802.11 Frame Types - Management Frames


802.11 Management Frames are used primarily as the name might suggest, to manage the wireless medium. The type of value regardless of which management subtype you see (covering this shortly) will always be shown as Type 00 as highlighted in the image below. This helps identify to the wireless device that the packet is a management frame; the same function happens for the control "01" and data frames "10".

 Management frames come in different shapes and sizes but some of the most important are as follows:

  • Beacon: Beacon frames are transmitted by the Access Point to announce the existence of a Basic Service Set. This will contain information about the BSS such as the SSID, supported data rates, country and (due to most APs being 11n and 11ac capable) 11n and 11ac capabilities and information. It's worth noting beacons are transmitted at set intervals, this can be configured to either increase or decrease the time frame in between but can have negative effects such as utilising additional airtime (remember all frames use the medium) or slowing the rate at which a client can detect nearby Wi-Fi networks.  Beacons are noted by the subtype 1000 as shown below.




  • Probe Request/Response: Probes is the more active approach for a client trying to receive details about a BSS and its capabilities. Requests are initiated solely by the client device (i.e., laptop) and a reply to the query by the Access Point with the relevant details like that of a beacon. These two frames are the beginning of the process of clients attempting to associate to a BSS.
Probe Request: Subtype 0100

Probe Response: Subtype 0101
  • Authentication: The second stage of a client's association is authentication. It's followed by the Probes and is initiated by the client device. This can either be PSK, WPA1/2 or SAE (Wi-Fi 6) among other protocols. 
Authentication Frame: Subtype 1011


  • Association Request/Response: After a device has successfully authenticated, an association will occur. A response frame is from the client and indicates the capabilities of the NIC within said device. The response will be from the Access Point and will contain information about the BSS as well. The response will also contain either a positive or negative response and if negative indicates a reason as to why the association has failed. 
Request Subtype 0000 and Response 0001 (seen above)

   

  • Re-association Request/Response: Re-associations are used for roaming purposes. Request is made by the client to the new AP of which it is trying to associate. If roaming capabilities such as Fast Transition (FT) are enabled the request will contain that information. The response is made by the AP to the client with either a positive or negative response like that of the association.
Reassocation Request Subtype 0010 (seen above) and Response 0011

 

  • Disassociation/Deauthentication: Both frames have the same end result of a client having an end to its association or authentication to a BSS. The difference being that a Deauthentication frame will force the client to renegotiate the entire connection (authentication and association), while a dissociation will just force a reassociation. They can be sent by either the AP or the client and is one of the reasons why protection of management frames is so important to stop the misuse of these types of frames. 
Deauthentication: Subtype 1100 (seen above) Disassociation 1010









 

The total list of management frame subtypes is 16 (two being reserved) all of which have their place in managing the medium. Above I have gone over some of those which I feel are most important to know. Let me know if you think others deserve to have a special mention in the comments.


Comments

Post a Comment

Popular posts from this blog

Wireless Modulation - BPSK, QPSK and QAM

Image
Modulation is one of the key components relating to how your network traffic is translated into a format that is traversable over  any network infrastructure either wired or (and the topic of this post) wireless connections.  Modulation sits at the lowest level of the OSI model, the Physical Layer (Layer 1).  Think of modulation in a real world example, as a translator. Preparing the data received from the higher layers of the OSI model into a more accessible and easily transmitted format across the network and more specifically relating to Wi-Fi, across the antennas transmitters/receiver hardware.   Wi-Fi modulation has seen many changes across its evolution from it's first initial standard in 1997 and is still changing even now with the currently in development standard Wi-Fi 7 (11be) which we will also cover in terms of it's changes to modulation.   There is three main ways that modulation takes place in Wi-Fi, and they're as follows, Binary Pha...
Read more

Wi-Fi 6E (6Ghz) Design Considerations

Image
Wi-Fi 6E capable networks are few and far between from what I've seen in the wireless world. We have seen a huge uplift of devices capable of accessing this previously unused spectrum. However I've found that wireless networks are still playing catch up when it comes to deploying a 6Ghz capable network.  So to educate a few people and to refresh my own knowledge, this blog post will cover off a bit of background information when it comes to the new 6Ghz spectrum. I'll go over the EU, UK and US standpoints and their differences, client connectivity and overall the challenges that you may come across when designing a 6Ghz capable network (most likely) alongside your existing 2.4Ghz and 5Ghz networks.  The certification was ratified by the Wi-Fi Alliance in 2021, not long after the Wi-Fi 6 standard itself was approved by the IEEE back in 2020. 6E (as I will call it going forward), as previously mentioned allows the use of the 6Ghz spectrum previously unused within the Wi-Fi sp...
Read more