Our Blog

We are passionate about modern day security

Jul 22

802.11 Wi-Fi Explained: Control & Data Frames (Wireless Packets Part 2)

Author: TheXero | Category: wifi

TL;DR – Control and Data Frames in 802.11 Wi-Fi

Control frames manage the coordination of transmissions (e.g., ACK, RTS/CTS, Block ACK), ensuring smooth traffic flow and collision avoidance.

Block ACK improves efficiency by acknowledging multiple frames at once, reducing overhead in high-throughput environments.

PS-Poll frames help devices conserve power by polling the AP only when needed, balancing performance and battery life.

RTS/CTS frames prevent data collisions in congested networks by reserving airtime before transmission.

Data frames carry actual user data and may include QoS and control signals (e.g., CF-Ack, CF-Poll) to support performance-sensitive applications.

In Part 1 of our Wireless Packets series, we introduced MAC frames and Management Frames. In this article, we’ll dive deeper into Control and Data frames — essential components in 802.11 Wi-Fi networks.

What Are Control Frames?

Control frames in Wi-Fi (802.11) networks are crucial for managing the flow of traffic and ensuring the successful delivery of data frames. Think of them as the traffic controllers of Wi-Fi, regulating who can transmit data and when.

Types of Control Frames in Wi-Fi Networks

Control frames are identified by a type value of 0x01 and a 4-bit subtype, allowing for 16 possible subtypes (0x0000-0x1111). Here are the 14 utilized subtypes in 802.11 networks:

  • Reserved (0x0000-0x0010)
  • TACK (0x0011)
  • Beamforming Report Poll (0x0100)
  • VHT HE NDP Announcement (0x0101)
  • Control Frame Extension (0x0110)
  • Control Wrapper (0x0111)
  • Block ACK Request (0x1000)
  • Block ACK (0x1001)
  • PS-Poll (0x1010)
  • Request To Send (0x1011)
  • Clear To Send (0x1100)
  • Acknowledgement (0x1101)
  • Contention Free End (0x1110)
  • Contention Free End and Acknowledgement (0x1111)

Control Wrapper Frame

The Control Wrapper frame, defined in the 802.11n standard, carries other control frames and incorporates the High Throughput (HT) control field. This ensures all control frame fields are moved into corresponding fields within the control wrapper frame.

Control Wrapper frame diagram in Wi-Fi

Block ACK and Block ACK Request

Introduced in the 802.11e standard in 2007, Block ACK improves efficiency by allowing multiple QoS data frames to be acknowledged in a single Block ACK frame.

A Block ACK Request is sent after transmitting multiple QoS data frames with the NAV reservation and proper Ack Policy.

Block ACK frame diagram in Wi-Fi

PS-Poll Frame

PS-Poll frames are part of the Automatic Power Save Delivery (APSD) mechanism. These frames allow devices to wake periodically and poll the AP for any pending data.

PS-Poll frame diagram for power saving

RTS/CTS Frames

RTS/CTS frames coordinate access to the wireless medium to avoid collisions.

RTS Frame

Used to initiate communication in crowded environments. The Duration field in the RTS frame instructs nearby devices to defer transmissions.

RTS frame diagram in 802.11

CTS Frame

Sent in response to an RTS frame, the CTS frame reserves the channel for transmission.

CTS frame diagram in Wi-Fi

ACK Frame

ACK frames confirm successful receipt of data frames. If no ACK is received, the sender retransmits.

ACK frame structure in 802.11

What Are Data Frames?

Data frames in 802.11 networks carry the actual payload data and support various delivery and QoS mechanisms.

Types of Data Frames

Data frames have a type value of 0x02 and support 15 subtypes, including:

  • Data
  • Data + CF-Ack
  • Data + CF-Poll
  • Data + CF-Ack + CF-Poll
  • Null
  • QoS Data
  • QoS Data + CF-Ack
  • QoS Data + CF-Poll
  • QoS Data + CF-Ack + CF-Poll
  • QoS Null

Common Data Frame Subtypes

Data + CF-Ack

Acknowledges previously received frames alongside sending new data.

802.11 data frame with CF-Ack

Data + CF-Poll

Carries data and requests the recipient to transmit.

802.11 data frame with CF-Poll

Data + CF-Ack + CF-Poll

Sends data, acknowledges prior frames, and requests data.

802.11 data frame with CF-Ack and CF-Poll

Null Frame

Maintains connectivity with the AP without transmitting data.

802.11 Null data frame diagram

QoS Data

Carries traffic prioritized for latency-sensitive applications.

802.11 QoS data frame structure

QoS Data + CF-Ack

Combines QoS delivery with acknowledgement.

QoS data frame with CF-Ack

QoS Data + CF-Poll

Requests the recipient to send data, alongside QoS transmission.

QoS data frame with CF-Poll

QoS Data + CF-Ack + CF-Poll

Sends QoS data, acknowledges, and requests data.

QoS data frame with CF-Ack and CF-Poll

QoS Null

Signals power state or QoS changes without carrying data.

QoS Null frame in 802.11

Conclusion

Control and Data frames are foundational to 802.11 Wi-Fi communication. They coordinate traffic, prevent collisions, conserve power, and ensure quality of service.

By understanding how each frame type functions, network engineers and enthusiasts can analyze, troubleshoot, and optimize wireless network performance more effectively.

Got Questions?

Want to dive deeper or request a specific topic? Leave a comment or join our Discord Community — we’re always happy to talk tech!

FAQ: Control and Data Frames in Wi-Fi **Q: What is the difference between Control and Data frames in 802.11?** A: Control frames manage transmission coordination (e.g., ACKs, RTS/CTS), while Data frames carry actual payload data, often with QoS support. **Q: Why are Block ACKs important in high-throughput networks?** A: They reduce overhead by acknowledging multiple packets at once, improving efficiency. **Q: What is a QoS Null frame used for?** A: It signals power management or QoS parameter changes without transmitting data.



You May Also Enjoy




logo
TheXero

Copyright 2025 TheXero | For Education Purposes Only!