giving access to the network, which is operated by whoever has bought the license. To a global device vendor, this means the need to negotiate numerous agreements with the various operators. E-SIM is an emerging standard that allows you to mount a chip at the factory that works globally. This is already used in Apple Watch Series 3.
–Wi-Fi
The well-known Wi-Fi—IEEE 802.11—typically has a range of 30–100 m. The 2.4 GHz is crowded, but penetrates buildings a lot better than 5.0 GHz42, where we have more channels. The 2.4 GHz band is free all over the world, while 5 GHz is only free in most of the world, with China being one of the major exceptions. Wi-Fi is extremely popular in homes and offices.
–Bluetooth
Bluetooth also operates in the 2.4 GHz band, but not in the 5 GHz band. It uses a frequency-hopping scheme that makes it very tolerant to other networks, and vice versa. Contrary to all the aforementioned network types, Bluetooth originally could not be routed on the internet as it had no IP address. This changed with Bluetooth Low-Energy, facilitating the so-called 6LoWPAN. Bluetooth has a range comparable to Wi-Fi, but the transfer speed is much lower, especially when using BLE instead of Bluetooth Classic.
–WPAN
IEEE 802.15.4 defines WPAN (wireless personal area networks). The range of these is comparable to that of Bluetooth and Wi-Fi. One of the best known is ZigBee, which applies a mesh technique, helping devices to act as routers for each other. In other words; a device may be to far away from the internet gateway itself, but can use devices closer to the gateway as stepping-stones. This allows for a longer range, but it also means that the devices “downstream” will use more power and need more bandwidth than those farther away. 6LoWPAN was created for this group of networks, and thus also applies for ZigBee. ZigBee also uses the 2.4 GHz band.
–Misc
Z-Wave is a network, in many ways similar to ZigBee, but it is privately owned and not controlled in any IEEE standard. The basic Z-Wave cannot be routed, as it has no IP address, but also here there is a technology-patch, known as Z/IP. Z-Wave uses the ISM band, giving good penetration of walls, etc.
There is a large ecosystem of vendors with compatible products using Z-Wave. The products may be controlled via the cloud or via the “HomeSeer” application, which a user may run locally on, for example, a RaspBerry Pi.
Table 9.1 is a rough comparison of a broad selection of networks. The values stated must be taken with a grain of salt. A parameter such as the “Free Range” is typically exaggerated, and if it is possible to communicate anything at this range it will typically be at a very low rate.
Table 9.1: A selection of wireless networks.
*via 6WLoPan
**It really is mW
9.2Wi-Fi basics
There are many wireless technologies. Of these, some are WLAN, and of these, most are IEEE 802.11 based. The Wi-Fi Alliance has registered “Wi-Fi” as a trademark for IEEE 802.11-based products. This chapter is about Wi-Fi.
Many of the Wireshark captures in Chapter 7 were actually done on a PC connected to a Wi-Fi SOHO router. This is transparent when using Wireshark alone. However, if you buy the device “AirPcap” from Riverbed, you can get a lot more insight.
A normal setup is running in infrastructure mode, where a wireless router is known as the AP (access point). All iPads, phones, PCs, and IoT devices on Wi-Fi, are known as STAs (stations). They all transmit on the same shared channel which means that only one AP or STA at a time can transmit. The whole interworking setup is a basic service set and similar systems nearby, that can interfere, are known as overlapping basic service sets.
The BSSID identifies the AP, and is the MAC address of the radio. The SSID (service set ID) identifies the WLAN and may be present on many APs. When an AP handles several SSIDs, each has a BSSID. Thus an AP is assigned as many MAC addresses as the number of SSIDs it can serve. All these terms are collected in Table 9.2.
