Chapter 1 : Wi-Fi FAQs

Expert Level 1 : Development Basics : Building tools, drivers

  1. How to compile & load a Linux kernel ?

  2. How to enable mac80211 during Linux kernel compilation ?

  3. How to enable verbose debugging for mac80211 module ?

  4. How to enable wireless driver for Atheros9k during Linux kernel compilation ?

  5. How to enable wireless driver for Intel-iwlwifi during Linux kernel compilation ?

  6. How to compile & load backport-wireless for Atheros9k ?

  7. How to compile & load backport-wireless for Intel-iwlwifi ?

  8. How to compile & run wpa-supplicant ?

  9. How to compile & run hostapd ?

  10. How to compile & run wireless-tools ?

  11. How to compile & load mac80211-hwsim ?

  12. How to run wpa_supplicant & hostpad with mac80211-hwsim ?

  13. How to compile & run wireshark ?

  14. How to compile & run ping application ?

  15. How to compile & run iperf application ?

  16. How to compile & run iperf3 application ?

  17. How to compile & run iwevent application ?

  18. How to run TCP Uplink in iperf test ?

  19. How to run TCP Downlink in iperf test ?

  20. How to run UDP Uplink in iperf test ?

  21. How to run UDP Downlink in iperf test ?

  22. How to run multicast Uplink in iperf test ?

  23. How to run multicast Downlink in iperf test ?

  24. How to compile & run net-tools ?

  25. How to compile & run tcpdump ?

  26. How to build openWRT image for RPI (Raspberry-PI) and run AP & STA open connection testing ?

Expert Level 2 : Development Basics : Enhancing tools, drivers

  1. Add custom sub-command to “wpa_cli” which performs set & get of a driver level setting

  2. Add custom sub-command to “wpa_cli” which performs set & get of a setting in cfg80211.ko module

  3. Add custom sub-command to “hostapd_cli” which performs set & get of a driver level setting

  4. Add custom sub-command to “hostapd_cli” which performs set & get of a setting in cfg80211.ko module

  5. Add custom sub-command to “iwpriv” which performs set & get of a driver level setting

  6. Add custom sub-command to “iwpriv” which performs set & get of a setting in cfg80211.ko module

  7. Add custom sub-command to “iwlist” which performs set & get of a driver level setting

  8. Add custom sub-command to “iwconfig” which performs set & get of a driver level setting

  9. Add custom sub-command to “iw” which performs set & get of a driver level setting

  10. Add custom sub-command to “iw” which performs set & get of a setting in cfg80211.ko module

  11. Add custom module parameter to “cfg80211” module

  12. Add custom module parameter to “mac80211” module

  13. Add custom module parameter to “ath9k” module

  14. Add a /proc entry support to set & get a driver parameter in “ath9k” module

Expert Level 3 : Development Basics : wpa_supplicant

  1. Prepare code flow for Probe-Request transmission

  2. Prepare code flow for Probe-Response reception and Authentication-Request transmission

  3. Prepare code flow for Authentication-Response reception and Association-Request transmission

  4. Add vendor IE in Probe-Request, Association-Request similar to SSID IE

  5. Add multiple SSID IE elements in Probe-Request, Association-Request

  6. Send De-Authentication packet once every 30 seconds

    * Add a configuration parameter called "periodic_deauth=30" in supplicant conf file
    * If "periodic_deauth=0", then this feature is disabled
    * If "periodic_deauth=5", then deauth is sent at every 5th second
    
  7. Send a probe-request every 30 seconds

    * Add a configuration parameter called "periodic_probe=30" in supplicant conf file
    * If "periodic_probe=0", then this feature is disabled
    * If "periodic_probe=5", then probe is sent at every 5th second
    
  8. Send De-Authentication packet on reception of Authentication response packet from AP

    * Add a configuration parameter called "deauth_on_auth_response_rx" in supplicant conf file
    * If "deauth_on_auth_response_rx=0", then this feature is disabled
    * If "deauth_on_auth_response_rx=1", then this feature is enabled
    
  9. Send De-Authentication packet on reception of Association response packet from AP

    * Add a configuration parameter called "deauth_on_assoc_response_rx" in supplicant conf file
    * If "deauth_on_assoc_response_rx=0", then this feature is disabled
    * If "deauth_on_assoc_response_rx=1", then this feature is enabled
    

Expert Level 4 : Development Basics : hostapd

  1. Prepare code flow for Probe-Request reception and Probe-Response transmission

  2. Prepare code flow for Authentication-Request reception and Authentication-Response transmission

  3. Prepare code flow Association-Request reception and Association-Response transmission

  4. Add vendor IE in Beacons, Probe-Response, Assoc-Response similar to SSID IE

  5. Add multiple SSID IE elements in Beacons

  6. Send De-Authentication packet once every 30 seconds

    * Add a configuration parameter called "periodic_deauth=30" in hostapd conf file
    * If "periodic_deauth=0", then this feature is disabled
    * If "periodic_deauth=5", then deauth is sent at every 5th second
    
