Sequence Number and Packet Number
Susinder Rajan Gulasekaran
Founder | Wi-Fi Book Author | Senior Member IEEE
The 802.11 MAC header has a Sequence Control field which specifies a 12 bit sequence number field. The sequence number field is used by the receiver to detect duplicate frames, missing frames and to deliver the frames in ascending order of sequence numbers to the higher layer.
The Frame Body field contains the MAC payload to be transmitted. Most wireless networks enable either WPA2 or WPA3 security, in which case the Frame Body is encrypted, and this is indicated by the Protected bit being 1 in the Frame Control field. The encryption algorithm used in WPA2 and WPA3 is AES CCMP. When the frame body is encrypted, it is formatted to include a CCMP header at the beginning, and this CCMP header contains six bit fields PN0, PN1, PN2, PN3, PN4, PN5 which make up a 48 bit packet number.
The packet number field in CCMP header is different from the sequence number field in MAC header and it serves a completely different purpose. During AES CCMP encryption, the packet number is used along with the Pairwise Transient Key (PTK) to generate the encrypted data. The purpose of the packet number field is to ensure that an attacker cannot break the PTK by observing a large number of packets and solving for it. The packet number is therefore incremented for each packet, and this helps prevent replay style of attacks, wherein an attacker simply replays an old packet at a different point in time to exploit vulnerabilities in implementation. The receiver maintains a replay counter which increments every packet and therefore when a frame is being replayed by an attacker, the replay counter will have mismatch with the packet number leading to the packet being dropped. The encrypted data also includes a MIC field (computed using AES CBC MAC algorithm) to check for integrity, therefore an attacker cannot manipulate the packet number field while replaying, as it will fail the MIC check at the receiver.
When a receiver encounters FCS failure it indicates the same in the acknowledgement frame it transmits. The transmitter then retransmits the failed frame. During such retransmissions, the sequence number field stays the same, while the packet number is incremented.
CWNE #493, WiFi expert - Norwegian Armed Forces
2 个月Not to be very picky, but the Sequence Number associate to the sub-MPDUs in the data frame in an TXOP. A 802.11 data frame can consist of one to many MPDUs/sub-MPDIs, but it is still only one frame
Chief Knowledge Officer at NanoCell Networks Pvt. Ltd., Wi-Fi NOW Academy
2 个月Susinder Rajan Gulasekaran nice topic. Interestingly, i have been asked about mulitple links in #wifi7 #MLO. The same sequence number space is used for the same TID in a particular direction, i.e., some frames might use one link and other frames other links.. the UMAC at the receiver has a new role which is to receive the SNs coming from different links and reorder before passing on higher up the stack.. The PN space is also the same and there is a common duplicate detection ..i shall try and summarize and justify in a short video soon..
SR QA Test Engineer, Wifi Systems Engineering & Certifications
2 个月Thank you for clarifying a confusing topic Susinder Rajan Gulasekaran . I have a question regarding the number of retransmitted packets. The number of retransmissions per second under the same conditions can vary between different chipsets. Some APs attempt to retransmit significantly more for packets that weren't successfully delivered, while others try to retransmit much less for undelivered packets. What are the advantages and disadvantages of this difference between APs?