Table 9.2: Parameters on application layer protocols.
| Term | Explanation |
| Channel | Specific frequency |
| SSID | Service set ID |
| STA | Station. A device talking to an AP |
| AP | Access Point. |
| The correct term for the router in the middle | |
| Infrastructure Mode | The concept of an AP in the middle |
| BSS | Basic service set. 1 AP + n ∗ STA |
| BSSID | ID of a given BSS |
| OBSS | Overlapping BSS |
| Neighbor on same channel | |
| HT | High throughput defined in IEEE 802.11n |
| VHT | Very high throughput. Defined in 802.11ac |
In the 2.4 GHz band, there are 11 channels (more in some countries), but they overlap. If interference is to be avoided, you can have separate basic service sets on channels 1, 6, and 11 at the same time. Wi-Fi is defined by IEEE 802.11, with the postfixed letters being very important. The first really used standard was 802.11b, then for some years 802.11g, and currently 802.11n and 802.11ac are where the action is, both including the 5 GHz band. If you have 802.11b equipment, you should get rid of it. It monopolizes the airtime as we shall see.
9.3The access point as a repeater
The most common use of an access point is access to the internet; hence the name. SOHO (small office/home office) routers have a single wired connection to the internet, often marked WAN (wide area network), while offering local connection via Wi-Fi to a number of devices. Typically, these routers also have a small number of wired Ethernet ports, working like a switch connected to a 2-port router. This was shown earlier in Figure 7.2.
The users of iPads, phones, or PCs rarely see a need to interconnect these devices, they just need access to the internet. However, in a home or office you often need to connect to a printer or a NAS disk with movies or backups, and music systems like Sonos. The optimal way to connect these devices is via the wired Ethernet ports in the router, but this is not always possible. There is also a growing need to connect STAs like an iPad to wireless IoT devices like air quality measurement, heating, lights, etc. Such devices are also STAs. Thus STAs need to communicate with each other.
In the following, we will study the scenario where the AP (router) helps the STAs (devices) to communicate with each other. This gives a good background for understanding the possibilities and limitations in the Wi-Fi technology. The connection from a single wireless STA to the internet is basically a subset of this scenario.
When we have an access point, we operate in infrastructure mode—the normal way to use Wi-Fi. On a wired network, nodes can communicate directly or through a switch—using unicasts, multicasts, or broadcasts. In a standard Wi-Fi infrastructure system, however, all communication must use the access point as a stepping stone. You may think: access point or switch—what’s the difference? There are two major differences:
–In a wired switch, traffic can go in and out of all ports at the same time (if the switch is good). In the Wi-Fi scenario, the air is a shared medium, thus only one STA or the AP should “talk” at any given time. This is much like older Ethernet coax networks, or even classic radio communication sharing a single channel - forcing users to end all contributions with “over” (and “Roger” for acknowledge).
–In a wired switch, traffic is switched at layer 2 (Ethernet), based on MAC addresses. This is completely transparent, requiring no changes to the Ethernet frames. In the Wi-Fi case, we use a router, which means that traffic is routed at layer 3. Layer 2 traffic—the radio traffic using the 802.11 protocols—is opened by the router and repackaged into new layer 2 traffic.
We will now look at the multicast scenario, using Wireshark with “AirCap,” a device that catches wireless traffic and gives information about the 802.11 frames as we shall see.
A STA “wants” to send a multicast frame to all other STAs in the basic service set. It does this by sending a message to the AP, which the AP then multicasts to all STAs; see Figure 9.1.
When one STA is sending anything, it is by definition to the AP, and the other STAs go into sleep mode, for the duration of the transmission, to save power. To help with this, there is generally information in all frames about the expected duration—we will see more of this in Section 9.9. Frame 2419 in Figure 9.1 is from the STA to the AP, while frame 2421 is the same data from the AP to all STAs. When setting up AirPcap, PPI (per-packet-information) was chosen which we see in the dissections of the two frames in Figures 9.2 and 9.3.
Analyzing the two dissected frames tells us the following:
1. Frame 2419 is sent from our STA at 130 Mbps, which is an 802.11n speed. This is possible because the STA knows that the only receiver—the AP—can handle this speed (we will see later how it knows).
2. Frame 2421 is sent from the AP at 6 Mbps, an 802.11g speed—the lowest common denominator, assuring that older g devices can understand it.
It would be even worse if 802.11b devices were present. Often the AP can be setup to be in legacy mode, where it complies with the old b standard, even though there are no detected b devices, or it can be in mixed mode where it respects b devices if they are seen. The last mode is greenfield where only n devices are respected. This adds very little value compared to mixed mode with no b devices. So using mixed mode is playing it safe.43
3. When you look at wireless traffic in Wireshark, one of the first things you notice is how transmission speeds may change from one frame to the next, even if sender and receiver are unchanged. The next frame from the STA to the AP might be slower than the 130 Mbps, if noise is causing too many errors.
