CWNP CWNA – MAC Architecture Part 2

11. Beacon Frame Types

So, as I was just saying, some of the things that we see with the beacon, well, things I didn’t even mention yet, the timestamp to synchronize to make sure we know what time of day it is and it’s not some weird repeated traffic or something like that. The type of again, spread spectrum am I supporting? FHSS, DSS OFDM ERP, all these things we’ve talked about, the channel that I’m using, the data, data rates, the ones that I have, basic rates, ones that were mandatory on some cases and what rates that the access point is going to support. Meaning that you might have enough of a signal to be able to connect to the access point, but because of the distance away, you might not be able to get to a minimum speed. That the person who configured the access point wants to use.

The types of service set capabilities. Is it a basic service set, one access point, or are we doing an ad hoc or independent computer to computer? Like I said, the name of the network, the SSID if you’re doing power saving than the Tim, the traffic indication map, whether or not the access point supports QoS, what type of security, if any, that you’re using under the robust security network, and anything proprietary to each vendor that they might include into the beacon.

12. Passive Scanning

So passive scanning just means that everybody’s listening for these beacons that come out every so often. And when that beacon comes up, then what do you do? You get this little list that pops open and it tells you the names of all the SSIDs and has all the little bars to tell you how strong the signal is. The RSSI. And that’s just passive scanning. That means you’re not searching for the network. You’re just waiting to hear from an access point that there’s a network out there.

13. Active Scanning Part1

Active scanning is a little different. We told you that an access point can and we call this out of security, not send beacons, so that if you’re just driving by or walking by, you just won’t see that there’s a wireless network there. Well, that’s not actually true. Many times, believe it or not, you might see in your list of all these network names, one that is kind of blank, meaning it won’t tell you its name, but you can see how strong the signals are still. And if you knew the name of that SSID, you could click on that blank one and then try to join it by knowing the SSID. Prior to seeing things like that happen, you would have had to send a probe.

So if I was a hacker, trying to make this person look a little meaner, if I was a hacker, I would send a probe out. When I send a probe, by the way, it’s like any other radio. It’s actually going all over the place to see if there’s an access point that’s out there. And from that probe, you should get a probe response that’s going to give me the SSID. So you see what I’m saying? It’s really not that much more secure than doing a beacon. It just keeps a lot of people away because they don’t know they could do that.

14. Active Scanning Part2

Now, one of the drawbacks to doing the passive scanning, like I said, is that the beacon management frames are only broadcast on the same channel as the access point. Now, how that’s a drawback? I’m not quite sure, but I look at it like this. If I’m listening to all of the channels to hear these beacons, then because I heard the beacon, I’ll know which channel to use to be able to get to that network. But in active passing, I have to do these probes, hoping to get a probe response.

And when I’m sending the probes, you have to ask the question, Right, what’s the frequency? 2. 4. Is it 50? And then I have to ask a question, what channel is it on? So not like this is really difficult to do. It’s just going to take a little a bit more time, just a few extra seconds, really, to be able to get there. But that’s an active scan. Otherwise the beacon should include the channel on the frequency when I receive it.

15. Authentication

Authentication is one of the two steps required to connect to an access point. Authentication and association have to occur in that order before that access point is going to allow you to be able to send traffic through it into the wired network.

16. Open System Authentication

One of the types, original types of authentication was called the Open System authentication. It is the simplest of any of the authentication methods, meaning I don’t have to have a pre shared key, I don’t have to have a username and password, I don’t have to have anything. And so we usually just send a null statement. Null, meaning there’s nothing there to get the access point to say oh yeah, we approve everyone and then get the association. So it’s authentication without any type of client verification and it’s just really two people saying hello and then that’s the authentication. And from that point then we can do the association if the access point isn’t already overburdened with too many clients. You do that part and then you’re in that access point.

Now don’t confuse Open System with real authentication. And what I mean is that sometimes we hit this access point and the access point says I don’t care who you are, come on in, I’ll connect you. But you know, secretly behind the scenes it’s connected to a wireless LAN controller. And so all of your traffic is going to go to the wireless land controller. And because all your traffic will always go to the wireless land controller, the wireless LAN controller might send you up with what we call a Captive portal page, a little Web page that pops open that says, hey, you have to tell me your username and password or I’m going to drop all your traffic. So Open Authentication just means the access point is not asking me any questions. It doesn’t mean you won’t get asked on the other side.

17. WEP Authentication

One of the early types of security and authentication was called Web, the wired equivalency privacy. And it used what was called a shared key authentication. We actually should have called it a pre shared key. And basically it means that everybody that wants to connect to my access point has to have this web key and it has to be configured as the same on the access point and on all of the computers making a connection. In addition to Wet being mandatory if you turn it on, authentication is not going to work if the keys that you have and the key that the access point have don’t match.

Now there is a four way type of authentication that’s going on. The first is that the client sends an authentication request. So that means the computer is over here and it tells the access point. Hey, I heard you, I saw your SSID, I’d like to connect. The access point is going to send a clear text challenge to the client station in an authentication response. Some people might call that the initialization vector. And then when that comes in, your client is going to encrypt the clear text challenge with that web key and send it back. Now this is where we need to have the same key, send it back to the access point.

In other words, what’s coming from the access point and clear text is just that it’s just clear text, anybody can see it. But when I encrypt that I’m going to do it with my web key. So everybody else that hears it, if they don’t have the same web key, they’re not going to know what the key was. So we send that back anyway. And the access point is then going to use the web key that it has to decrypt the response.

It’s going to compare it to the challenge text that was sent and if that matches then the AP will say, hey, you’re good to come on in. Now let’s associate. If they don’t match, the access point is basically going to say no, you can’t make the connection and that’s if the clear text doesn’t match or if the AP can’t decrypt it from that challenge, either one of those, it has to be 100% or you’re not going to get connected.

18. Association

Now that process of association. So after the authentication with the AP, the next step is to associate with it. So when a client station associates, it becomes a member. In this case, if there’s only one of the basic service set, association means that the client station can send data through the access point into, whatever the DSM, the distribution system medium is.

It’s usually the wired network. The client is going to make an association request to the access point, asking permission. So if you authenticated, why can’t you associate? There are some limitations on some vendors equipment that say how many clients can be supported on a particular access point. So even though you might authenticate, the access point might actually say, hey, look, I’ve got 40 people already connected to me. That’s my limit. I can’t have any more. So I’m sorry.

19. Module 09 Review

So in this module, we talked about packets, frames, bits we looked at the data link layer, the physical layer as it pertains to not only the OSI, but to the wired and wireless networks and how those two networks can work together.

We talked about the different types of frames in 800 and 211 a little bit more about the beaconing and how passive and active scanning might be used in the process to find an access point. When you find one going through the authentication and association and then and how the Bacon, as I mentioned before, has some of the basic and supported data rates.