The Mobile Internet’s 5th birthday

T39j Only 5 years ago, the Internet started to get mobile for me with the launch of the first GPRS networks in Germany and the advent of the first GPRS capable phones. What a different world it was compared to today.

I must have been one of the first GPRS users of the network because at this time and phones and networks were in a shaky beta phase at best. The Ericsson T-39 (first picture on the left) was my first GPRS phone. Equipped with a tiny monochrome display, it could bundle two timeslots to give me a blazing download speed of 25 kbit/s. For web browsing I used a Palm III, also with a monochrome display and one of the first embedded web browsers available at the time. Again, pretty much a beta experience but I loved it.

Yesterday, 5 years later, I was sitting in one of Paris’ best cafés, enjoying good company, an ice cream and discussing mobile lifestyle: Instead of bringing a magazine with me to browse through, my Nokia N70 is always with me ready to take pictures, videos and to connect me to people and the Internet. Here I was, reading the latest news using the Opera browser on the phone, when my eMail client informs me of a new eMail of my publisher in which he informs me that the shipping date for my next book will be July 14th. Great! A little while later, I uploaded some pictures in the background to Flickr which I took in the afternoon while reading some interesting blog entries in the mobile RSS reader at the same time. On the network side, UMTS is much more stable than GPRS was only 5 years ago and data rates have improved from the 25 kbit/s of 5 years ago to 384 kbit/s today.

So what are we in for in 5 years from now? Network speeds will certainly be beyond 8 MBit/s in downlink and 2-3 MBit/s in uplink direction. Prices for mobile data will (hopefully) be at a level to attract the general audience and in combination with the increased bandwidth and services such as video up- and download, LDA applications using the Internet connection and built in GPS receivers will make the application landscape even richer.

The football worldcup – coming to a mobile near you

Not that I am the greatest football fan of all times but a recent entry in Christian’s blog has caught my interest: Yahoo has launched a mobile version of their football world cup coverage site and seems to be the official partner of the Fifa. Check it out at the Fifa web page. There’s a link leading to information how to access the mobile site in the middle of their home page. For those of you not living in one of the countries where they offer a free SMS with the link, point your mobile browser to

There’s lots of content on the mobile site already and you can register for sweets like free SMS alerts on goals when your favourite team is playing. Looks like Yahoo sees this as a good opportunity to get people interested in the mobile web and of course what Yahoo is doing in this domain. With all the media hype around the world cup and people being so excited I tend to agree.

I haven’t seen too many mobile offerings for the last Winter Olympics (but I have to admit I didn’t really look for them). So is this the first time such a world wide event also get’s some world wide and free (to what an extend we will see) coverage on the mobile web? I wished there was a similar offer to keep track of what’s going on in Formula 1.

So here we are right in the battle between content providers such as Yahoo and mobile operators to get the attention of mobile users. Let’s see who does a better job. I’ve quickly checked if my home operator (Vodafone Germany) is offering anything similar and how it compares. Looks like they also offer free Goal alerts via SMS but beyond that I didn’t see much. Let’s see how it develops.

Global GSM and European UMTS Rollout Progress

While having visited a colleague in his office yesterday I saw an interesting global map on the wall showing the current global GSM rollout status. The map was different from all other maps I’ve previously seen as countries which adopted GSM technology were not completely filled with a color marking them as "covered". Instead, the map showed the detailed coverage status in each country. The map together with even more detailed continental maps can be found at

Here are some of my personal observations which quite surprised me:

The U.S.: When I last checked two or three years ago, GSM coverage in the U.S. was patchy at best. I still remember checking on Texas and finding an almost empty map. Quite a different picture now.

South America: Except for the rain forests, the continent is well covered with GSM now.

3G Rollout in Europe: The map gives quite a mixed picture varying from country to country. While the UMTS rollout seems to be quite advanced in some countries, there are lots of ‘GSM’ only areas in other countries:

Germany, U.K., Ireland, Sweden, Austria: These countries seem to be pretty well covered with 3G already. I can confirm this for Germany at least where Vodafone has dedicated coverage even in small villages (<5000 people). Nevertheless, it’s still patchy on the countryside. Same goes for Austria.