4. When right-clicking a line in Wireshark’s overview window you get a pop-up menu. Here, frame 2419 is selected as a time reference. The following time stamps are now relative to this. Note that several REFerence stamps are allowed in the same capture. Be careful when reading a time difference: there could be an intermediate REF that you have missed. Here, we see that the time from when frame 2419 is sent and until frame 2421 is sent is 57 μs. Sending the 352 bits at 6 Mbps theoretically takes 58.7 μs.
5. The frames are identical on the UDP level as well as the IP level. The STA sent a normal multicast at these levels. However, on the 802.11 level, only frame 2421 is a multicast.
6. Both frames note the MAC source as IntelCor_35:db:68 and the MAC destination as the multicast address 01:00:5e:00:00:de.
7. There is a BSS ID which in both frames is ubiquiti_54:ad:6f—the MAC address of the access point.
8. Frame 2419 has a “Transmitter address,” which is the same as its MAC source, IntelCor_35:db:68, and a “Receiver address,” which is the access point (ubiquiti_54:ad:6f).
9. Frame 2421 has a “Transmitter address” which is the same as the AP’s MAC, ubiquiti_54:ad:6f and a “Receiver address”—the multicast: 01:00:5e:00:00:de.
Whereas a wired Ethernet frame only has a source and destination MAC address, the wireless Ethernet has room for four MAC addresses and “to DS” and “from DS” bits. Luckily, Wireshark interprets this for us—see Table 9.3.
In other words, Wireshark helps us keep the original “source” and “destination” terms, and is using “receiver” and “transmitter” for the participants on the radio level.
Table 9.3: Wireshark terms for Wi-Fi nodes.
| Term | Explanation |
| Source | MAC of original source |
| Destination | MAC of original destination |
| Transmitter | MAC of transmitting radio now |
| Receiver | MAC of receiving radio now |
9.4How is speed calculated?
In Section 9.3, we saw different speeds listed by Wireshark. But how are these obtained? This is a very advanced subject—we will focus on the main parameters:
–MCS Index
This index is a combination of spatial streams, modulation type, and coding rate. A spatial stream is an independent data flow in “space.” The modulation type describes the number of states each transmitted symbol can have. A bit only has two states but, for example, 64-QAM has 64 states per symbol corresponding to 6 bits. The coding rate is the “true rate” of information transmitted when error-correction is accounted for. This information includes the original payload, as well as any headers added by the other layers.
–Bandwidth
When we say that there are 11 channels in the 2.4 GHz range, each is 20 MHz wide. It is possible to combine two into a 40 MHz wide channel, but this will cost 2/3 of the whole 2.4 GHz band when used (we are still time-sharing the channel).
–Guard Interval
This is the space between symbols. The normal guard is 800 ns, a short guard is 400 ns. Note that the AirPcap used only supports the normal guard.
–Subcarriers
As discussed, we may have a number of channels in, for example, the 2.4 GHz range. They all lie close to 2.4 GHz but in reality they are 5 MHz spaced. Channel 1 is at 2412 MHz, channel 2 at 2417 MHz, etc. With this information, it is no wonder that a 20 MHz wide channel will invade the neighbors, giving us only channels 1, 6, and 11 undisturbed. Using OFDM (orthogonal frequency division multiplexing), each channel is split into a number of subchannels, or rather subcarriers. Each of these is synthesized and decoded using respectively iFFT and FFT ([inverse] fast Fourier transform) technology.
If we have an MCS index of 7, a long guard interval and a 20 MHz channel, the data rate can be calculated as in Table 9.4.
Table 9.4: Wi-Fi data rate calculation.
| Factor | Value |
| Spatial streams | 1 Flow |
| 64-QAM = 64 states/symbol | 6 bits/symbol |
| Time per symbol 4 μs incl. long guard | 250k/s |
| Subcarriers in 20 MHz | 52 |
| Left after forward correction | 5/6 |
| Total: 1 ∗ 6 bit ∗ 250 k/s ∗ 52 ∗ 5/6 | 65 Mbit/s |
A short guard will cut of 0.4 μs of the 4 μs, increasing the speed by 11 %. You can find tables of MCS indexes at Wikipedia and other places. These are built into Wireshark.
