 | 1 | initial version |
This is a BlockAck response, where a group of MPDUs can be sent together with a single block ACK for the group, instead of one ACK for each data frame. This is an efficiency improvement. It has a sliding window: a start frame (starting sequence number 3 in your picture) and a bitmap, with a bit representing an MPDU (i.e. data frame) by sequence number, starting at the first bit/starting sequence number.
There is a lot of information on the web: https://mrncciew.com/2014/11/01/cwap-802-11-block-ack/
So either you really have missing frames in the group, and the BlockAck response is telling you this, or it is how the sender of the frame has chosen to index the ACKs. Apple devices sometimes do this ; let's say a host sends sequence number 21. If the BlockAck response has a starting sequence number of 21, then only a single bit would be set in the bitmap; all the rest would be zero. Wireshark would then interpret the zeros in the bit mask as missing data, but it really isn't. This is more likely what you see, but no way to know for sure since you only show one frame.
In your case, match up the sequence numbers of the data frames in the trace preceding the BlockAck Response and compare to the bitmap to see if they make sense.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
