Beacon Management Frame
One of the most important frame types is the beacon management frame, commonly referred to as the beacon. Beacons are essentilly the heartbeat of the wireless network. The AP of a basic service set sends the beacons while the clients listen for the beacon frames. Client stations only transmit beacons when participating in an independent basic service set (IBSS), also known as Ad Hoc mode. Each beacon contains a time stamp, which client stations use to keep their clocks synchronized with the Ap. Because so much of successful wireless communications is based on timing, it is imperative that all stations be in sync with each other.
Information Type Description
Time Stamp Synchronization information
Spread Spectrum Parameter Sets FHSS-, DSSS-, HR-DSSS, ERP-, OFDM-, HT-, or VHT-specific
information
Channel Information Channel used by the AP or IBSS
Data Rates Basic and supported rates
Service Set Capabilities Extra BSS or IBSS parameters
SSID Logical WLAN name
Traffic Indication Map (TIM) A field used during the Power Save process
QoS Capabilities Quality of service and Enhanced Distributed Channel Access
(EDCA) information
Robust Security Network (RSN) TKIP or CCMP cipher information and authentication method
Capabilities
Vendor Proprietary Information Vendor-unique or vendor-specific information
The beacon frame contains all the necessary information for a client station to learn about the parameters of the basic service set before joining the BSS. Beacons are transmitted about 10 times per second. This interval can be configured on some APs, but it cannot be disabled.
RTS/CTS
In order for a client station to participate in a BSS, it must be able to communicate with the AP. This is a straightforward and logical; however, it is possible for the client station to be able to communicate with the AP but no tbe able to hear or be heard by any of the other client stations. This can be a problem because, as you may recall, a station performs collision avoidance by setting its NAV when it hears another station transmitting (virtual carrier sense) and by listening for RF (physical carrier sense). If a station cannot hear the other stations, or cannot be heard by the other stations, there is a greater likelihood that a collision can occur. Request to send/clear to send (RTS/CTS) is a mechanism that performs a NAV distribution and helps prevent collisions from occuring. This NAV distribution reserves the medium prior to the transmission of the data frame.
Data Frames
The most common data frame is the simple data frame, which has MSDU upper-layer information encapsulated in the frame body. The integration service that resides in APs and WLAN controllers takes the MSDU payload of a simple data frame and transfers the MSDU into 802.3 Ethernet frames. For data privacy reasons, the MSDU data payload should usually be encrypted.
The null function frame is used by client stations to inform the AP of changes in Power save status by changing the Power Management bit. When a client station decides to go off-channel for active scanning purposes, the client station will send a null function frame to the AP with the Power Management bit set to 1. As demonstrated in Excercise 9.7, when the Power management bit is set to 1, the AP buffers all of that client's 802.11 frames. When the client station returns to the AP's channel, the station sends another null function frame with the Power Management bit set to 0. The AP then transmits the client's buffered frames. Some vendors also use the null function frame to implement proprietary power management methods.
In my wireless lab, I've configured my AIR-CAP2602I to Sniffer mode by going to Wireless > Access Points > click AP name > General > AP Mode > choose Sniffer > Apply. It will cause the AP to reboot for few minutes (mine took 3 minutes) and it will also disassociate wireless clients.
One of the most important frame types is the beacon management frame, commonly referred to as the beacon. Beacons are essentilly the heartbeat of the wireless network. The AP of a basic service set sends the beacons while the clients listen for the beacon frames. Client stations only transmit beacons when participating in an independent basic service set (IBSS), also known as Ad Hoc mode. Each beacon contains a time stamp, which client stations use to keep their clocks synchronized with the Ap. Because so much of successful wireless communications is based on timing, it is imperative that all stations be in sync with each other.
Information Type Description
Time Stamp Synchronization information
Spread Spectrum Parameter Sets FHSS-, DSSS-, HR-DSSS, ERP-, OFDM-, HT-, or VHT-specific
information
Channel Information Channel used by the AP or IBSS
Data Rates Basic and supported rates
Service Set Capabilities Extra BSS or IBSS parameters
SSID Logical WLAN name
Traffic Indication Map (TIM) A field used during the Power Save process
QoS Capabilities Quality of service and Enhanced Distributed Channel Access
(EDCA) information
Robust Security Network (RSN) TKIP or CCMP cipher information and authentication method
Capabilities
Vendor Proprietary Information Vendor-unique or vendor-specific information
The beacon frame contains all the necessary information for a client station to learn about the parameters of the basic service set before joining the BSS. Beacons are transmitted about 10 times per second. This interval can be configured on some APs, but it cannot be disabled.
RTS/CTS
In order for a client station to participate in a BSS, it must be able to communicate with the AP. This is a straightforward and logical; however, it is possible for the client station to be able to communicate with the AP but no tbe able to hear or be heard by any of the other client stations. This can be a problem because, as you may recall, a station performs collision avoidance by setting its NAV when it hears another station transmitting (virtual carrier sense) and by listening for RF (physical carrier sense). If a station cannot hear the other stations, or cannot be heard by the other stations, there is a greater likelihood that a collision can occur. Request to send/clear to send (RTS/CTS) is a mechanism that performs a NAV distribution and helps prevent collisions from occuring. This NAV distribution reserves the medium prior to the transmission of the data frame.
Data Frames
The most common data frame is the simple data frame, which has MSDU upper-layer information encapsulated in the frame body. The integration service that resides in APs and WLAN controllers takes the MSDU payload of a simple data frame and transfers the MSDU into 802.3 Ethernet frames. For data privacy reasons, the MSDU data payload should usually be encrypted.
The null function frame is used by client stations to inform the AP of changes in Power save status by changing the Power Management bit. When a client station decides to go off-channel for active scanning purposes, the client station will send a null function frame to the AP with the Power Management bit set to 1. As demonstrated in Excercise 9.7, when the Power management bit is set to 1, the AP buffers all of that client's 802.11 frames. When the client station returns to the AP's channel, the station sends another null function frame with the Power Management bit set to 0. The AP then transmits the client's buffered frames. Some vendors also use the null function frame to implement proprietary power management methods.
In my wireless lab, I've configured my AIR-CAP2602I to Sniffer mode by going to Wireless > Access Points > click AP name > General > AP Mode > choose Sniffer > Apply. It will cause the AP to reboot for few minutes (mine took 3 minutes) and it will also disassociate wireless clients.
To redirect wireless frames to a Wireshark PC,
go to Wireless > Access Points > Radios > 802.11b/g/n. Under the AP
name > Antenna > click the blue arrow > choose Configure.
Tick Sniff, leave Channel in default (Current Channel is 1)
and type the IP address of the PC running Wireshark > click Apply.
Open Wireshark > click Capture > Start > and choose
the LAN (wired) adapter. Run for few minutes and then go to Capture > Stop
(or click Stop icon, which is a red/square icon that’s beside the shark
blue/fin icon). The WLC management IP is 10.72.235.195 and the
Wireshark PC is 10.72.235.198.
To further analyze and narrow down the captured frames, click on any
sequence number > right-click > choose Decode As > under Current > choose
PEEKREMOTE (displays AiroPeek/OmniPeek encapsulated 802.11 frames)
This is what a beacon frame (frame 7) looks like.
This is what a request to send (RTS) frame looks like (frame
10).
This is what a clear to send (CTS) frame looks like (frame
11).
This is what an ACK frame (frame 16) looks like.
This is what a data frame (frame 25) looks like.