France: Quite disappointing, the green "GSM only" areas are still substantial. The map seems to be quite accurate as it compares quite well to the official map of Orange, France that can be found here.

Italy: This one is strange, only a couple of yellow "UMTS" patches here and there. But I don’t think the data is up to date in this case as Italy was one of the first countries deploying UMTS and the current Wikipedia entry on Vodafone Italy says that 70% of the population are now covered by UMTS. I tried to find coverage maps on and but it didn’t find any. Is my Italian so bad? If somebody sees maps, please tell me. The only info I found was on On this page you can select you city and a database lookup reveals if there is coverage or not. No maps though… However, many cities I tried which were not covered on the map came back as UMTS covered.

Finland: Another strange case. The land of Nokia, the land of mobile phones and almost no UMTS areas on the map!? Can this really be!? Some of my Finnish readers, please check and comment. A link to a coverage map of a Finnish operator would also be nice…

Offshore: Also take a closer look at the GSM coverage spots in the North sea. They seem to be drilling platforms! Cool!

How the Nokia N80 handles WLAN

Up until now not much is known about how applications on the N80 will be able to use the built in wireless LAN capabilities. When checking the Nokia website today, I saw that the N80 manual can now be downloaded from this link. So I rushed to take a closer look to see if it sheds some light on this topic. And indeed it does!

Basically, the manual says that the use of WLAN is transparent for an application on the phone. Just like for a data connection via GPRS and UMTS, a new access point profile can be created to enter the settings of how to communicate via a WLAN network. Several profiles can be created if different WLAN networks are used, e.g. at home, at work and in public. In an application, a WLAN profile is selected from the already known list of access points that pops up when an application wants to access the network and no default access point has been configured in the application. Instead of only GPRS and UMTS connections the list can now also contain WLAN connections. Quite elegant, it’s completely transparent!

The manual also says that one access point profile can be used by several applications simultaneously. Again, this already works today for GPRS and UMTS connections when two programs such as the browser and the eMail program are used to communicate with the network at the same time.

And here comes the most important part concerning the simultaneous use of the phone in the GSM/UMTS network and WLAN. I quote from the manual on page 14: "You can use wireless LAN during a voice call or when packet data is active". That’s really great news and means that while at home, for example, the phone can be used for incoming (and outgoing) cellular calls simultaneously with an activated VoIP client (SIP, Skype…) via wireless lan.

It looks like my dream of a unified phone at home is close to becoming a reality! I can hardly wait using the Skype client on the phone to call friends while lying on the couch while not missing incoming cellular calls. Hurry up, Skype! Oh, and by the way, don’t forget to support the built in camera 🙂

SIP Update 1: Jukka left a comment that there’s already a built in SIP client in the N80. I completely missed that when browsing for the wireless LAN details in the manual. Indeed, the manual shortly describes that there’s a new menu where to enter the settings for the SIP client and that SIP addresses can now be part of a phone book entry. Would be interesting what can be configured but the manual doesn’t say. So Skype’s got another reason for hurrying up, the competition is already there!

SIP Update 2: The topic keeps developing: Too bad I don’t have an N80 yet so I have to rely on the sparse technical information in the manual. After some more digging I found out that the included SIP client seems to be closely tied into the standard voice call feature. The SIP functionality can be used during a standard voice call to establish a video sharing session via SIP in a packet bearer. While the feature is quite nice it’s not yet what I need to call someboday via VoIP over the WLAN functionality while being at home.

SIP Update 3: A reader has noticed that Nokia is about to release a major software update for the N80 called the N80i, or Internet Edition, whith some additional VoIP capabilities: From the press release: "The VoIP framework (based on the SIP protocol) is integrated into the
Nokia user interface, and the Nokia N80 Internet Edition is allows for
downloading compatible third party internet call applications.". One step closer but we still need a 3rd party client.

