Address fields are present in the MAC header of 802.11 frames. A frame may contain 4 address fields.
Address fields are 6 octets in length. Address fields are used to indicate Source, Transmitter, Destination, Receiver and BSSID. The address could be a unicast, multicast or broadcast address.
Isn't "Source" same as "Transmitter"? Isn't "Destination" same as "Receiver"?.
It depends on the type of frames. They could be same (e.g. in Management frames) or different (in Data frames).
The above diagram illustrates the difference between various addresses.
No, they are not. Only Address1 is mandatory. For e.g, CTS frame only has Address1. The remaining fields are filled based on the the frame.
How is each field used?
Address fields are used based on the type of frames: Control, Management and Data.
The Address fields in Data frames are based on the direction of the frame: "To DS" or "From DS".
Note: In case of A-MSDU, SA and DA are part of A-MSDU sub-headers. BSSID is filled in Address3 and Address4 instead of SA and DA.
Address Fields in Sniffer logs
Lets looks at some sniffer traces and examine the address fields.
Address fields are 6 octets in length. Address fields are used to indicate Source, Transmitter, Destination, Receiver and BSSID. The address could be a unicast, multicast or broadcast address.
Isn't "Source" same as "Transmitter"? Isn't "Destination" same as "Receiver"?.
It depends on the type of frames. They could be same (e.g. in Management frames) or different (in Data frames).
The above diagram illustrates the difference between various addresses.
- SA(Source Address): Source of the data (MSDU) --> STA1
- TA(Transmitter Address) : STA that transmitted the frame --> STA1, AP1, AP2
- RA(Receiver Address) : Immediate recipient of the frame --> AP1, AP2, STA2
- DA(Destination Address) : Final recipient of the data (MSDU) --> STA2
- BSSID (Basic Service Set IDentifier) : Unique identifier of the BSS, e.g, the MAC address of the AP in an infrastructure network --> AP1, AP2
No, they are not. Only Address1 is mandatory. For e.g, CTS frame only has Address1. The remaining fields are filled based on the the frame.
How is each field used?
Address fields are used based on the type of frames: Control, Management and Data.
Control Frames
|
Management Frames
|
Data Frames
|
|
Address1
|
RA
|
RA
|
RA
|
Address2
|
TA(not all)
|
TA
|
TA
|
Address3
|
Not used
|
BSSID
|
BSSID or SA or DA
|
Address4
|
Not used
|
Not used
|
BSSID or SA
|
The Address fields in Data frames are based on the direction of the frame: "To DS" or "From DS".
- "To DS": Set to 1 in all data frames sent from STA to AP
- "From DS": Set to 1 in call data frames sent from AP to STA
- Both "To DS" and "From DS" may be set to 1 if the frame is being relayed between APs.
To DS
|
From DS
|
Address 3
|
Address 4
|
0
|
0
|
BSSID
|
Not used
|
0
|
1
|
SA
|
Not used
|
1
|
0
|
DA
|
Not used
|
1
|
1
|
DA
|
SA
|
Note: In case of A-MSDU, SA and DA are part of A-MSDU sub-headers. BSSID is filled in Address3 and Address4 instead of SA and DA.
Address Fields in Sniffer logs
you can find more information on the website http://wlan-wifi.com/bssid
ReplyDeleteHi Sumanth,
ReplyDeleteVery nice article. Thank you for providing detailed information about addressing mechanism in 802.11.
I have a scenario, where i am not able to understand the Addressing mechanism.The scenario is like
"An access point is connected to a switch with Ethernet connection, to the same switch a station called STA2 is connected. Now one more station STA1 is connected to the AP via wireless interface. Now if i ping from STA1 to STA2 how the packet will reach to STA2". And what are the address fields that src, dst, transmitter and BSID will change.
On the same scenario, if i ping to google.com, from STA1, what the address fields will contain.
please provide me a detailed explanation.
STA2<--->SWITCH<--->AP<--->STA1 , ping sta1 to sta2, sta1 becomes SA and TA, AP becomes RA and TA , sta2 becomes RA & DA. Now you can imagine the address fields at each stage. Also try collecting captures at each stage to analyse and Post your findings :)
DeleteThank you very much for a set of wonderful and useful articles on basics of Wi-Fi. The explanations presented along with sequence diagrams and packet captures are totally helpful. Once again, thank you very much. Hope to see more detailed articles on 802.11ac/ad/ax
ReplyDeleteits useful information, thank you very much for 3-address and 4-address format verification
ReplyDeleteThank you very much for your useful post! Please tell me what software you used in the screenshots? Thank you very much :)
ReplyDeletewireshark i think
DeleteYou didn't mention WDS which utilizing 4 addresses, article good though
ReplyDeleteHi Alex,
ReplyDeleteLast option where both To DS and from DS set to 1 will use 4 addresses.
This comment has been removed by the author.
ReplyDeletehttps://www.mytechunbox.com/2019/06/20-YouTube-Channel-Ideas.html
ReplyDeleteThe Information Used with Use Film You Have Brought Abe Very Wonderful Point Thanks for sharing this post
ReplyDeleteWifi receiver