IEEE 802.11 (WiFi) has been used in most of the laptops, smartphones, tablets. The widespread use of WiFi has led to extensive research interests in the area of localization, security, sensing and produced massive successful research outcomes. This paper summarizes some hardware and software resources for WiFi for the research purpose.
Strictly speaking, IEEE 802.11 is the standard by IEEE and WiFi is a trademark of the WiFi alliance. However, they are used interchangably in this post.
IEEE 802.11 standard defines the physcai layer and media access control (MAC) layer protocols. It has undergone a number of amendments in the last twenty years, since its first release in 1997. A complete list of the IEEE 802.11 amendments is summarized at wikipedia.
The main physical layer amendments include 802.11b (1999, DSSS), 802.11a (1999, OFDM, 5 GHz), 802.11g (2003, OFDM, 2.4 GHz), 802.11n (2009, MIMO OFDM, high throughput), 802.11ac (2013, MIMO OFDM, very high throughput), 802.11 ax(est late 2019, high efficiency).
IEEE 802.11 OFDM Receiver Design
- Check this paper Performance Assessment of IEEE 802.11p with an Open Source SDR-Based Prototype for the receiver design, including time synchronization, frequency offest estimation, channel estimation, etc.
- Check OpenOFDM about the receiver algorithms.
WiFi use CSMA/CA as the MAC layer protocol.
- Control frames
- Management frames
- Data frames
Testbed and Implementations
- openwifi is an SDR (Software Defined Radio) implementation for IEEE802.11/Wi-Fi design with Linux mac80211 compatible full-stack.
- zynq FPGA + FMCOMMS2/3/4 RF board
- For Chinese user, there is a presentation video introducing openwifi by Dr. Jiao.
There is an 802.11 reference design implemented for WARP boards, which is compatible with the commercial WiFi. An experimental framework is implemented by Python for the research development. The available variables/parameters can be found here, among which the CSI is made public.
WARP is being actively used for research in many areas like power management, architectures for wireless receivers, physical layer algorithms, access protocols, routing and cognitive radios.
A list of papers using WARP can be found at here.
PLEASE NOTE WARP IS DISCONTINUED.
Network Interface Cards CSI Extraction
The commercial network interface cards (NICs) only provide received signal strength indicator (RSSI) but not channel state information (CSI). RSSI represents the received power which is averaged over a packet, thus it is a coarse grained parameter. On the other hand, CSI is a fine grained parameter, and offers detailed channel response over different frequencies/subcarriers, when OFDM-based technique is used.
There are some CSI extraction tools for the commercial NICs.
Intel 5300 NIC
There is the Linux 802.11n CSI Tool for Intel 5300 NIC. This Intel NIC together with the CSI tool have been used extensively by researchers and led to many excellent research papers. A list of the relevant publications can be found at link.
Please note PCI-e interface is required for these NICs.
Braodcom WiFi Chipsets
- nexmon csi
- WiFiEye - an Interactive Real-Time Workflow for WiFi-Based Sensing
- Reverse-engineering Broadcom wireless chipsets
ESP32 CSI Toolkit
Matlab WLAN Toolbox
The Matlab WLAN Toolbox is very powerful. There are many useful functions and examples. Both PHY and MAC layers are supported. I strongly suggest to test your idea and algorithms using this Toolbox before you do it with real hardware.
Scapy is a Python program that enables the user to send, sniff and dissect and forge network packets. This capability allows construction of tools that can probe, scan or attack networks.
There is a library supporting IEEE 802.11.
- Fake a WLAN connection via Scapy
- Generating WiFi communication in Scapy tool CWAP 802.11- Probe Request/Response
- WiFi Karma: A Brief Guide On Probe Response Frames
- What is radiotap? link
- Download Link
- Wireshark User Guide
Wireshark is a network packet analyzer. A network packet analyzer presents captured packet data in as much detail as possible. You could think of a network packet analyzer as a measuring device for examining what’s happening inside a network cable, just like an electrician uses a voltmeter for examining what’s happening inside an electric cable (but at a higher level, of course).
Set the operating mode of the device, which depends on the network topology. The mode can be Ad-Hoc (network composed of only one cell and without Access Point), Managed (node connects to a network composed of many Access Points, with roaming), Master (the node is the synchronisation master or acts as an Access Point), Repeater (the node forwards packets between other wireless nodes), Secondary (the node acts as a backup master/repeater), Monitor (the node is not associated with any cell and passively monitor all packets on the frequency) or Auto.