Posts

Showing posts with the label Management Frames

Deauthentication

Image
  Deauthentication  Type: 00 Subtype: 1100      Deauthentication frames are different from Disassociation frames as they will force a client to completely renegotiate the connection/ reset the 802.11 state machine. Deauthenticating a client can sometimes be useful in troubleshooting if you need to recreate a problem as the client will start the connection from scratch, allowing you to capture all frames from the beginning of the conversation.     Deauthentication frames can be sent broadcast or unicast from the AP or unicast by a client. The client's ability to send deauthentication frames means it is important to use protected management frames, so users on your network do not become victims of a deauthentication attack from a spoofed sender.     Below is a deauthentication frame from a packet capture:     There's not much to it. Note the reason code, there are reason codes 0-39 that will define why a client was deauthenticated. A ...

CWAP MAC Sublayer and Functions - Beacon Frames

Image
     The biggest part of the CWAP exam is "MAC Sublayer and Functions" which encompasses 25% of the exam. Because of this, you need a deep understanding of frame formats and what their purpose is in the environment. I started with management frames: Management frames have type 00 in the Frame Control Field      The Frame Control Field is in all 802.11 frames and it contains information like the frame subtype along with tons of other information that will be discussed later. Management Frame Subtypes:      As you may have noticed in the image above, the frame control field contains a Subtype. There are 16 management frame subtypes: Each of the frame subtypes are important to managing the stations that are on the WLAN. Beacon      The beacon frame is something we see visualized without knowing it. This is visible to us when you go into the wireless settings on your device and see the SSID's of WiFi networks around you. The inform...