wifi explorer

CTS 131: 802.11 Authentication and Association

What frame exchanges are part of a device joining an SSID?

CWS & CWT Book Giveaway

We’re raffling off a two bundles of the CWS & CWT books from CWNP. Two winners will get a copy of each book. If you’re getting into Wi-Fi or would like to know the fundamentals so you can sell Wi-Fi then this is a good resource to use. All you have to do is fill out the form below.

Meet Dustin Johnson

Our feature wireless engineer for this episode is Dustin Johnson. We ran into him at Cisco Live by accident and he happens to be a listener of the show! Listen to the episode to hear him answer François’ 10 questions.

Dustin Johnson of Wal-Mart

802.11 Authentication and Association

How does the station (STA) and access point agree to this connection? We’re going to break down the steps and the frames that are part of a STA connecting to an access point.

We have one STA connecting to an open SSID. The summary of it all is as follows:

  • STA is unauthenticated and unassociated
  • STA becomes authenticated and unassociated
  • STA becomes authenticated and associated
  • STA clears security requirements such as 802.1X, if required

Summary of frame exchanges

Beacon/Probe

The STA begins the process by performing a passive or active scan. In passive mode, the STA is listening for beacons from an access point. The beacon frame contains the BSSID which is the MAC address of the radio sourcing from the access point.
The beacon frame is a type of management frame defined in 802.11-2016. It includes capability information and parameters.

A probe is sourced from the STA requesting to join a wireless network. This is a probe request management frame. The probe is responded by an access point using a probe response management frame.

Frame exchange in 802.11 authentication and association

Authentication

The probing/scanning phase is part of the unauthenticated and unassociated step. The STA has not authenticated with the access point and also is not associated with the access point. Think of authentication as plugging a computer into a port on a switch.

The STA must be authenticated to the access point before it is associated. It sounds backwards. These are the two states in this phase and it must be done in this order.

  • Unauthenticated or authenticated.
  • Unassociated or associated.

To begin the Authentication step, the STA sends an Authentication wireless management frame to the access point. The access point responds with an Acknowledgement frame.

The access point will acknowledge the Authentication frame from the STA and upon successful authentication, the access point will send an authentication frame to the STA with an Authentication Sequence with a State of 2, for success.

Access point sends an Authentication frame with a state of 2, for Successful.

Association

Once the STA is authenticated to the access point, the next step is to become Associated. The Association occurs after the Shared Key Authentication or Open System Authentication Algorithm. There cannot be a STA that is Associated but not Authenticated. If the STA fails Authentication, it does not move to Association.

After the the access point sends an Acknowledgement to the STA’s Authentication Response, the STA sends an Association Request.

The Association Request is Acknowledged by the access point which then sends an Association Response frame to the STA.

If the association is successful, the access point’s Association Response frame will contain a Status code: Successful.

The details within an Association Response include:

  • Capabilities Information such as
    • Supported Data Rates
    • HT Capabilities
    • HT Information such as the Primary Channel
    • WMM information
    • And more..

If the Status code is anything other than Successful, then the STA is deauthenticated.

Links And Resources

CTS 090: Don’t Contain Me, Bro!

Containment of a WLAN is the act of shutting it down! We discuss how you can find out if you’re being contained.

This episode is sponsored by Metageek

Sponsored by Metageek

WLAN containment is not a situation you want to deal with. The symptom you’ll see are devices dropping from your WLAN. When they are disconnected, they often stay disconnected. Sometimes those devices won’t be able to connect at all to your WLAN.

What is happening? Another network is containing your WLAN. This happens by sending deauthentication frames to devices connected to your WLAN or by sending broadcasted deauthetication frames.

You can troubleshoot this issue using the following tools:

Troubleshooting WLAN Containment

How do you know if containment is happening? Using Airtool, capture frames on your operating channels. After 5 minutes of capturing, open up the pcap in Wireshark.

Use this filter to show all deauthentication frames:

wlan.fc.type_subtype == 0x000c

Take note of the source BSSID. You may get lucky and find out who is containing your WLAN. Copy the BSSID and paste it into WiFi Explorer. If that same BSSID is broadcasting beacons for its own WLAN you will see it.

That’s how I used Airtool, Wireshark, and WiFi Explorer to find the source of containment. By looking at the RSSI within the frames in Wireshark, you can get close to the source AP of the offending frames.

Another option is to plug the BSSID into the AirCheck G2 and use the Locate feature to find the AP.

Here are some screenshots from my lab performing containment on one of my APs. Remember your regulatory laws regarding containment!

Rogue security policies

Cisco WLC Wireless Protection Policies for Rogues

Containing a BSSID

Containing an SSID

A status page of the BSSID contained

Rogue AP Detail

 

A list of deauthentication frames captured using Airtool and Wireshark

Deauthentication Capture

This Week In Wireless

CTS 080: Wi-Fi Apps for macOS

Let’s face it, we enjoy our Wi-Fi tools and apps. This episode talks about the apps we use in macOS. So if you’re a Mac guy, this episode is for you.

