Chapter 1 : Wi-Fi FAQs
Expert Level 1 : Development Basics : Building tools, drivers
How to compile & load a Linux kernel ?
How to enable mac80211 during Linux kernel compilation ?
How to enable verbose debugging for mac80211 module ?
How to enable wireless driver for Atheros9k during Linux kernel compilation ?
How to enable wireless driver for Intel-iwlwifi during Linux kernel compilation ?
How to compile & load backport-wireless for Atheros9k ?
How to compile & load backport-wireless for Intel-iwlwifi ?
How to compile & run wpa-supplicant ?
How to compile & run hostapd ?
How to compile & run wireless-tools ?
How to compile & load mac80211-hwsim ?
How to run wpa_supplicant & hostpad with mac80211-hwsim ?
How to compile & run wireshark ?
How to compile & run ping application ?
How to compile & run iperf application ?
How to compile & run iperf3 application ?
How to compile & run iwevent application ?
How to run TCP Uplink in iperf test ?
How to run TCP Downlink in iperf test ?
How to run UDP Uplink in iperf test ?
How to run UDP Downlink in iperf test ?
How to run multicast Uplink in iperf test ?
How to run multicast Downlink in iperf test ?
How to compile & run net-tools ?
How to compile & run tcpdump ?
How to build openWRT image for RPI (Raspberry-PI) and run AP & STA open connection testing ?
Expert Level 2 : Development Basics : Enhancing tools, drivers
Add custom sub-command to “wpa_cli” which performs set & get of a driver level setting
Add custom sub-command to “wpa_cli” which performs set & get of a setting in cfg80211.ko module
Add custom sub-command to “hostapd_cli” which performs set & get of a driver level setting
Add custom sub-command to “hostapd_cli” which performs set & get of a setting in cfg80211.ko module
Add custom sub-command to “iwpriv” which performs set & get of a driver level setting
Add custom sub-command to “iwpriv” which performs set & get of a setting in cfg80211.ko module
Add custom sub-command to “iwlist” which performs set & get of a driver level setting
Add custom sub-command to “iwconfig” which performs set & get of a driver level setting
Add custom sub-command to “iw” which performs set & get of a driver level setting
Add custom sub-command to “iw” which performs set & get of a setting in cfg80211.ko module
Add custom module parameter to “cfg80211” module
Add custom module parameter to “mac80211” module
Add custom module parameter to “ath9k” module
Add a /proc entry support to set & get a driver parameter in “ath9k” module
Expert Level 3 : Development Basics : wpa_supplicant
Prepare code flow for Probe-Request transmission
Prepare code flow for Probe-Response reception and Authentication-Request transmission
Prepare code flow for Authentication-Response reception and Association-Request transmission
Add vendor IE in Probe-Request, Association-Request similar to SSID IE
Add multiple SSID IE elements in Probe-Request, Association-Request
Send De-Authentication packet once every 30 seconds
* Add a configuration parameter called "periodic_deauth=30" in supplicant conf file * If "periodic_deauth=0", then this feature is disabled * If "periodic_deauth=5", then deauth is sent at every 5th second
Send a probe-request every 30 seconds
* Add a configuration parameter called "periodic_probe=30" in supplicant conf file * If "periodic_probe=0", then this feature is disabled * If "periodic_probe=5", then probe is sent at every 5th second
Send De-Authentication packet on reception of Authentication response packet from AP
* Add a configuration parameter called "deauth_on_auth_response_rx" in supplicant conf file * If "deauth_on_auth_response_rx=0", then this feature is disabled * If "deauth_on_auth_response_rx=1", then this feature is enabled
Send De-Authentication packet on reception of Association response packet from AP
* Add a configuration parameter called "deauth_on_assoc_response_rx" in supplicant conf file * If "deauth_on_assoc_response_rx=0", then this feature is disabled * If "deauth_on_assoc_response_rx=1", then this feature is enabled
Expert Level 4 : Development Basics : hostapd
Prepare code flow for Probe-Request reception and Probe-Response transmission
Prepare code flow for Authentication-Request reception and Authentication-Response transmission
Prepare code flow Association-Request reception and Association-Response transmission
Add vendor IE in Beacons, Probe-Response, Assoc-Response similar to SSID IE
Add multiple SSID IE elements in Beacons
Send De-Authentication packet once every 30 seconds