Communication Systems for the Mobile Information Society: It’s Almost Ready

I am always amazed of how much fine tuning goes into the production of a book. I delivered the manuscript at the end of January and since then it has been proof-read, the layout has been done and I’ve received the page proofs for final verification. Almost ready for production now. This weekend I’ve sent the final corrections of the page proofs back to the company that does the layout. For those of you who are curious, the book is already listed at Amazon and the listing contains the back cover text which gives some details about the content. Their publishing date of September is a little bit conservative… It should be out much sooner. I’ll keep you posted.

Vodafone 3G Rollout Progress


It’s interesting to see how Vodafone in Germany continues with their 3G rollout. Last year in May I went to their website and took a snapshot of their coverage map of south western Germany. As you can see on picture one, most areas are blue (GSM coverage) with some areas red (UMTS coverage). One year later (April 2006) I’ve taken another snapshot of their coverage map which is shown in the second picture. The red areas representing UMTS coverage have increased by quite a bit. Even small towns with less than 2000 people are now very well covered. Let’s see how it looks like in a year from now.

Bluetooth Q&A

All answers have been held as short as possible and require an understanding and study of the corresponding chapter of the book.

Answer 1:
Bluetooth transfer speeds depend on how many users exchange data in a Piconet, how much data is exchanged by the individual users at a certain time and what kind of multislot packets are used. In the ideal scenario with only two devices in which only one device has a lot of data to send, a peak data rate of 723 kbit/s can be achieved for one of the two devices.

Answer 2:
FHSS (Frequency Hopping Spread Spectrum) sends each packet on a different channel (frequency). This avoids using the same channel for a prolonged amount of time which might already be in use by another network such as a Wireless LAN. FHSS also simplifies device configuration as no channel number has to be selected by the user in the Bluetooth settings. Bluetooth 1.2 introduces adaptive frequency hopping which avoids channels with high error rates caused by parallel transmissions from other networks. This reduces transmission errors and the influence on other networks in the same area while at the same time increasing the overall transmission speed.

Answer 3:
The Inquiry procedure is invoked to search for unknown Bluetooth devices in the area. If a Bluetooth device is visible to other devices it responds to an inquiry packet it detects by sending its device ID. A paging on the other hand is used to directly establish contact with a Bluetooth device which is already known. If a Bluetooth device only wants to be accessible for devices with which it has previously communicated with, it only responds to paging messages and never to inquiries.

Answer 4:
Bluetooth offers a number of power saving mechanisms and states: Connection hold: A device deactivates its transceiver for a certain time. Connection sniff: A device deactivates its transceiver for a certain time but checks at predefined times if the master device wants to resume communication. If not, the device automatically returns to the power save state. Connection park: The devices releases its device address and uses a very long timeout value before checking again if the master device would like to reestablish contact.

Answer 5:
The link manager has the following tasks: Establishment of an ACL, SCO or eSCO connection, configuration of the connection, activation of the enhanced data rate mode, execution of a master-slave roll change procedure, pairing, authentication and ciphering management, adaptive frequency hopping management, and activation of different power save modes when appropriate.

Answer 6:
The L2CAP layer’s protocol service multiplexer is used during connection establishment to select to which of several higher protocol layers to connect to. In addition, an individual connection ID is used on the L2CAP layer for each connection to identify packets. This allows two devices to establish several simultaneous connections between each other for different higher layer applications.

Answer 7:
The service discovery database contains information about all services offered by a Bluetooth device. Other devices can query this database during connection establishment to detect which services are offered and how certain parameters have to be set in order to access them.

Answer 8:
Each Bluetooth profile using the RFCOMM layer has to register with the Service Discovery database. If a remote device wants to use the service offered by the profile it has to query the database in order to retrieve the RFCOMM channel number which has been assigned to this profile. As the number is dynamically allocated the database has to be queried for every new connection.