  7. Send De-Authentication packet on reception of Authentication request packet from STA

    * Add a configuration parameter called "deauth_on_auth_request_rx" in hostapd conf file
    * If "deauth_on_auth_request_rx=0", then this feature is disabled
    * If "deauth_on_auth_request_rx=1", then this feature is enabled
    
  8. Send De-Authentication packet on reception of Association request packet from STA

    * Add a configuration parameter called "deauth_on_assoc_request_rx" in hostapd conf file
    * If "deauth_on_assoc_request_rx=0", then this feature is disabled
    * If "deauth_on_assoc_request_rx=1", then this feature is enabled
    

Expert Level 5 : Development Basics : cfg80211.ko

  1. Add vendor IE in Probe-Request, Association-Request similar to SSID IE

  2. Add multiple SSID IE elements in Probe-Request, Association-Request

  3. Send De-Authentication packet once every 30 seconds

  4. Send a probe-request every 30 seconds

  5. Send De-Authentication packet on reception of Authentication response packet from AP

  6. Send De-Authentication packet on reception of Association response packet from AP

  7. Add vendor IE in Beacons, Probe-Response, Assoc-Response similar to SSID IE

  8. Add multiple SSID IE elements in Beacons

  9. Send De-Authentication packet once every 30 seconds

  10. Send De-Authentication packet on reception of Authentication request packet from STA

  11. Send De-Authentication packet on reception of Association request packet from STA

Expert Level 6 : Development Basics : Debugging facilities

tcpdump

  1. How to filter only Beacon packets in tcpdump ?

  2. How to filter only Probe-request packets in tcpdump ?

  3. How to filter only Probe-response packets in tcpdump ?

  4. How to filter only Authentication packets in tcpdump ?

  5. How to filter only Association request packets in tcpdump ?

  6. How to filter only Association response in tcpdump ?

  7. How to filter only ADDBA-REQ packets in tcpdump ?

  8. How to filter only ADDBA-RESP packets in tcpdump ?

  9. How to filter only Block-ACK packets in tcpdump ?

  10. How to filter only packets with “toDS=1” in tcpdump ?

  11. How to filter only packets with “fromDS=1” in tcpdump ?

Wireshark

  1. How to filter only Beacon packets in wireshark ?

  2. How to filter only Probe-request packets in wireshark ?

  3. How to filter only Probe-response packets in wireshark ?

  4. How to filter only Authentication packets in wireshark ?

  5. How to filter only Association request packets in wireshark ?

  6. How to filter only Association response in wireshark ?

  7. How to filter only ADDBA-REQ packets in wireshark ?

  8. How to filter only ADDBA-RESP packets in wireshark ?

  9. How to filter only Block-ACK packets in wireshark ?

  10. How to filter only packets with “toDS=1” in wireshark ?

  11. How to filter only packets with “fromDS=1” in wireshark ?

Expert Level 7 : Protocol Basics

  1. How does CSMA/CA works ?

  2. What is the difference between CSMA/CA and CSMA/CD ?

  3. What is AP ?

  4. What is STA ?

  5. How to connect AP & STA ?

  6. What are the basic security mechanisms used between AP & STA ?

  7. What is the difference between WPA & WPA2 ?

  8. What is the difference between WPA2 & WPA3 ?

  9. What is the difference between 802.11 a, b, g, n, ac, ax, be, ad ?

  10. What is the difference between active scanning and passive scanning ?

  11. What is the difference between No-Ack and Normal-Ack ?

  12. How does Block-Ack works ?

  13. What is 802.1x & where is it used in wireless ?

  14. What is 802.1D & where is it used in wireless ?

  15. How does 3 address format works ?

  16. How does 4 address format works ?

  17. What is AIFS and where is it used ?

  18. What is TxOP Limit and where is it used ?

  19. What is ACK/CTS timeout and where is it used ?

  20. What is aCWmin & aCWmax and where is it used ?

  21. What are the modulation techniques used in 802.11 b ?

  22. What are the modulation techniques used in 802.11 a ?

  23. What are the modulation techniques used in 802.11 g ?

  24. What are the modulation techniques used in 802.11 n ?

  25. What are the modulation techniques used in 802.11 ac ?

  26. What are the modulation techniques used in 802.11 ax ?

  27. What are the modulation techniques used in 802.11 be ?

  28. What are the modulation techniques used in 802.11 ad ?

  29. What is a channel/frequency ?

  30. What is a frequency band and what frequency bands are used in 802.11 ?

  31. How many channels are allowed in 2.4GHz ?

  32. What is the width of each channel in 2.4GHz ?

  33. What is non-overlapping channel ?

  34. How many channels are allowed in 5GHz ?

  35. What are non-DFS channels in 5GHz ?

  36. What are DFS channels in 5GHz ?

  37. What are the rules to use DFS channels in 5GHz ?

  38. How many channels are allowed in 6GHz ?

  39. What are the allowed bandwidths in 2.4GHz, 5GHz & 6GHz ?

  40. How does legacy power save works ?

  41. How does WMM power save or U-APSD works ?

  42. What is protection mechanism ?