* Add a configuration parameter called "periodic_deauth=30" in hostapd conf file * If "periodic_deauth=0", then this feature is disabled * If "periodic_deauth=5", then deauth is sent at every 5th second
Send De-Authentication packet on reception of Authentication request packet from STA
* Add a configuration parameter called "deauth_on_auth_request_rx" in hostapd conf file * If "deauth_on_auth_request_rx=0", then this feature is disabled * If "deauth_on_auth_request_rx=1", then this feature is enabled
Send De-Authentication packet on reception of Association request packet from STA
* Add a configuration parameter called "deauth_on_assoc_request_rx" in hostapd conf file * If "deauth_on_assoc_request_rx=0", then this feature is disabled * If "deauth_on_assoc_request_rx=1", then this feature is enabled
Expert Level 5 : Development Basics : cfg80211.ko
Add vendor IE in Probe-Request, Association-Request similar to SSID IE
Add multiple SSID IE elements in Probe-Request, Association-Request
Send De-Authentication packet once every 30 seconds
Send a probe-request every 30 seconds
Send De-Authentication packet on reception of Authentication response packet from AP
Send De-Authentication packet on reception of Association response packet from AP
Add vendor IE in Beacons, Probe-Response, Assoc-Response similar to SSID IE
Add multiple SSID IE elements in Beacons
Send De-Authentication packet once every 30 seconds
Send De-Authentication packet on reception of Authentication request packet from STA
Send De-Authentication packet on reception of Association request packet from STA
Expert Level 6 : Development Basics : Debugging facilities
tcpdump
How to filter only Beacon packets in tcpdump ?
How to filter only Probe-request packets in tcpdump ?
How to filter only Probe-response packets in tcpdump ?
How to filter only Authentication packets in tcpdump ?
How to filter only Association request packets in tcpdump ?
How to filter only Association response in tcpdump ?
How to filter only ADDBA-REQ packets in tcpdump ?
How to filter only ADDBA-RESP packets in tcpdump ?
How to filter only Block-ACK packets in tcpdump ?
How to filter only packets with “toDS=1” in tcpdump ?
How to filter only packets with “fromDS=1” in tcpdump ?
Wireshark
How to filter only Beacon packets in wireshark ?
How to filter only Probe-request packets in wireshark ?
How to filter only Probe-response packets in wireshark ?
How to filter only Authentication packets in wireshark ?
How to filter only Association request packets in wireshark ?
How to filter only Association response in wireshark ?
How to filter only ADDBA-REQ packets in wireshark ?
How to filter only ADDBA-RESP packets in wireshark ?
How to filter only Block-ACK packets in wireshark ?
How to filter only packets with “toDS=1” in wireshark ?
How to filter only packets with “fromDS=1” in wireshark ?
Expert Level 7 : Protocol Basics
How does CSMA/CA works ?
What is the difference between CSMA/CA and CSMA/CD ?
What is AP ?
What is STA ?
How to connect AP & STA ?
What are the basic security mechanisms used between AP & STA ?
What is the difference between WPA & WPA2 ?
What is the difference between WPA2 & WPA3 ?
What is the difference between 802.11 a, b, g, n, ac, ax, be, ad ?
What is the difference between active scanning and passive scanning ?
What is the difference between No-Ack and Normal-Ack ?
How does Block-Ack works ?
What is 802.1x & where is it used in wireless ?
What is 802.1D & where is it used in wireless ?
How does 3 address format works ?
How does 4 address format works ?
What is AIFS and where is it used ?
What is TxOP Limit and where is it used ?
What is ACK/CTS timeout and where is it used ?
What is aCWmin & aCWmax and where is it used ?
What are the modulation techniques used in 802.11 b ?
What are the modulation techniques used in 802.11 a ?
What are the modulation techniques used in 802.11 g ?
What are the modulation techniques used in 802.11 n ?
What are the modulation techniques used in 802.11 ac ?
What are the modulation techniques used in 802.11 ax ?
What are the modulation techniques used in 802.11 be ?
What are the modulation techniques used in 802.11 ad ?
What is a channel/frequency ?
What is a frequency band and what frequency bands are used in 802.11 ?
How many channels are allowed in 2.4GHz ?
What is the width of each channel in 2.4GHz ?
What is non-overlapping channel ?
How many channels are allowed in 5GHz ?
What are non-DFS channels in 5GHz ?
What are DFS channels in 5GHz ?
What are the rules to use DFS channels in 5GHz ?
How many channels are allowed in 6GHz ?
