Skip to content
Turna Sec Logo Turna Sec
Wifi Wireless Networking Networking Fundamentals

Taking Off the Wire: How does wireless networking work?

Taking Off the Wire: How does wireless networking work?

Explanation of how wireless networking works.

E

Enes

1 min read

Introduction

Wi-Fi is a family of wireless network protocols based on the IEEE 802.11 family of standards, which are commonly used for local area networking of devices and Internet access, allowing nearby digital devices to exchange data by radio waves. These are the most widely used computer networks, used globally in home and small office networks to link devices and to provide Internet access with wireless routers and wireless access points in public places such as coffee shops, restaurants, hotels, libraries, and airports.

Frame Structure

MAC Header (24 bytes)
  • Frame Control (2 bytes): Contains information about the type of frame and control flags.
    • Protocol Version (2 bits): Indicates the version of the 802.11 protocol being used.
    • Type (2 bits): Specifies the type of frame (Management -> 00, Control -> 01, Data -> 10).
    • Subtype (4 bits): Provides additional information about the frame type (e.g., Beacon, Probe Request).
    • To DS (1 bit): Indicates if the frame is destined for the Distribution System (DS).
    • From DS (1 bit): Indicates if the frame is coming from the Distribution System.
    • More Fragments (1 bit): Indicates if there are more fragments of the frame to follow.
    • Retry (1 bit): Indicates if the frame is a retransmission of a previous frame.
    • Power Management (1 bit): Indicates if the sender is in power-saving mode.
    • More Data (1 bit): Indicates if there are more frames buffered for the recipient.
    • Protected Frame (1 bit): Indicates if the frame body is encrypted.
    • Order (1 bit): Indicates if the frame is being sent in order.
  • Duration/ID (2 bytes): Contains the duration of the frame transmission or an identifier for certain control frames.
  • Address 1 (6 bytes): The MAC address of the receiver.
  • Address 2 (6 bytes): The MAC address of the sender.
  • Address 3 (6 bytes): The MAC address of the destination (used in certain frame types).
  • Sequence Control (2 bytes): Contains the sequence number and fragment number for the frame.
  • Address 4 (6 bytes): The MAC address of the source (used in certain frame types).
  • QoS Control (2 bytes): Contains Quality of Service (QoS) information for the frame (used in QoS data frames).
  • HT Control (4 bytes): Contains High Throughput (HT) information for the frame (used in HT data frames).
Frame Body (variable length)

The 802.11 Frame Body, often called the payload, is the actual cargo hold of the wireless transmission, but its contents shift radically depending on the frame’s core directive. In a standard Data Frame, this variable-length section (capable of holding up to 2312 bytes, though usually hovering around 1500 bytes to mirror Ethernet) contains the encapsulated Layer 3 IP packets.

Frame Check Sequence (4 bytes)

The Frame Check Sequence (FCS) is the final four bytes of the 802.11 frame and acts as the hardware’s ultimate mathematical guillotine. Because unguided radio waves are constantly bombarded by physical interference, bits frequently flip from a 1 to a 0 mid-flight. Before a Wi-Fi radio transmits a frame, its silicon runs the entire header and payload through a rigid algorithm (a 32-bit Cyclic Redundancy Check) and attaches the resulting signature to the very end. When the receiving antenna catches the frame, it performs the exact same math; if the newly calculated signature differs from the attached FCS by even a single microscopic bit, the receiving hardware ruthlessly throws the entire frame in the trash before the operating system ever knows it existed, remaining utterly silent and forcing the sender to try again.

Important Concepts

Some Significant Subtypes

  • Beacon : The Access Point’s rhythmic heartbeat, broadcasted in plaintext ten times a second to announce its network name (SSID), supported ciphers, and the critical TSF timestamp that keeps the entire airspace synchronized.
  • Probe (Request/Response) : Active sonar for Wi-Fi clients; instead of waiting passively for Beacons, a device blasts a Probe Request into the ether to find specific networks, and APs fire back a Probe Response if they match the requested SSID.
  • (De)Authentication : The foundational identity check between a client’s radio and the AP; Authentication begins the cryptographic handshake, while a forged Deauthentication frame acts as a network assassin, mathematically forcing any device to instantly sever its connection.
  • (Dis)Association : The final administrative step where an authenticated client formally registers its MAC address and capabilities into the router’s memory to begin routing actual IP traffic; Disassociation gracefully tears down this logical connection when a client roams to another node.

Sequences
In the chaotic environment of wireless networking, the 12-bit Sequence Number acts as the hardware’s strict deduplication ledger. Because radios operate on the assumption that unacknowledged frames were destroyed in the air, they will blindly retransmit data if a return ACK is lost to interference. To prevent a receiving router from disastrously processing the exact same IP packet twice, this sequence counter stamps every newly generated payload with a unique serial number from 0 to 4095. When a duplicate frame arrives, the receiving silicon cross-references this number and silently throws the redundant packet in the trash before the router’s operating system is even aware of its existence.