Answer 9:
Authentication: Two Bluetooth devices are able to authenticate each other if they have previously been paired.
Authorization: This is a security mechanism on the application level and allows to restrict access to applications to certain remote devices. This way it can be ensured that only some of the previously authenticated devices can access certain services. It might be desirable for example that only the notebook of a user can use the dial up connection profile of a phone. Other devices are barred from this profile but are allowed to transfer files from and to the mobile phone.

Answer 10:
Bluetooth is a very versatile communication technology that can be used for a wide variety of different services. This ranges from services like exchange of electronic business cards and images to connecting headsets, mice and keyboards to PCs and tablets. The Bluetooth standard defines a number of profiles to ensure interoperability on the application level. A profile specifies how a service is supposed to work and in which way remote devices can communicate with it.

Answer 11:
The object exchange (OBEX) profile has been designed for a fast and simple transmission of files and objects between two Bluetooth devices. The OBEX profile is the basis for the file transfer profile, the object push profile and the synchronization profile.

Answer 12:
When using the hands-free profile, the hands-free set is only seen as a microphone and loudspeaker extension of the mobile phone. The connection to the network continues to be established by the mobile phone. The SIM access profile does just the opposite. With this profile, the mobile station is only used as a SIM card reader. All other functionalities including the GSM/UMTS transceiver are deactivated. The hands free set then uses the Bluetooth connection to access the SIM card and can perform all transactions between itself and the SIM card just as if the SIM card was directly inserted into the hands free-set. Such hands-free sets are more expensive than those just using the hands-free profile, as they have to contain a complete mobile phone unit including the GSM/UMTS module. This has the advantage, however, that an external antenna can be used. Furthermore, the mobile phone can be configured for the use of both the SIM access profile and the headset profile. While the mobile phone is used in the car, the hands-free set takes over. Once the user leaves the car and takes the mobile phone with him, incoming calls can automatically be redirected to the Bluetooth headset once again. This can not be done as easily with a hands free set in the car supporting the hands-free profile as the phone is unable to decide for incoming calls to which device to establish contact.

Answer 13 (2nd edition):
Removed, no longer relevant.

Answer 13 (3nd edition):
There are significant differences of classic Bluetooth and BLE on the air interface. While BT uses fast frequency hopping and 1 Mhz channels, BLE splits the 2.4 GHz ISM band into 40 channels of 2 MHz each and uses very slow frequency hopping. BLE only uses GFSK modulation and the datarate is not variable but fixed at 1 Mbit/s over a channel. This reduces the datarate to a few tens of kilobytes per second but in return significantly reduces power consumption.

Answer 14:
The aim in BLE is not to establish a transparent channel between two devices but to transfer small amounts of data as power efficiently as possible. Therefore data is transmitted in a way that could be compared to reading and writing variables on a remote system.


All answers have been held as short as possible and require an understanding and study of the corresponding chapter of the book.

Answers for the LTE and VoLTE chapters:

LTE Answer 1:
A 10 MHz FDD LTE channel is split into 600 sub-carriers.

LTE Answer 2:
X2 Handovers are performed directly between two eNodeBs while an S1 handover requires the help of the MME. S1 handovers are only used when two eNodeBs are unable to communicate with each other which should happen rarely in practice.

LTE Answer 3:
The MME performs the subscriber and connection management such as user authentication, location management, bearer establishment, etc. while the Serving-Gateway handles the user data (i.e. the IP packets) that are exchanged between a device and the Internet.

LTE Answer 4:
7 symbols on the time axis and 12 sub-carriers on the frequency access are grouped into a Resource Block which takes 0.5 ms to transmit. Two Resource Blocks are bundled together to form the smallest unit that can be scheduled to a user.

LTE Answer 5:
If the UE is in Idle state it has to use the random access channel to establish a connection to the network. When the network receives the request it assigns uplink resources to the device via the Physical Downlink Control Channel (PDCCH). The UE receives the assignment and can then make use of the assigned resources on the Physical Uplink Shared channel.