This speed is the maximum theoretical speed without retransmissions and without time-sharing the channel with other devices.
9.5Case: Wi-Fi data transmission
Figure 9.4 shows a scenario with a data-producing device,44 wired to a small Asus router.
Via this, data is transmitted to a “pre-Air” iPad. The recording is made with AirPcap, using the PPI header from the 802.11 layer. A fantastic feature in Wireshark is that when you “open up” the dissector, you can right-click on an interesting value and select “Show as Column.” In Figure 9.4, this has been done with all the columns shown between “protocol” and “info”: Data Rate, Duration (μs), MCS Index, RSSI, and RTT.
Let’s walk through the case:
–There is a little communication going on with a Sonos music system running on another AP—seen in frame 835709 and colored black. It does not seem to cause problems.
–All TCP communication happens within aggregated frames. Aggregated frames are a very important part of the newer wireless standards. As we shall see later (Section 9.8), there is a lot of overhead before a transmission can be started. It is therefore of great value to “keep going,” once started.
Disregarding the two first lines, we first have a block of aggregated TCP data in 9 frames with a total of 13890 (8∗1622+914 in hidden column) bytes from the device via the Asus AP. This is followed by a reply from the iPad STA, with a total of 6 TCP frames. Based on earlier wired analysis of the same scenario, we know these are all ACKs. This is confirmed by Wireshark in the “RTT” column which is Wiresharks calculation of the round-trip time. This can only be calculated with the detection of an ACK on a previous message. Interestingly, the RTT is measured to be 14–20 ms, which is about the same as the duration of 5–10 aggregated frames.
–Data is sent with MCS index 7. This we know is 20 MHz band (from Table 9.4) and long guard (SGI—Short Guard Interval—false). The TxRate shows 65 Mbps which is consistent with the calculations in Section 9.4.
–RSSI (received signal strength indication) shows 255 for all the aggregated TCP frames, except the last in each aggregation, which is 66 from the Asus and 59 from the iPad. This number is an indication of the received power, the “255” values should be ignored. RSSI can only be used when comparing measurements with the same equipment, as it is not rooted in mW or similar, but quite arbitrary. It is however, interesting that the Asus and the iPad values are not so far apart.
–Before each datatransmission we see a CTS (clear-to-send) with a value in μs in the “Duration” field. This is not the duration of the CTS, but an estimate on the duration of the following data transmission. By marking CTS as REFerence, it is easy to check this estimated duration against the actual duration of the aggregated transmission. Section 9.9 goes into more details on this. The estimate is best for longer durations.
–The CTS is an answer to an RTS (request-to-send). When the iPad is about to send its ACKs, we see an RTS from the iPad to the Asus in frames 835710 and 835719 (outside the view), both immediately followed by the CTS from the Asus AP. As the CTS and RTS are sent from different devices, they may reach a wider audience.
Imagine, for example, that a neighboring network is so far from the Asus router that neither of the access points can see each other, nevertheless, one or more STAs in one network will experience interference from the neighbor AP or STAs. This is known as the hidden terminal problem. In such a case, the neighbor STA will still see the CTS or the RTS, and will understand when to keep quiet.
–We also see RTS-CTS pairs before the Asus STA is about to send. Why is that? This is an infrastructure system: as long as the AP is transmitting, the STAs will shut up. And there is no transmitter on the CTS, only the Asus as destination. The explanation is that the Asus AP is asking and giving itself permission. This is partly to warn Neighboring BSSs that this channel is going to be taken, partly to tell other STAs on our own network, that they might as well take a nap for the duration of the transmission, and thus save energy.
Figure 9.5 shows another tool applied—Chanalyzer with Wi-Spy from MetaGeek. We are measuring on channel 6, on the SSID called BK3660A-100039.
The information about the Wi-Fi SSIDs in the bottom table comes from the PCs wireless NIC. Based on this info, the tool draws a “profile” of a given network, the dotted line, over the actual measurement.