What are the allowed bandwidths in 2.4GHz, 5GHz & 6GHz ?
How does legacy power save works ?
How does WMM power save or U-APSD works ?
What is protection mechanism ?
What is the difference between ERP protection and 802.11N protection ?
What is the use of RTS & CTS ?
What is the use of CTS-to-Self ?
What is the use of PS-Poll ?
What is TIM bitmap ?
What is Block-ACK bitmap ?
What is Channel Switch Announcement and why is it used ?
What is null packet or QoS null packet used for ?
Explain the 802.11 header format ?
How many types of packets are defined in 802.11 ?
What is the difference between management packets and control packets ?
In what scenarios single 802.11 ACK packet is used ?
In what scenarios Block-ACK packet is used ?
Are multicast packets ACKed ?
What is the difference between TKIP and AES-CCMP ?
What is the significance of “power management bit” in frame control of 802.11 header ?
What is the significance of “to DS” & “from DS” in frame control of 802.11 header ?
How many packets are exchanged over the air when STA pings AP ?
How many packets are exchanged over the air when STA1 pings STA2 via AP ?
Explain frame exchange seen over the air during UDP downlink ?
Explain frame exchange seen over the air during UDP uplink ?
Explain frame exchange seen over the air during TCP downlink ?
Explain frame exchange seen over the air during TCP uplink ?
What is ARP resolution & why is it needed ?
What is DELBA and when is it triggered ?
What is ADDBA-REQ, ADDBA-RESP and when is it triggered ?
What is DHCP & why is it needed ?
What is Radius server & why is it needed ?
What is RFC1042 header and where is it used in 802.11 ?
What is MSDU ?
What is MPDU ?
What is A-MSDU ?
What is A-MPDU ?
What is PSDU ?
What is PPDU ?
What is the difference between short guard interval and long gaurd interval ?
What is the difference between short slot time and long slot time ?
What is the difference between DIFS and SIFS ?
What is SIFS ?
What is RIFS ?
What is MCS ?
What are the valid MCS indecies used in 802.11n ?
What are the valid MCS indecies used in 802.11ac ?
What are the valid MCS indecies used in 802.11ax ?
What is EQM MCS in 802.11n ?
What is UEQM in 802.11n ?
What is a spatial stream ?
What is the difference between WPS-PIN and WPS-PBC ?
What is TDLS and how does it work ?
What is P2P ?
What is are device rols available in P2P ?
Explain invitation procedure in P2P ?
Explain group reinvokation in P2P ?
What is WPS-PBC overlap ?
What is WSC-DONE in WPS ?
When compared to 2.4GHz channel and 5GHz channel which one has more range ?
What is RSSI ?
What is Tx Power setting ?
What are the different types of antennae used in 802.11 radios ?
What are the antenna specifications to look for when selecting antennae ?
What is roaming and how does it work ?
What is a Distribution system ?
What is the difference between PHY rate and MAC rate ?
What is TSF ?
What is NAV ?
What is backoff algorithm ?
What is QoS ?
How many 802.11 chipset vendors are there & name a few ?
How does Open connection works ?
How does WPA connection works ?
How does WPA2 connection works ?
How does WPA3 connection works ?
How does WEP connection works ?
What is the use of Beacon packet ?
What is the use of Probe-request packet ?
What is the use of authentication packet ?
What is the Association request and Association response packet ?
What is DTIM interval ?
What is the difference between Broadcast, Multicast and Unicast packets ?
Explain functionalities of each layer in OSI model and protocols dedicated for each of these layers
Functionalities of LLC and MAC sublayers in Mac
List station services and Distribution Set services
What are action frames?
Explain when Channel Switch Announcement frame is exchanged and it’s frame bits
Differences in fields for beacon frame and probe response
Why TIM exist only in beacon? Why not in probe response?
Why shared key authentication is not recommended? Explain it’s frame exchanges
Frame differences in disassociation and reassociation frames. Also, scenarios for sending the two
Differences in DCF vs PCF vs HCF
Explain briefly about duration/id field in Mac header
Need for sequence control in Mac header
What is wmm? Map priorities for each Access category
Why TID used in QoS
Significance of EOSP in QoS
Explain all physical and MAC layer enhancements in 80211n
Why frame aggregation is needed? If aggregate, why packets are fragmented in the first place?
Then why not aggregate all frames?
Explain which is better in what scenarios: A-MSDU and A-MPDU
Explain TKIP and CCMP protocols
What is EAP protocol? How does it work?