LTE Answer 6:
HARQ is a mechanism on Layer 2 of the radio protocol stack and ensures that faulty resource blocks are immediately retransmitted. ARQ works on the RLC layer further up in the protocol stack and ensures that larger chunks of data are repeated in case HARQ fails. While HARQ is always used, ARQ is not used for voice bearers (only IMS VoIP) as there is no time to retransmit complete VoIP packages due to the requirement to have low jitter and delay values for voice packets. For VoIP it is preferable to drop missing packets instead of repeating them.

LTE Answer 7:
A default bearer is usually assigned when the device is switched on. It serves as a bearer for Internet connectivity. A device can have several default bearer simultaneously, e.g. one for Internet connectivity and one bearer for IMS. In practice, devices usually only have one default bearer.

Dedicated bearers are established by services alongside default bearers such as the IMS to ensure a certain quality of service (minimal bandwidth, jitter, delay, precedence over other bearers) for voice, video and other time critical and delay sensitive streams.

LTE Answer 8:
Discontinuous Reception (and Transmission) is very useful in RRC connected state to reduce power consumption. Without DRX a UE has to observe the Downlink Control Channel frequently as resources could be assigned at any time. When DRX is activated the UE can turn off the receiver most of the time and only listen occasionally. This significantly reduces power consumption at the expense of slightly higher latency when data is only transmitted infrequently. Typical DRX values are a few hundred milliseconds for the activation time for DRX (after the reception of the last data frame) and activity times of a few milliseconds during an interval of several hundred milliseconds.

LTE Answer 9:
In Idle state no bearer is established to the network and the UE controls cell changes and changes to other radio networks when running out of LTE coverage autonomously.

LTE Answer 10:
When running out of LTE coverage there are several methods to guide the UE to another radio network (e.g. UMTS). An easy solution is to use a Cell Change Order which tells the UE to which UMTS cell to go. The connection is then interrupted and the UE searches the given cell, reads the system information and performs the required procedure to establish a connection in the other radio technology. This process typically takes a few seconds during which no data can be exchanged. This method is simple for implementing in the network and the mobile device but not suitable for applications such as VoLTE, for which the data bearer should be handed over between radio networks quickly. This is possible with LTE to UMTS (or GSM) handovers as the cell in the target network can be prepared for the incoming UE. The UE is then given specific instructions of how the target cell can be accessed which reduces the outage time to a few hundred milliseconds.

LTE Answer 11:
MME and S-GWs usually have the Gn GPRS interface implemented and can thus act as SGSNs and GGSNs towards 2G/3G PS core network equipment. In other words, they emulate behavior those network nodes understand so no software modifications are required in existing networks. It should be noted that in practice today, most network operators have merged corresponding 2G, 3G and LTE core networks into a single physical node and the interfaces between the logical components are handled internally.

LTE Answer 12:
This is done via the SGs interface which connects the MME to Mobile Switching Centers in the 2G/3G networks to deliver SMS over LTE and to perform a (CS = circuit switched) fallback to GSM or UMTS for incoming (and outgoing) voice calls.

LTE Answer 13:
Internet based voice services can not request special quality of service settings from the mobile core and access network (i.e. dedicated bearers, see above). Depending on the network load this can result in bad voice quality if voice packets are not preferred over other packets (e.g. from web browsing from the same or another UE) in loaded cells. Also, Internet based VoIP services can’t interact with the mobile network to perform handover to GSM or a circuit switched UMTS channel when the edge of a broadband wireless network has been reached. Operator voice services can hand over a call to GSM (Single Radio Voice Call Continuity).

LTE Answer 14:
eNodeBs have to have a high speed link to the core network to accommodate the high speed air interface data traffic. The best option is to use a fiber optic cable. If not available, other options are Ethernet based microwave links or VDSL links.