Apart from looking very fancy, this is actually a nice tool. We can see a lot of stuff on Wireshark, but it is all above the physical layer. You may have problems with connections that only show in Wireshark as retransmissions. Noise on the physical level from, for example, a microwave oven, a wireless mouse, or an infrared movement detector, may interfere. This can be seen with a tool such as Wi-Spy. The tool includes “standard signatures” of known noise sources. This may help find the culprit.
9.6Case: beacons
We are not completely done with the transmission in the previous section. It is interesting to know why we ended up with MCS index 7, and why only 20 MHz Bandwidth, as the Asus AP should be able to support channel bonding where two 20 MHz channels are joined into one 40 MHz channel. Even in 20 MHz mode we should be able to get 72 Mbps according to Figure 9.5.
Access points are periodically (typically every 100 ms) emitting so-called beacons. These are broadcasts sent on a slow and robust data rate. This ensures that they are seen by all STAs in the vicinity, even older types. An important part of this broadcast is the SSID. This allows you to choose between networks. The AP also transmits a lot of information on its capabilities. Figure 9.6 shows the beacon from the Asus AP.
The “HT Capabilities Info” is the relevant section here; “HT” for “high throughput,” which is related to the 802.11n standard. The figure shows that the Asus AP says that it only supports 20 MHz operation, but why does it then claim support for “Short Guard” on 40 Mhz? It turns out that it actually can do the 40 MHz operation, but in this session this feature was disabled in its setup.
STAs may do probe requests where they advertise their capabilities. Not a single probe request was caught in this recording. A STA may run in passive mode where it does not emit probe requests, but simply connect to the AP with a common denominator of the two parties capabilities.
The iPad used at the time did not support neither 40 MHz channels or “short guard,” so the resulting traffic ends with a single 20 MHz channel and long guard, giving us an MCS index of 7 and from this the 65 Mbps speed. AirPcap does not support the short guard interval either. If both devices had supported the short guard interval, we would not have been able to follow the transmissions. In order to debug anyway, we would simply disable short guard on one of the devices. Figure 9.7 shows the probe request from a similar unconnected iPad. Beacons and probes are also used when deciding which encryption to use; see Section 10.15.
9.7Case: a strange lagging
The setup we have studied for some time, was working fine. On the GUI, there were “moving curves” and no loss of data. However, once in a while there was a short “hesitation.” Timing it, it appeared to be every 5 minutes. Picking “Statistics” in Wireshark, then “I/O-graph” on a longer capture, Figure 9.8 was created.
The top jagged line at almost 20M bit/s (y-axis is on the right of this, not easy to read) is data in the direction where data flows. The more steady line just below, is the segment length in bytes, which is not so relevant in this discussion (y-axis to the left). It is clear that something does happen almost exactly 5 minutes after starting the traffic and the Wireshark caption, as the hard-to-read neighboring main grid lines are at 280 s and 320 s. The area of the “dive” matches the area of the peak shortly after, meaning that the transmission catches up, and no data is lost. However, the dive verifies the “hesitation” experienced in the application. Making the similar graph on RTT (round-trip time) in Figure 9.9 verified the lagging.
Here, the RTT goes from less than 60 ms to 360 ms for a short duration. The x-axis here is hard to read, but the closest main grid line says 700,000,000 Bytes. With a steady traffic at just below 20 Mbps, this grid line, shortly before the peak, is at a little more than (700,000,000 Bytes ∗ 8 bits/Byte)/20 Mbps = 280 s.
Browsing the standards, it became clear that according to 802.11n all STAs are required to scan all Wi-Fi channels every 300 seconds, and report their findings back to the AP. The AP collects this information and spreads it to all STAs so that they can update their “Navigation Vector.” This assists in the handling of hidden terminals. Knowing what to look for now, Figure 9.10 was produced.
The figure shows a Wireshark display filter on the “power management” bit (showing up as “P” in the info field) and the relevant BSSID (the MAC address of the AP). Every 300 seconds the iPad takes 13 small “power naps.” Technically, the 2.4 GHz band has 14 channels (not all legal everywhere), and when the iPad is listening to one of these it needs to scan the 13 others every 300 s.
