While we are all looking up into the 6GHz frequency range i was wondering what was happening on the other side of the frequency range, more specific in the Sub-1GHz space. On November 2, 2021 Wi-Fi Alliance started to certify products for Sub-1 Ghz operation. https://www.wi-fi.org/news-events/newsroom/wi-fi-certified-halow-delivers-long-range-low-power-wi-fi However the amendment was already published by IEEE on May 5, 2017
Because of my interest in the 802.11 standard i was wondering how similar or how different the frames look if we compare Sub-1GHz frames with frames coming from a 2.4/5Ghz access point. In my journey to look for equipment that can perform 802.11ah, or HaLow as they call it also. I was hoping to find some equipment i could get my hands on by checking the Wi-Fi alliance product finder and look for certified hardware. The only hardware that i could find was some development boards, after some research i learned that the Newracom equipment was the easiest to get my hands on. I found them at the Alfa Networks website together with Raspberry Pi 3+ and 4, massive thanks to the people at Newracom for the guidance.
After going through the setup process a few times and with big help from the HaLow support team of Alfa networks i got 2 RPi up and running. Peter MacKenzie also pointed me to a set of wireless security camera’s working on 802.11ah to perform some real live testing. Today i got everything finally working and all was up and running, ready to put my HaLow sniffer to work. I scanned the Sub-1Ghz spectrum and saw some activity on 925MHz.
Almost all frames i captured until now are Action frames with a radiotap header, 802.11 radio information and layer 2 MAC info. From the 802.11 radio information we can see the PHY-type is 802.11ah or S1G and the frequency it was captured on is 925Mhz although it says 9250. In the 900MHz spectrum we notice S1G is usign OFDM-based waveforms to send information through the air. S1G is built upon the 802.11ac standard, all frames captured so far contain A-MPDU information and
In the S1G section of the radiotap header we can see the PPDU format of the S1G frame, it has a channel width of 2MHz and is using a long guard interval.
These are my first observations from my first 802.11ah frame captures, i will be testing a lot more on performance and security on 802.11ah equipment. There is more to come in the next coming days or weeks …
If you find errors or when you have remarks, do not hesitate to contact me and i will update the information