“Connecting with Wi-Fi” is like “Connecting with Whisky”
First, let me start by saying – It’s your whisky, it’s your palate. After sampling a particular whisky, if it turns out you don’t like it, try another. If you find the whisky in your glass tastes better with ginger ale…then keep adding ginger. What matters most, is that YOU enjoy the whisky YOU’RE drinking. Each one of us has an individual sensory experience. Drink your whisky the way you like it…
Don’t let anyone bully you for the way you drink your whisky. Own it!
Alright, enough preamble, let’s uncover some similarities between Wi-Fi and whisky. Prior to tasting whisky, a decision must be made on which whisky to taste first. Imagine sitting at the bar in a whisky lounge with over 500 varieties to choose from. Overwhelmed with choice, you can leverage two processes to aid in your decision – the active approach and the passive approach.
During the passive approach one can observe visual characteristics or properties. By simply looking at the whisky shelves, one can gather information which in turn can be used to determine the appropriate whisky to try first. After analyzing the collected data, various whiskies may be scored based on bottle-shape, bottle-height, bottle-colour, whisky-colour, labelling, volume left in the bottle, distillery or age statement. The passive approach is a one-direction flow and does not require any interaction to gather this information.
Alternatively, active scanning involves probing the bartender for input toward your first selection. You could ask if they serve Glenrothes or Laphroaig. The bartender may respond that in fact they do serve Laphroaig along with a list of the available range: Laphroaig 10, Quarter Cask, Triple Wood, Laphroaig 30, and Laphroaig 30. Your inquiry could describe your preferred flavour profile and ask for a whisky to match. For example, one could be searching for a sherry expression – something with a hint of sulphur or burnt matches on the nose, with a delicious mix of raisins, figs, cinnamon and cloves – basically a sherry bomb.
On the wireless side, a passive or listen-only approach is based upon receiving beacon frames. A beacon frame is transmitted by an access point at regular intervals every 100 time units (~102.4ms) or 10 times per second for every SSID on every radio. Client stations initiate active scans by transmitting a probe request frame which is matched by a probe response from APs listening on that channel. Active scans progress through all channels across the 2.4 and 5 GHz bands. Clients probe on each channel allowing time for a response before moving to the next channel. As a consequence, it can take up to minute before all channels are scanned, just like it may take a while to scan all of the shelves filled with whisky. With more shelves to scan, it takes longer to select which whisky to try first.
The table below lists a small handful of the many possible data points that can be interpreted from beacons, probe frames, or looking at shelves full of whisky. A score is calculated based on one, some, or all of the data points collected. The AP or whisky with the best score wins and is the first one tried.
|Bottle Characteristics||Radio Signal Characteristics|
|Shape||RSSI (Signal Strength)|
|Height||Band (2.4 or 5 or 6 GHz)|
|Whisky colour||QoS support|
|Whisky left in bottle (popularity)||Supported Data Rate(s) (potential for higher throughput)|
|Distillery||# of spatial streams (potential for higher throughput)|
|Age statement||Channel utilization (from APs perspective)|
|Price||Station count (from APs perspective)|
|Region||SNR (quality of Wi-Fi signal)|
|ABV %||Denylist (remember past bad experience on WLAN)|
Shockingly, the best algorithm for scanning across channels or bottles on the shelf isn’t always used. For example some people prefer to scan the column of bottles on the far left, then the column of the bottles on the far right, repeating this left and right scan several times over before finally scanning bottles in the middle of the shelf. As a result, it takes a while before bottles in the middle shelves are scanned. As a result impatient people, may just choose a bottle from the periphery in order to reduce the time taken to select their first dram.
iOS and Android devices, for example, follow a similar sequence to what was described above. The UNII-1 and UNII-3 bands are scanned five times over before finally scanning the UNII-2 (DFS) channels, as shown in the image below. To make this more interesting: think about what happens when a client needs to roam from one AP to another AP. Prior to roaming, clients must identify the preferred next hop AP. How long will channel scanning take? Will patrons select the best bottle in a timely fashion if it’s in the middle of the shelf or will they go thirsty because they took too long to decide the next whisky to try? To avoid this problem altogether, would it better to stick with the same whisky even though it’s no longer the best match for your mood?