VoLTE Answer 1:

The main components of the IMS are the Serving Call Session Control Function (S-CSCF) that is the central node that handles all SIP messages. Usually, SIP messages are forwarded to an Application Server (AS) such as the Telephony Application Server that implements telephony functionality. The Proxy-CSCF sits between the S-CSCF and the mobile device and is used for tasks such as generating SIP messages for the UE when the UE is unable to do so (e.g. loss of coverage). The Interrogating CSCF (I-CSCF) is contacted when the UE sends an initial Register. It contacts the HSS (Home Subscriber Server) to get information on the user and then assignes a S-CSCF that will handle all subsequent communication.

VoLTE Answer 2:
During SIP registration an IPSec tunnel is established between the UE and P-CSCF. While encryption is optional, IPSec authentication ensures that only messages from the UE are accepted.

VoLTE Answer 3:
Preconditions are used to inform devices that a dedicated bearer has to be established for the speech path on one or both ends of a connection before a call can be further processed. In the core network, precondition messaging is used to trigger the establishment of the dedicated bearer.

VoLTE Answer 4:
The P-CSCF, which is a mobile network component, inserts the ‘asserted identity’, which is the device’s phone number (MSISDN), into SIP messages sent by the UE and then forwards those enriched SIP messages to the S-CSCF. This prevents the UE from forging its phone number.

VoLTE Answer 5:
As the payload of voice packets are small the IP, UDP, RTP header information makes up a large part of the overall packet. Therefore, header compression is used to significantly reduce this overhead which increases the number of simultaneous calls per cell.

VoLTE Answer 6:
Call forwarding settings are managed via the XCAP protocol between the UE and the network. XCAP is an XML protocol and different call forwarding options such all call forward no reply, call forward not reachable, etc. are XML encoded.

VoLTE Answer 7:
For emergency calls an IMS emergency bearer is established that is independent from the standard IMS bearer that is used for ordinary voice calls. The IMS emergency bearer is established with the highest priority in the radio and core network to guarantee emergency calls a high quality speech and signaling path even in fully loaded networks.

VoLTE Answer 8:
Unlike typical handovers that are controlled by the network, VoLTE to VoWifi handovers are controlled by the mobile device. When the device senses that LTE coverage is about to be lost, it establishes an IPSec tunnel to the evolved Packet Data Gateway (ePDG) and includes information during the tunnel establishment that allows the network to move the existing IMS bearer away from the current MME and S-GW to the ePDG. All IP packets of the connection are then automatically redirected to the ePDG and an ongoing voice call continues with only a short interruption during the redirection process.

VoLTE Answer 9:
VoWifi cellular preferred means that the UE will only connect to the ePDG and move the IMS bearer when no cellular coverage (LTE, 3G, 2G) is available. VoWifi Wifi preferred means that the IMS bearer is moved to Wifi as soon as a suitable Wifi connection is available.

VoLTE Answer 10:
MC-PTT only allows one person in a communication group to speak at a time. A central instance is required to control who is allowed to talk and deny requests from other parties if there is already another speaker in the call.

Wifi Q&A

All answers have been held as short as possible and require an understanding and study of the corresponding chapter of the book.

Answer 1:
Devices communicating in an Ad-Hoc network exchange their data directly with each other. There is no central point in the network, all devices are equal. This mode is used if no WLAN Access Point is available and data needs to be exchanged between two or more devices. The disadvantage of this mode is that each device has to be configured manually. This includes the IP configuration and wireless LAN settings like for example encryption. In the BSS (Basic Service Set) mode on the other hand, an access point is used. Data is not exchanged directly between client devices. Instead each data packet is first sent to the access point and from there to the final destination. This has the disadvantage that the maximum speed is cut in half compared to an Ad-hoc network. The advantage on the other hand, is an increased coverage area of the network, as distant devices can still communicate with each other because they are still in range of the access point. In addition, the access point usually contains a DHCP server which automatically configures the IP stack of other devices in the network when they first register. Furthermore, the access point usually also acts as a bridge to a fixed line network (e.g. the Internet) and fixed line Ethernet client devices.