Fragmentation
When a wireless network is suffocating under heavy radio interference, attempting to transmit a massive 1500-byte frame becomes mathematically doomed. The longer a radio blasts RF energy into the air, the higher the probability that a random burst of noise will flip a single bit and corrupt the entire payload. To survive this hostile airspace, the hardware engages Fragmentation—acting as a microscopic chainsaw that slices the large IP packet into smaller, bite-sized MAC frames. Because these smaller fragments require significantly less continuous airtime, they have a much higher chance of slipping through the chaos intact. To ensure the original data isn’t lost, the silicon keeps the 12-bit Sequence Number identical across all the pieces to prove they belong to the same parent packet, while a secondary 4-bit Fragment Number sequentially increments, giving the receiving antenna the exact blueprint needed to sew the payload back together on the other side.

Access Control

On a wired Ethernet network, the silicon uses CSMA/CD (Collision Detection). Because it’s a physical copper wire, the network card can transmit an electrical pulse and simultaneously listen to the wire. If it detects a voltage spike, it knows its pulse collided with someone else’s, so it stops.

A Wi-Fi radio cannot do this. A radio antenna is fundamentally half-duplex. When a Wi-Fi card pumps 20 dBm of RF energy out of its antenna to transmit a frame, it completely deafens its own receiver. It is mathematically incapable of hearing a collision while it is speaking.

Because the hardware cannot detect collisions, it has to use a rigid, probabilistic mathematical algorithm to avoid them: CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance).

RTS/CTS (Request to Send / Clear to Send)

Even with carrier sensing, a critical geographical flaw exists in wireless networking known as the Hidden Node Problem: two laptops on opposite sides of a building might hear silence because they cannot detect each other’s radio waves through the walls, causing them to transmit simultaneously and violently collide at the central router. To mathematically resolve this physical blind spot, the hardware relies on the RTS/CTS (Request to Send / Clear to Send) handshake. Instead of blindly firing a massive data payload into the void, a transmitting device first sends a microscopic RTS frame asking the router for a specific amount of uninterrupted airtime. The router immediately responds by broadcasting a CTS frame across the entire airspace, forcing every other receiving antenna to read the requested duration, update their internal network timers, and physically lock down their transmit pins in absolute silence until the transaction is fully complete.

Physical Details

Frequency Bands

  • 2.4 GHz: The physical wavelength of a 2.4 GHz signal is about 4.9 inches (12.5 cm). This longer wave is excellent at pushing its way through concrete, drywall, and human bodies. However, this band is an absolute garbage dump of interference. Bluetooth devices, baby monitors, and the magnetron inside a microwave oven all blast raw RF noise into the exact same 2.4 GHz spectrum, radically raising the noise floor.

  • 5 GHz: The wavelength here is less than half the size (about 2.3 inches / 6 cm). Because the wave is shorter, it carries significantly more kinetic energy, allowing for massive data rates. The fatal flaw? Short waves attenuate rapidly. Instead of penetrating a brick wall, a 5 GHz wave will physically bounce off it, sharply reducing its effective range.

Channels

You cannot just broadcast across an entire frequency band at once; the hardware mathematically slices the band into smaller “Channels”.
In the 5 GHz band, this is relatively easy. There is so much space that the hardware can carve out dozens of clean, non-overlapping channels. The 2.4 GHz band, however, is an infamous engineering disaster.
The IEEE carved the 2.4 GHz band into 11 channels (in the US) or 13 (in Europe).
Because of this rigid physics problem, there are only three mathematically safe channels in the entire 2.4 GHz spectrum: 1, 6, and 11.

Modulation (OFDM & QAM)

How do you actually make a radio wave carry a gigabit of data per second? You manipulate the shape of the wave hundreds of thousands of times per second.
The Multipath Echo: When you transmit a wave indoors, it bounces off desks, walls, and floors. These echoes reach the receiving antenna at slightly different microseconds. If you try to send a single, blazing-fast wave, the echoes of the first bit will smash into the original wave of the second bit, destroying the data (Inter-Symbol Interference).

The OFDM Chainsaw
To survive these echoes, modern Wi-Fi uses Orthogonal Frequency-Division Multiplexing (OFDM). Instead of sending one extremely fast wave, the silicon mathematically slices a single 20 MHz channel into dozens of microscopic “subcarriers.” It transmits the data in parallel, very slowly, across all these tiny subcarriers simultaneously. Because the transmission rate on each individual subcarrier is slow, the echoes have time to dissipate before the next bit arrives.

QAM (Quadrature Amplitude Modulation)
On each of those tiny subcarriers, the hardware actively alters both the Amplitude (height) and the Phase (starting position) of the analog wave. By recognizing microscopic shifts in the wave’s shape, the receiving hardware can decode multiple bits of data (e.g., 1011) from a single RF pulse. The cleaner the air, the denser the QAM constellation, and the higher your megabits per second (Mbps).

Wifi Mesh

Traditional Wi-Fi operates as a strict dictatorship where every single payload must bounce through a central Access Point. The 802.11s Mesh standard fundamentally rewrites this topology by decentralizing the airspace, allowing individual wireless nodes to dynamically route traffic amongst themselves. By embedding a Layer 2 routing protocol (HWMP) directly into the MAC sublayer, the hardware bypasses traditional Layer 3 IP routing entirely to map the physical RF environment. If a router in the mesh physically loses power or suffers crippling interference, the surrounding silicon detects the missing Beacons and instantly recalculates the radio paths, mathematically self-healing the network’s physical layer before the end-user ever experiences a dropped packet.

Back to Blog
Share:

Related Posts