These power naps can effect any application. In this scenario, where data is continuously streamed, we see it clearly on the screen as a hesitation. Had we used a higher data rate we would have lost data. In more normal scenarios, it means that the maximum latency is longer than what a simple measurement suggests.
9.8Aggregated frames
As smarter types of coding were developed, it became clear that the outstanding problem was the overhead involved with each frame. The usual solution when you have a lot of overhead per something, is to bundle and share the overhead. This is exactly what is done. This is called aggregation and in Section 9.5 we saw “aggregated frames.”
The thing that is aggregated is PDU (protocol data units). A PDU is loosely stated the “packet” at any level. As stated earlier the correct term for a PDU in Ethernet is a “Frame,” while in IP it is a “Packet” and in TCP the PDU is a “Segment.” At the application level, the PDU is a “Message” or simply “data.” An MPDU is a MAC PDU, in other words the packet as seen going in and out of the MAC. Confusingly, there are two different types:
- A-MPDU. Aggregate MAC protocol data unit.
- A-MSDU. Aggregate MAC service data units.
We will focus here on the first which we saw used in Section 9.5. In a later test with similar hardware as before, but this time using OpenWRT firmware loaded into the same type of Asus router, a capture was done—see Figure 9.11—which is the case for this and the next section. OpenWRT is described in Section 6.10.
Figure 9.11 shows the following:
–Data is basically sent from 192.168.1.128, which is wired to the access point, the Asus, which is wirelessly connected to an iPad. In other words, the same setup as previously studied.
–Wireshark is setup to show the A-MPDU sequence numbers by looking in the dissection of one frame and clicking “Apply as Column.” Similarly, “Data Rate” and “Starting Sequence number” in the Block Acknowledge are chosen as columns.
–Frames 39897–39901 are in reality a single 802.11 A-MPDU with sequence numbers 3092–3096, in other words 5 MPDUs.
–Frame 39902 is an 802.11 block acknowledge and as it is the selected frame, it is dissected in the middle window. We see that the starting sequence number is 3092. The Bitmap “1f000...” has five “1” bits and the rest of the 64 bits are “0.” This corresponds to the sequence numbers in frames 39897–39901. Thus we have a quick answer—a short RTT.
–Just below the “1f000...” (not visible), Wireshark states: “Missing Frame 3097...3098...” This can be somewhat misleading. It is Wireshark interpreting the zeroes in the bitmask. As this is always 64 bits, it is not necessarily a statement about lost frames, only frames not seen yet.
–Data is sent at 65 Mbps with PHY type 802.11n because the Asus and the iPad have agreed that this is fine. The block ACKs are however, sent at 24 Mbps PHY type 802.11g. This is because the configuration of the access point (the Asus) allows for 802.11g. A “g” STAtion on the network uses this information, as it uses RTS and CTS. It is not a huge performance issue to send these relatively short frames at a third of the possible speed.
9.9Channel assessment
We have seen the use of request-to-send and clear-to-send several times. The terms are ancient, dating back to at least RS-232, but the technology behind RTS/CTS in modern Wi-Fi is much more sophisticated. 802.11n does not need these if it is alone in the world (greenfield), but the modern variant has proven very robust; see Figure 9.12.
The RTS is sent by the STA transmitter-to-be, to the AP after a period of silence in the air called DIFS (distributed interframe space). Should this collide with a similar transmission from another STA, or the AP, it will abort and retry a semi-random delay later. This is just like classic Ethernet coax, where we also had a shared medium.
The RTS contains the expected transmission time, and the address of the receiver. This allows third parties to adjust their NAV (network allocation vector) and sleep until the expected end of the final ACK. The CTS serves a similar purpose, but as it is sent from the AP it may reach other third parties (hidden terminal problem). Once we have a designated transmitter-receiver pair, the “dead-time” between frames can be shorter—resulting in higher transmission speed. This shorter dead-time is called SIFS (short interframe space).
A STA or AP may use a “CTS-to-self” to protect against neighbors that do not understand the 802.11n protocol.
