While we are all looking up into the 6GHz frequency range i was wondering what was happening on the other side of the frequency range, more specific in the Sub-1GHz space. On November 2, 2021 Wi-Fi Alliance started to certify products for Sub-1 Ghz operation. https://www.wi-fi.org/news-events/newsroom/wi-fi-certified-halow-delivers-long-range-low-power-wi-fi However the amendment was already published by IEEE on May 5, 2017
Because of my interest in the 802.11 standard i was wondering how similar or how different the frames look if we compare Sub-1GHz frames with frames coming from a 2.4/5Ghz access point. In my journey to look for equipment that can perform 802.11ah, or HaLow as they call it also. I was hoping to find some equipment i could get my hands on by checking the Wi-Fi alliance product finder and look for certified hardware. The only hardware that i could find was some development boards, after some research i learned that the Newracom equipment was the easiest to get my hands on. I found them at the Alfa Networks website together with Raspberry Pi 3+ and 4, massive thanks to the people at Newracom for the guidance.
After going through the setup process a few times and with big help from the HaLow support team of Alfa networks i got 2 RPi up and running. Peter MacKenzie also pointed me to a set of wireless security camera’s working on 802.11ah to perform some real live testing. Today i got everything finally working and all was up and running, ready to put my HaLow sniffer to work. I scanned the Sub-1Ghz spectrum and saw some activity on 925MHz.
Almost all frames i captured until now are Action frames with a radiotap header, 802.11 radio information and layer 2 MAC info. From the 802.11 radio information we can see the PHY-type is 802.11ah or S1G and the frequency it was captured on is 925Mhz although it says 9250. In the 900MHz spectrum we notice S1G is usign OFDM-based waveforms to send information through the air. S1G is built upon the 802.11ac standard, all frames captured so far contain A-MPDU information and
In the S1G section of the radiotap header we can see the PPDU format of the S1G frame, it has a channel width of 2MHz and is using a long guard interval.
These are my first observations from my first 802.11ah frame captures, i will be testing a lot more on performance and security on 802.11ah equipment. There is more to come in the next coming days or weeks …
If you find errors or when you have remarks, do not hesitate to contact me and i will update the information
Thank you Han for sharing your knowledge. Can you pls upload captured packet file also?
What kind of device do you use to sniff HaLow? Is it supported by Wireshark?
Hi Eka, i have used a Raspberry Pi 4 with a HaLow HAT module