About ghost frames

A recent WiFi Ninjas podcast (part 1 and part 2) is a long interview with Ben Miller about channel utilization, spectrum analysis and data rates. Miller talks also about so-called ghost frames, a concept I don’t understand very well.

A ghost is a preternatural being that haunts the living – ghost frames is a negative term, a statement of trouble, a problem. I tried to make sense of this statement reading Devin Akin’s article on ghost frames, and reopening my CWNA study guide (chapter 8, 802.11 medium access).

This notes are my tentative thoughts on the issue, there are probably mistakes, but writing it in English I feel I can think more clearly. I hope that the people quoted will not take offense for my representation of their ideas.

Ben Miller talks about channel utilization, as measured by a protocol analyzer, versus measuring it with a spectrum analyzer. The latter will show non-wifi RF activity that the protocol analyzer will miss, but there is also a type of pure wifi interference that goes under-reported, which Miller calls ghost frames.

As far as I know, during clear channel assessment (CCA) a radio does signal detect trying to decode a frame preamble as low as 4 dB above the noise floor. If the radio decodes the preamble, it knows that another 802.11 radio is transmitting and it must defer its own transmission to avoid errors. The method for medium access is called the distributed coordination function (DCF) and uses many tools: NAV timer, CCA, backoff timer, interframe spaces. 802.11 is designed to work in an unlicensed spectrum where every STA, even APs, must contend for medium access.

Every 802.11 frame is transmitted at different speeds, with the preamble always transmitted at the lowest rate (1 Mpbs at 2.4 Ghz, 6 Mbps for at Ghz) and the rest of the frame transmitted at the same or higher rate. This ensures backwards compatibility and medium access opportunity for every 802.11 radio, as any radio will decode a preamble regardless of the data rate, and will avoid collisions with other radio transmissions on the medium.

A radio could decode a preamble, but may not decode the remaining part of the frame (header and PSDU) that is transmitted at a higher rate. Think about a legacy device that does not support higher data rates, or a radio located too far away from the transmitting STA. This works as intended, as far as the CCA is concerned.

For example, imagine a BSS with a basic rate of 12 Mbps and a STA (non-member of the BSS) located outside of the 12 Mbps range, but still close enough for supporting 6 Mbps. The STA would decode the preamble of the frames at 6 Mbps by the AP, but not the MPDU at 12 Mbps.

The same STA could also receive a frame from an AP or a client 500m far away, decode the preamble but not the rest of the frame, determine that the channel is busy and follow the DCF as usual.

These are so-called ghost frames: frame preambles that are not followed by data the radio can decode.

So how is this a problem that requires a fancy name? From the point of view of a STA, the protocol works as intended with both ghost and regular frames. But I think that there may be a problem if we shift to the point of view of the network professional analyzing a WLAN.

Protocol analyzers work at L2 to report anything they can decode: information from beacons, probes, MAC headers of unicast frames and so on. Frame preambles belong to L1 and I guess they are out of scope of protocol analyzers.

If I open the WinFi protocol analyzer in my office located downtown Milano I see about 20 distinct BSSID: 80% are from private homes and offices from neighboring buildings. It’s beacons, probes and frames of which WinFi successfully decoded the whole MPDU or at least the MAC header. But what about the many more beacons, probe responses and frames from other BSS too far away to decode fully, but still above 4 dB SNR?

The protocol analyzer cannot decode the rempte AP’s beacons and print their SSID, channel and other details, but their preamble may be decoded and they will impact medium access in my location. A spectrum analyzer can detect this distant APs and feeble frames, they will show just above the noise floor.

Summing up, perhaps the ghost frames problem is that there is some medium contention that is not visible in protocol analyzers (and is not very evident in spectrum analysis) but happens anyway, as intended along the 802.11 standard. DCF and EDCA still are required for every STA to access the medium. This works both ways: as the remote BSSs sends me preambles above 4 dB SNR, it is likely to decode the frame preambles sent from my own BSS.

Ghost frames seem to be a new name for co-channel interfecence (CCI), an issue which is caused by APs and – very often – by clients.

Miller’s suggestion to turn the basic rate down at 6 Mbps (on 5Ghz) before doing a site survey can make some CCI sources readable on the survey software. If it’s an AP from the same infrastructure, perhaps we can tune the transmit power, move it elsewhere or change channel to minimize CCI. Most of the times however CCI is caused by clients, on which there is very limited leverage. If we have no control over the CCI source, like in a multi-tenant environment or dense urban areas, there is value knowing the offending SSID details.

Is the ghost frames an useful concept? I feel that CCI is a more apt term, that is devoid of mystery meanings. I’m planning a series of site surveys in the near future and perhaps will have time to double test – at 6 Mbps basic rate and at 12-24 Mbps rate. I wonder how Ekahau Pro and Sidekick will notice the difference and display useful information.

Even so, I must thank Miller and the WiFi Ninjas podcast, to say nothing of Akin, for the opportunity to learn.

Leave a Reply

Your email address will not be published. Required fields are marked *