9.10Bluetooth low energy
Some years ago a war was fought between Wi-Fi and Bluetooth about being the preferred wireless connection. One of the main reasons why Wi-Fi won the war, is that 802.11 (Wi-Fi) is built on top of the existing Ethernet protocols. This gives the connectivity needed. With the assistance of a cheap Wi-Fi router connected to an existing network, the PCs, and later the phones and tablets, could connect to any server in the world.
Since then, Wi-Fi has been all about performance, getting more and more bytes across. Naturally, power savings has also been interesting as Wi-Fi is heavily used on laptops, but when, for example, using a device like Chromecast, there is typically power at the AP as well as at the Chromecast. And here you want your high-resolution Netflix without glitches.
Meanwhile, Bluetooth found an increasing niche in the “small-device-to-phone” market. This is where you don’t really need to route to the internet, you just want the headphones or whatever, to connect to your phone. In the “small device” end of the market, Bluetooth is thus very well known, and the main focus has been on battery savings.
Now everybody is gearing up for IoT, and the war is sort of restarting. Wi-Fi is weaker than Bluetooth on the power side. This is suddenly very relevant, since IoT devices may not be connected to power as often as laptops and phones. Bluetooth Classic still really hasn’t got the connectivity, and is way behind on performance. On the other hand, Bluetooth Low Energy does have the connectivity. It is not created for long lasting peer-to-peer connections like Bluetooth Classic. It connects fast and tears down fast, much like UDP.
Table 9.5 is a comparison of Bluetooth Classic and BLE (Bluetooth Low Energy) a.k.a. Bluetooth Smart.
Table 9.5: Bluetooth Classic versus BLE.
| Feature | Classic | BLE |
| Band | 2.4GHz | 2.4GHz |
| Distance | 30 m | 50 m |
| Data rate | 2100 kByte/s | 260(650) kByte/s |
| Tx power max | 100dBm | 10 dBm |
| Peak current max | 30 mA | 15 mA |
| Sleep current max | – | 1 μA |
| Broadcast/beacon concept | No | Yes |
| Connect up+down | 300ms | 3 ms |
The data rates in Bluetooth Low Energy are governed by which mode is chosen. The first version of BLE had very short frames—39 Bytes—but in the extended version in the 4.2 standard, frames can be up to 257 bytes. This explains why the theoretical max rate is given as two numbers in Table 9.5. The broadcast concept is new with BLE. Apple has an iBeacon concept which only broadcasts, and never does anything else. This is to be used in, for example, a department store, or a museum, where you walk around with your iPhone and catch different offers, anecdotes, or news.
Bluetooth 5 was announced very late in 2016, without the expected mesh technology, which came a little later. It boasts double speed or range (sometimes even more) due to new PHYs with more advanced coding of the symbols. It appears that the double speed can be obtained without using more energy than 4.2. Thus Bluetooth 5 may save energy.
The war between Wi-Fi and Bluetooth may be on again, but the rules have changed. The wireless IoT devices we hear about now, are supposed to run very long on batteries, only transmitting or receiving a small blurb once a minute or even less frequently. A good guess is that the Bluetooth guys have decided to avoid a direct war, and instead bet on their strongest virtue – the lower power consumption. This is why they invented Bluetooth Low Energy (BLE). BLE is enhancing what they are already good at. But what about the connectivity? IoT devices do not just want to connect to your personal phone, they want to connect to the cloud. For this reason, BLE in Bluetooth 4.2 has some added means of connectivity; see Table 9.6.
Table 9.6: Bluetooth Smart connectivity.
| Name | What it is | Usage |
| GATT | REST API | Server |
| HTTP | Proxy service | Client |
| 6LoWPAN | IPv6 tunnel | Client and server |
None of these can connect the device directly to the cloud, they all need gateway functionality, which may be in a phone or a more static, dedicated device. The GATT (see Table 9.6) solution is for BLE devices, mounted or located in a home or working place, where they are within reach of a “BLE gateway,” with a built-in HTTP server, statically connected, for example, via Wi-Fi, to the internet gateway. This allows the owner/employee to pick up his phone anywhere in the world and call up the HTTP server in the gateway. Via this, the device may check temperature, turn on heating, call up bath-weight measurements from the last month, etc. This is an existing solution.
