search
githubEdit

Module 6: Frames and Network Interaction

hashtag
Packets vs. Frames

Just discussing the difference between Protocol Data Units (PDUs).

hashtag
802.11 MAC Frames

hashtag
MAC Header

802.11 MAC Header

hashtag
Frame Types

hashtag
Management Frames

Management frames subtypes:

Subtype
Field Description

0

Association Request

1

Association Response

2

Re-association Request

3

Re-association Response

4

Probe Request

5

Probe Response

6

Measurement Pilot

7

Reserved

8

Beacon

9

ATIM

10

Disassociation

11

Authentication

12

Deauthentication

13

Action

14

Action No ACK

15

Reserved

Beacon frame structure
circle-info

Although SSID and ESSID are used interchangeably in Wi-Fi tools and AP configuration, there is a small difference. SSID is for single APs. ESSID is when multiple APs in an Extended Service Set (ESS) share the same SSID. The official name of the field in management frames is SSID.

Management frame IE structure
Authentication frame structure
Association request structure
Association response structure

hashtag
Control Frames

Control frames subtypes:

Subtype
Field Description

0-6

Reserved

7

Control Wrapper

8

Block ACK Request

9

Block ACK

10

PS-Poll

11

RTS

12

CTS

13

ACK

14

CF End

15

CF End + CF-ACK

ACK Frame diagram
RTS/CTS communication sequence
RTS frame structure
CTS frame structure

hashtag
Data Frames

Data frames subtypes:

Subtype
Field Description

0

Data

1

Data + CF ACK

2

Data + CF Poll

3

Data + CF ACK + CF Poll

4

Null Function (No Data)

5

CF ACK (No Data)

6

CF Poll (No Data)

7

CF ACK + CF Poll (No Data)

8

QoS Data

9

QoS Data + CF ACK

10

QoS Data + CF Poll

11

QoS Data + CF ACK + CF Poll

12

QoS Null (No Data)

13

Reserved

14

QoS CF Poll (No Data)

15

QoS CF ACK + CF Poll (No Data)

hashtag
Interacting with Networks

The stages in connecting to a network

hashtag
Open Network

In IEEE 802.11 Wireless Management > Fixed Parameters > Capabilities Information, we can check the Privacy bit to see if the AP is encrypted.

hashtag
WEP

Same process as the Open Network however the Privacy bit will show it is encrypted. The lack of WPA/WPA2 tags indicates WEP.

hashtag
EAPoL

Extensible Authentication Protocol over LAN (EAPoL) frames are commonly used during the handshake when connecting to an AP with WPA, WPA2, WPA3, or OWE.

EAPoL-Key frame structures
KDE structure
RSNE structure
RSNE Pairwise Cipher Suite item

hashtag
WPA1

Advertises WPA1 PSK TKIP.

hashtag
WPA2

Advertises WPA1 and WPA2, both with AES/CCMP and TKIP.

hashtag
WPA3

Advertises with SAE in the RSN IE, and 802.11w which is mandatory for WPA3.

hashtag
OWE

Advertises an RSN IE with OWE, and 802.11w which is also mandatory for OWE.

hashtag
WPS

Advertises with a WPS beacon tag.

PreviousModule 5: Wireshark EssentialsNextModule 7: Aircrack-ng Essentials

Last updated