Answer 2:
A wireless LAN access point is usually equipped with a DHCP server to automatically configure end user devices. In addition, an Access Point is usually also equipped with one or more Ethernet sockets for fixed line Ethernet devices (bridging functionality). Furthermore, many access points act as routers for cable- or DSL modems or even include this functionality. Thus, only a single device is needed to connect fixed and wireless devices with each other and the Internet.

Answer 3:
In an Extended Service Set (ESS), several access points are used which are interconnected via an Ethernet cable (distribution system). All Access Points broadcast the same SSID which enables wireless clients to roam between them. This way, the coverage area of the wireless network can be increased.

Answer 4:
The SSID is the Service Set ID and is used by client devices to identify a wireless network. This way, several independent wireless networks can be operated at a single location. The user typically configures a device by entering the SSID which is then stored in the configuration. Thus, the device automatically remembers which network it should attach to when it is switched on again. The SSID is broadcast in beacon frames which the access point broadcasts several times a second.

Answer 5:
A mobile device can use the power save mode in order to conserve energy while no data is transferred. In order to enter this mode an empty frame has to be sent by the mobile device to the access point, which has the power save bit set to ‘1’ in the header of the frame. Afterwards, the mobile device deactivates its transceiver in order to conserve energy. The access point in turn starts to buffer incoming packets for the device, should there be any during its sleep period. From time to time, the device activates its transceiver again to check the Traffic Indication Map (TIM) which is included in a beacon frame to see if there is incoming data waiting to be delivered. If there is no data, the transceiver is deactivated again and the TIM is checked again after the next sleep period. In case data is available, the mobile device exits the sleep mode and polls the access point for the queued frames.

Answer 6:
Acknowledgement frames are used as transmission on the air interface is much more volatile then over cables. By sending an acknowledgement frame the receiver informs the sender that the packet was received correctly. If no acknowledgement frame is sent or if it is lost the frame is automatically retransmitted.

Answer 7:
The 802.11g standard uses the RTS/CTS mechanism as older 802.11b devices are unable to detect frames which have been sent by using the new modulation and coding schemes offered by the ‘g’ standard. This ensures that older devices do not perceive the channel as free when a frame with an unknown modulation and coding scheme is in the process of being sent. In addition, the RTS/CTS mechanism is also used to avoid the ‘hidden-station’ problem.

Answer 8:
First address: sender, second address: receiver, third address: MAC address of the access point. This is required as a frame is not delivered directly to the destination in a BSS setup but always via the access point.

Answer 9:
The PLCP header of a WLAN frame is always sent at a data rate of 1 MBit/s. This ensures that even distant devices are able to receive this part of the frame correctly. The PLCP header also contains information on the transfer speed, the modulation and the channel coding used for the main part of the frame.

Answer 10:
The theoretical top speed of an 802.11g network is 54 MBit/s. As the frame headers are always sent at a speed of 1 MBit/s, however, the actual top speed is lower. Furthermore, all frames have to pass through the access point which cuts the speed in half if both sender and receiver of a frame are wireless devices. In addition, all frames have to be acknowledged which further reduces the speed. Thus, the top speed that can be achieved between two wireless devices in an 802.11g network is around 12 Mbit/s.

Answer 11:
The Distributed Coordination Function (DCF) is a decentralized approach to control access to the air interface. Collisions on the air interface are seldom but possible as there is no central instance. Furthermore, such an approach is also not able to ensure a certain access time to the air interface and delay. Applications such as Voice over IP, however, highly depend on constant delay times. While a WLAN network is only lightly loaded, this approach is less of a problem. In highly loaded networks on the other hand, voice quality can be degraded.

Answer 12:
One of the weaknesses of the WEP encryption algorithm is the use of the same key for all devices. As the key has to be distributed to all users of the network, potential intruders may have the possibility steal the password. Furthermore, certain parts of the encrypted payload header of each frame are known as it is identical in each frame. In combination with the variant of the RC-4 algorithm used for encrypting the frame, this fact can be exploited to break the encryption by collecting a high number of frames and then applying this knowledge on them. A rough estimation shows that an attacker has to collect about 1.5 GByte of data to be able to break the WEP key.