The second solution is where a client inside the device needs to call something in the cloud. To do this, it requires a “proxy,” this time with an HTTP client, which could be the same gateway as before or a mobile phone. Surely the latter makes it more intermittent.
6LoWPAN is like a generally connected IPv6 device. Here, the device is again near a gateway. Via this it connects more transparently to the cloud, where it offloads data and gets new stored instructions. The gateway could be an application on a phone, or a static gateway. This solution is not tied up to HTTP—it could be anything using IP. If the IP address is that of the phone, then the connection is local, like Bluetooth Classic. The connectivity, once configured, is thus better than the other solutions, 6LoWPAN needs the GATT part for the original discovery and setup phase. At the time of this writing, iPhone does not support 6LoWPAN.
It is probably due to the new connectivity addendum that BLE is now being marketed as Bluetooth SMART. It sort-of turns Bluetooth Classic into Bluetooth DUMB, but it is already out there. There is still plenty of room for Bluetooth Classic, as it delivers a much higher bandwidth than the SMART does.
9.11Certification
The 2.4 GHz band is used all over the world for unlicensed radio traffic such as Wi-Fi and Bluetooth. The fact that this band is unlicensed, does not mean that it is unregulated. If a device is to be used in a given country, it must be certified for this country. With a single certification from the FCC45 the US is open, along with a number of smaller countries that accept an FCC certification. There is a similar certification allowing usage in the EU countries. In the US and EU, a “DoC” (document of compliance) can be filled out by the manufacturer and submitted to the authorities. In this document, the manufacturer states the compliance of the product to the relevant standards, backed up by documentation. China, Brazil, and a few other countries demand an “in-country” certification—meaning that the measurement has to be performed by government appointed test-facilities inside the country.
Since June 13, 2017, the “Radio Equipment Directive”—(RED)—is enforced in the EU. All equipment marketed after this date must abide to the RED. The major new thing in RED, compared to the old rules, is that not only transmitters, but also receivers are regulated. As we have seen in this chapter: if a transmitter experiences too many transmission errors, it will select a more robust modulation type and lower the transmission speed. This means that a badly designed receiver will occupy the radio for a longer time.
The RED requires efficiency on both parties in order to get the overall best utilization of our shared medium. In an effort to make life simpler, the RED not only regulates the wireless performance but also takes the place of the EMC directive and the low-voltage directive, whenever there is a radio involved.46 As other directives, RED only speaks in plain language about requirements, and defers all the technical stuff to a “Harmonised Standard” called “ETSI 300 328.” This standard specifies the actual conformance tests (and results) needed to obtain a certificate. It has two main parts, one for frequency hopping (Bluetooth), and one for static channels (Wi-Fi and, e. g., Zigbee). The actual EU certification is a question of filling out the Document of Compliance, submitted together with documentation for the various measurements. In theory, you can perform these measurements yourself, if you have the lab, but most companies will use a commercial lab for these measurements.
In the US, the major sections are FCC § 15.247 for 2.4 GHz and FCC § 15.407 for 5 GHz. The latter contains some rules on DFS (dynamic frequency selection) in order to avoid interference with weather radar. The FCC rules do not yet mention receiver efficiency. In the EU as well as the US, a so-called “SAR” testing is needed if the device is hand-held, or otherwise in close contact with human bodies.
If the device is based on a “precertified” wireless module, life becomes a lot easier. This module has been tested and documented on all digital and protocol related parameters such as, for example, SIFS and DIFS described in Section 9.9. Building the module into a box and adding an antenna does not change these specs. However, it is necessary to measure emission and input sensitivity.
Modern Wi-Fi also uses 5 GHz, and this is where things get complicated. Some countries, for example, China, does not allow for the use of 5 GHz. The European RED refers to “ETSI 301 893” for 5 GHz equipment.
9.12Further reading
–Perahia and Stacey: Next Generation Wireless LANs
Dry—but the best I have found.
–Laura Chappel: Wireshark Network Analysis
An extremely detailed guide to Wireshark as stated in Chapter 7. There is also a good section on Wireless Networks.
–Wireshark.org
The home of Wireshark.
–riverbed.com
Home of AirpCap—Wi-Fi analyzer for Wireshark.
–metageek.com
Home of Chanalyzer and WiSpy.