This episode is happily sponsored by Metageek

Sponsored by Metageek

Wi-Fi Apps for macOS

Being a Mac user meant not having enough apps to do your job. As a Wi-Fi professional, we rely on many apps to help get our jobs done. Fortunately, we have developers who hear the cry for professional Wi-Fi apps on macOS. Here’s a list of apps Francois and I use on a daily basis. This is in no particular order.

Wi-Fi Explorer

Great app developed by Adrian Granados who was interviewed back on 007. Double 007! This is an excellent Wi-Fi network scanner that is simple to use and updated regularly. It has built-in search functionality so you can find the network you’re looking for. You have the ability to add different columns to fit your troubleshooting needs and you can see advanced details such as information elements. This is a paid application.

Screenshot of Wi-Fi Explorer

Airtool

Another powerful app from Adrian Granados. It’s a menu bar application capable of capturing Wi-Fi frames using the Mac’s built-in Wi-Fi network card. From the app you select a channel to capture frames from, select the channel width, and you’re off to the races. It can be used with Wireshark, Cloudshark, and Mojo Packets. This is the fastest way to capture frames using a Mac. One of my favorite apps to use. Also, it’s Free!

Screenshot of Airtool

Wi-Fi Signal

Adrian Granados strikes again! This is a menu bar application used to easily check the status of the Wi-Fi network you’re connected to. It can display information such as quality of the received signal, signal in dBm, noise, SNR, and current channel. It can send notifications of when you connect/disconnect to a Wi-Fi network and even if you roam.

Screenshot of Wi-Fi Signal

Debookee

We interviewed the developer, Thomas Baudelet, in episode 70. This is a great app with a wireless module which displays details of Wi-Fi networks, displays statistics such as retry rate and Tx and Rx throughput. This app makes it easy to analyze other clients’ performance. This is a paid app.

Screenshot of Debookee

iPerf

A free application to test throughput of your Wi-Fi network. What else is there to be said!?

Metageek InSSIDer Office (beta)

Currently in beta, Metageek has a macOS application that can scan Wi-Fi networks around you. It contains a search functionality to get through all the networks on the list. If you plug in a WiSpy dBx you can get a lite version of Chanalyzer. This is a paid app.

Screenshot of InSSIDer Office

Terminal/iTerm2

Use this to SSH into your devices. You can build aliases and scripts to help you manage your network efficiently.

TamoSoft Throughput Test

Can operate as a server or a client. The server can be ran from macOS or Windows. The client can operate on macOS, Windows, Android, and iOS. It’s very easy to use and provides a visual throughput tester. You have the ability to set QoS and perform TCP or UDP tests.

Screenshot of TamoSoft Throughput Server

What tools are you using on macOS? Which are your favorite? Let us know in the comments below.

Links and Resources

 

CTS 007: Interview With Adrian Granados of Wifi Explorer

Image from www.adriangranados.com

In This Episode – WiFi Explorer

Let’s talk to Adrian Granados, developer of Wifi Explorer. I’ve mentioned this application several times on the podcast and on my blog. Many of us in the industry use his tool to get a quick look at the wireless network wherever we’re at.

You’ve probably seen folks on Twitter use this to show how poorly designed some WiFi networks are.

In this episode, I ask Adrian why he created WiFi Explroer, how it goes into developing it and improving it, and finally we discuss his other tools you may have not known about.

Links and Resources Mentioned

@adriangranados on Twitter
www.adriangranados.com
WiFi Explorer
WiFi Signal
CloudShark
Cmap tools
CWNA
CWAP

Thanks For Listening!

I hope you enjoyed listening to this episode.

I really appreciate you listening to the podcast and tune in on the next episode. If you could spare a few minutes by leaving a rating and review on iTunes. It would mean the world to me!

Share Episode 7 on Twitter, Facebook, and LinkedIn using the buttons below!

CTS 002: Three Wifi Tools I’m Using Right Now

These tools can save you time and money. That’s the reason why I am sharing with you three tools I am using right now.

We all like tools as long as they help us get the job done right and quickly. In the wireless field there are dozens of tools. From spectrum analysis to network scanning and throughput testing to designing.

In this episode:

  • Metageek Eye P.A.
  • Wifi Explorer
  • Ekahau Site Survey

Links and resources mentioned:

Thanks for listening!

Another one in the books. Let’s keep this podcast rolling!

Would you like to join me on the podcast? Hit me up on the contact page.

If you enjoyed this episode, please share it on Twitter, Facebook, Email, tell your mom, tell your friends, just share it!

What tools are you using right now? Let me know in the comments below.