  43. What is the difference between ERP protection and 802.11N protection ?

  44. What is the use of RTS & CTS ?

  45. What is the use of CTS-to-Self ?

  46. What is the use of PS-Poll ?

  47. What is TIM bitmap ?

  48. What is Block-ACK bitmap ?

  49. What is Channel Switch Announcement and why is it used ?

  50. What is null packet or QoS null packet used for ?

  51. Explain the 802.11 header format ?

  52. How many types of packets are defined in 802.11 ?

  53. What is the difference between management packets and control packets ?

  54. In what scenarios single 802.11 ACK packet is used ?

  55. In what scenarios Block-ACK packet is used ?

  56. Are multicast packets ACKed ?

  57. What is the difference between TKIP and AES-CCMP ?

  58. What is the significance of “power management bit” in frame control of 802.11 header ?

  59. What is the significance of “to DS” & “from DS” in frame control of 802.11 header ?

  60. How many packets are exchanged over the air when STA pings AP ?

  61. How many packets are exchanged over the air when STA1 pings STA2 via AP ?

  62. Explain frame exchange seen over the air during UDP downlink ?

  63. Explain frame exchange seen over the air during UDP uplink ?

  64. Explain frame exchange seen over the air during TCP downlink ?

  65. Explain frame exchange seen over the air during TCP uplink ?

  66. What is ARP resolution & why is it needed ?

  67. What is DELBA and when is it triggered ?

  68. What is ADDBA-REQ, ADDBA-RESP and when is it triggered ?

  69. What is DHCP & why is it needed ?

  70. What is Radius server & why is it needed ?

  71. What is RFC1042 header and where is it used in 802.11 ?

  72. What is MSDU ?

  73. What is MPDU ?

  74. What is A-MSDU ?

  75. What is A-MPDU ?

  76. What is PSDU ?

  77. What is PPDU ?

  78. What is the difference between short guard interval and long gaurd interval ?

  79. What is the difference between short slot time and long slot time ?

  80. What is the difference between DIFS and SIFS ?

  81. What is SIFS ?

  82. What is RIFS ?

  83. What is MCS ?

  84. What are the valid MCS indecies used in 802.11n ?

  85. What are the valid MCS indecies used in 802.11ac ?

  86. What are the valid MCS indecies used in 802.11ax ?

  87. What is EQM MCS in 802.11n ?

  88. What is UEQM in 802.11n ?

  89. What is a spatial stream ?

  90. What is the difference between WPS-PIN and WPS-PBC ?

  91. What is TDLS and how does it work ?

  92. What is P2P ?

  93. What is are device rols available in P2P ?

  94. Explain invitation procedure in P2P ?

  95. Explain group reinvokation in P2P ?

  96. What is WPS-PBC overlap ?

  97. What is WSC-DONE in WPS ?

  98. When compared to 2.4GHz channel and 5GHz channel which one has more range ?

  99. What is RSSI ?

  100. What is Tx Power setting ?

  101. What are the different types of antennae used in 802.11 radios ?

  102. What are the antenna specifications to look for when selecting antennae ?

  103. What is roaming and how does it work ?

  104. What is a Distribution system ?

  105. What is the difference between PHY rate and MAC rate ?

  106. What is TSF ?

  107. What is NAV ?

  108. What is backoff algorithm ?

  109. What is QoS ?

  110. How many 802.11 chipset vendors are there & name a few ?

  111. How does Open connection works ?

  112. How does WPA connection works ?

  113. How does WPA2 connection works ?

  114. How does WPA3 connection works ?

  115. How does WEP connection works ?

  116. What is the use of Beacon packet ?

  117. What is the use of Probe-request packet ?

  118. What is the use of authentication packet ?

  119. What is the Association request and Association response packet ?

  120. What is DTIM interval ?

  121. What is the difference between Broadcast, Multicast and Unicast packets ?

  122. Explain functionalities of each layer in OSI model and protocols dedicated for each of these layers

  123. Functionalities of LLC and MAC sublayers in Mac

  124. List station services and Distribution Set services

  125. What are action frames?

  126. Explain when Channel Switch Announcement frame is exchanged and it’s frame bits

  127. Differences in fields for beacon frame and probe response

  128. Why TIM exist only in beacon? Why not in probe response?

  129. Why shared key authentication is not recommended? Explain it’s frame exchanges

  130. Frame differences in disassociation and reassociation frames. Also, scenarios for sending the two

  131. Differences in DCF vs PCF vs HCF

  132. Explain briefly about duration/id field in Mac header

  133. Need for sequence control in Mac header

  134. What is wmm? Map priorities for each Access category

  135. Why TID used in QoS

  136. Significance of EOSP in QoS

  137. Explain all physical and MAC layer enhancements in 80211n

  138. Why frame aggregation is needed? If aggregate, why packets are fragmented in the first place?

  139. Then why not aggregate all frames?

  140. Explain which is better in what scenarios: A-MSDU and A-MPDU

  141. Explain TKIP and CCMP protocols

  142. What is EAP protocol? How does it work?