Once the winning bottle of whisky has been selected and poured into a glass, it’s ready for the first nosing. Some people like to swirl their spirit around the glass allowing it to interact with the air. This technique may also be used to study a whisky’s “legs” – the drips that form when the liquid recedes from the walls of the glass. This goes beyond the focus of this blog, but suffice it to say that whisky is not wine – I suggest skipping these theatrics and moving directly into nosing your whisky. I do caution against sticking your nose deep into the glass initially. First, hold the glass a short distance from your nose and take a small wiff, then pull away to take a full breath of air. Doing this, helps calibrate your nose. On the next whiff, dive your nose right into the glass for a deep and slow inhale. While sniffing, hunt for subtle smells that trigger memories of past scents. Scents that could be found in your whisky include: fruit, herbs, honey, smoke, cedar, nuts, or malt. Insider tip: Keep your mouth slightly open when inhaling. This helps stop alcohol in the whisky from burning the inside of your nose. A burnt nose limits you from discerning all the individual notes.
The 802.11 protocol uses a state machine to sequence through stages that all stations must transition in order to establish a connection to an AP. I compare the nosing of whisky to the first transition in the 802.11 state machine – authentication. In parallel to the two techniques used to nose whisky, there are two methods available to authenticate within this stage. The first method is called shared authentication and was originally developed to authenticate clients using derivatives of the WEP key. Unfortunately, this method revealed parts of the WEP key making it even easier to guess the original key. As a result, the vast majority of clients today use the open authentication method which simply means there is no authentication. As the authentication step is a mandatory sequence along the 802.11 state machine, it is used today, even though it has little to do with actual authentication (more on that later).
The table below shows progression through the various stages of the state machine as clients establish a connection to an AP. Note, receiving a deauthentication frame at any point in time returns an 802.11 client back to the initial unauthenticated and unassociated state. It’s similar to unplugging your ethernet cable connected to the switch.
|State||802.11 State Machine||Whisky Tasting Experience|
|1||Unauthenticated, Unassociated||Choosing your whisky|
The next step for the whisky connoisseur is to establish a first connection with the whisky. This is done by taking the glass in your hand, lifting it up to your mouth, tilting the glass back and letting the sweet nectar of the gods pour into your mouth. Taste of the whisky comes as it rolls over your tongue while flavour comes from your nose, so remember to breathe. You have now connected with your whisky. As you taste more whiskies you will become familiar with character and remember their unique flavour profiles. Some of the flavour categories you may experience are summarized by the Scotch Malt Whisky Society in the chart below:
On the Wi-Fi side of things, the next transition is the association phase. Clients begin this phase by transmitting an association request frame. An association response frame returned by the AP is a valid response. Once the two association frames are successfully received, clients transition into the authenticated and associated state. This state is the wireless equivalent to plugging an ethernet cable into a switch and seeing the link light. Association frames are used to negotiate capabilities and features supported between clients and APs. Each AP stores the capabilities of currently connected clients in memory, cataloging each client with a unique association ID (AID). You can view advertised capabilities of each client by capturing the association request frame and analyzing the PCAP to discover:
- Supported channels
- Min/max Tx power
- Number of spatial streams
- Support for Tx beam forming (TxBF)
- Voice Enterprise (802.11r, 802.11k, & 802.11v)
- MU-MIMO support
A great community driven database listing client capabilities is run by Mike Albano at clients.mikealbano.com.
At this point, all that remains for the whisky tasting experience is to enjoy the finish as the flavour of whisky lingers on the palate. Flavour can change over time as it fades in the mouth. Some whiskies have a very short finish, lasting only seconds. Other whiskies have long complex finishes, revealing complex layering of flavours – the sign of a well-educated spirit. Longer finishes can go on for minutes allowing time for tasters to unravel those subtle flavour nuances. Some whiskies taste marvelous in the beginning, however their finish evolves into a bitter, hot & spicy finish catching everyone off guard. To some this is offsetting, while others find the contrasting experience comforting. This last description captures how some experience captive portal pages – finally connecting to the Wi-Fi, only to be disillusioned by a frustrating sign-on experience.
An optional state occurs when 802.1X/EAP is implemented on the WLAN. This state is where I would argue true authentication occurs to validate the identity of a client user and/or device. Many different flavours of EAP exist and some implore simple EAP protocols that can be easily defeated. Other EAP protocols are quite robust, however they may require the exchange of several frames between the client and authentication server. Sending multiple frames back and forth extends the time required to complete the authentication process. Using well thought-out and robust EAP protocols allows client devices to securely connect to WLAN infrastructure.
The chart below shows a summary of the call flow used for establishing a connection between a client station and access point.
Remember, just as with tasting whisky, each client has its own sensory experience. Client devices, even within the same model in exactly the same physical space and orientation, will receive or measure different values. An RSSI range of ±3dB within a given model is fairly typical, however the range can be more substantial for some devices. The website RSSICompared.com provides insightful visualizations of the ranges that exist within device models. Just as people experience different flavours and profiles in their whisky, client devices measure and interpret different RSSI and noise floor values from their receiver.