In our previous post, we started exploring wireless packets by introducing MAC frames and Management Frames. In this article, we’ll dive deeper into Control and Data frames, essential components in 802.11 Wi-Fi networks.
What Are Control Frames?
Control frames in Wi-Fi (802.11) networks are crucial for managing the flow of traffic and ensuring the successful delivery of data frames. Think of them as the traffic controllers of Wi-Fi, regulating who can transmit data and when.
Types of Control Frames in Wi-Fi Networks
Control frames are identified by a type value of 0x01 and a 4-bit subtype, allowing for 16 possible subtypes (0x0000-0x1111). Here are the 14 utilized subtypes in 802.11 networks:
- Reserved (0x0000-0x0010)
- TACK (0x0011)
- Beamforming Report Poll (0x0100)
- VHT HE NDP Announcement (0x0101)
- Control Frame Extension (0x0110)
- Control Wrapper (0x0111)
- Block ACK Request (0x1000)
- Block ACK (0x1001)
- PS-Poll (0x1010)
- Request To Send (0x1011)
- Clear To Send (0x1100)
- Acknowledgement (0x1101)
- Contention Free End (0x1110)
- Contention Free End and Acknowledgement (0x1111)
Control Wrapper Frame
The Control Wrapper frame, defined in the 802.11n standard, carries other control frames and incorporates the High Throughput (HT) control field. This ensures all control frame fields are moved into corresponding fields within the control wrapper frame.
Block Acknowledgement Request (BlockAckReq) and Block Acknowledgement (BlockAck)
Introduced in the 802.11e standard in 2007, the Block Acknowledgement (Block ACK) mechanism improves channel efficiency by allowing multiple QoS data frames to be acknowledged with a single Block ACK frame, rather than acknowledging each frame individually.
To use Block ACK, the requesting device must ensure that the recipient supports this capability. This is done by sending a series of QoS data frames with the NAV reservation set and the Ack Policy subfield in the QoS Control Field set to Block ACK. A Block Acknowledgement Request frame is then sent to acknowledge the outstanding QoS data frames.
PS-Poll Frame
The Power Save Poll (PS-Poll) frame, part of the 802.11e standard’s Automatic Power Save Delivery (APSD), allows devices to conserve power by periodically waking up to check for pending data from the access point and retrieving it if available. This balances energy efficiency with timely data reception.
RTS/CTS Frames
Request To Send (RTS) and Clear To Send (CTS) frames manage the initiation of data transmission. An RTS frame, 20 bytes long, is sent before data transmission, with the Duration field specifying a microsecond value. Listening devices use this to set their NAV timers and avoid transmitting until the timer reaches zero.
RTS Frame
An RTS frame is crucial for initiating communication in busy networks. It serves as a signal to clear the channel for the upcoming data transmission. When a device wants to send data, it first sends an RTS frame to the receiving device, indicating the duration for which the channel will be used.
CTS Frame
Upon processing the RTS frame, the responding device sends a 14-byte CTS control frame, specifying the time available for transmission in the Duration field. This frame serves to acknowledge the RTS frame and inform other devices in the network that they should hold off on transmitting data for the specified duration, thus preventing collisions and ensuring smooth communication.
ACK Frame
Acknowledgement frames (ACK) confirm the receipt of previous packets. If an ACK is not received, the frame will be retransmitted due to a failed CRC checksum (FCS). Broadcast and multicast frames do not require an acknowledgment.
A generic ACK frame is 14 bytes long and looks like this:
What Are Data Frames?
Data frames in Wi-Fi (802.11) networks are used to transmit information across the network.
Types of Data Frames in Wi-Fi Networks
Data frames are identified by a type value of 0x02 and have 15 possible subtypes (0x0000-0x1111). Here are the key subtypes of data frames in 802.11 networks:
- Data: A standard data frame without QoS support.
- Data + CF-Ack: A data frame that includes an acknowledgment of previously received frames.
- Data + CF-Poll: A data frame that requests the recipient to send data.
- Data + CF-Ack + CF-Poll: A data frame that acknowledges previously received frames and requests the recipient to send data.
- Null (no data): A frame with no data payload, often used for maintaining association with the access point.
- QoS Data: A data frame with QoS support.
- QoS Data + CF-Ack: A QoS data frame that includes an acknowledgment of previously received frames.
- QoS Data + CF-Poll: A QoS data frame that requests the recipient to send data.
- QoS Data + CF-Ack + CF-Poll: A QoS data frame that acknowledges previously received frames and requests the recipient to send data.
- QoS Null (no data): A QoS frame with no data payload, indicating a change in QoS parameters or power management state.
- Reserved: Subtypes reserved for future use.
Data Frame Subtypes
Understanding the different subtypes of data frames helps in optimizing the performance and reliability of Wi-Fi networks. Here are some critical data frame subtypes:
Data + CF-Ack
This frame subtype combines standard data transmission with an acknowledgment of previously received frames, ensuring that the communication is confirmed and reliable.
Data + CF-Poll
In addition to carrying data, this frame subtype requests the recipient to send data, facilitating bidirectional communication.
Data + CF-Ack + CF-Poll
This subtype not only transmits data and acknowledges previously received frames but also requests the recipient to send data, ensuring efficient two-way communication.
Null (no data)
A Null data frame contains no payload and is primarily used to maintain an active association with the access point, especially during periods of inactivity.
QoS Data
Quality of Service (QoS) data frames include additional fields to prioritize traffic, ensuring that high-priority applications like voice and video receive the necessary bandwidth and low latency.
QoS Data + CF-Ack
This frame subtype combines QoS data transmission with an acknowledgment of previously received frames, maintaining high-priority communication with confirmation.
QoS Data + CF-Poll
In addition to QoS data transmission, this frame subtype requests the recipient to send data, ensuring efficient use of network resources for high-priority traffic.
QoS Data + CF-Ack + CF-Poll
This subtype not only transmits QoS data and acknowledges previously received frames but also requests the recipient to send data, optimizing bidirectional communication for high-priority traffic.
QoS Null (no data)
A QoS Null frame contains no payload but indicates a change in QoS parameters or power management state, helping to manage network resources efficiently.
Conclusion
In this post, we have explored the critical functions and types of Control and Data frames within 802.11 Wi-Fi networks. By understanding these frames, networking professionals can better manage and troubleshoot wireless communications, ensuring more efficient and reliable network performance. Stay tuned for more in-depth tutorials on wireless networking and other cybersecurity topics.
For more detailed discussions and updates, follow our blog and join the conversation on our Discord. If you have any questions or topics you’d like us to cover, feel free to leave a comment below.