CCIE or Null!

My journey to CCIE!

Let’s look at: 802.11 Beacon Frames.

with 3 comments

Probably the most common 802.11 management frame is the beacon frame. This frame is broadcasted from the AP listing the capabilities of the WLAN, but what exactly is listed? Let’s take a quick look.

Beacon frame from a Cisco WLAN

Here we can easily make out some of the capabilities of the WLAN, for example the SSID is probably going to be the first thing you notice TestSSID in this case, this is what provides the name of the WLAN. As you know SSID broadcasting can be disabled (Also called Closed System) at which point the SSID field will be blank.

Beacon frame with SSID broadcasting disabled. The SSID Information is simply excluded from the Beacon frame.

Next we will take a look at the what data rates are supported by this WLAN:

Here you can see the a few supported data rates and the extended supported data rates. This tells us the WLAN is capable of supporting both 802.11b and 802.11g WLAN clients. You’ll notice the Data rate of 5.5 has a (B) next to it, it just so happens 5.5 is set a mandatory data for this WLAN, so if a WLAN client can not support a data rate of 5.5 it will not be able to successfully authenticate and associate to the WLAN.

Next up we are going to at the RSN (Robust Security Network) information for this WLAN.

As you can see from the RSN Information element (IE), this WLAN is 802.11i compliant, showing it’s capable of AES/CCMP which means your WLAN clients will need to support 802.11i/WPA2 with AES in order to successfully communicate with this WLAN.

A few other noticeable features we can find in this beacon frame is the WLAN supports High-Throughput (HT), which is 802.11n (Draft 1 in this case).  So this is an 802.11b/b/n WLAN in the 2.4 GHz RF range.

This access point did not have multiple antennas attached to it, which is why the TxBF and ASEL capabilities are currently at 0x0000 and 0x00.

You will also notice in the 6th line down that the WLAN is 802.11e compliant meaning some QoS will be performed, and the line after that states: no non-ERP STA’s, do not use protection this states no 802.11b clients are currently connected only 802.11g WLAN clients are currently connected to this WLAN so protection mechanism’s are not in use.

Now, at the end of the beacon frame you will notice all this Unknown information, as you have probably guessed (or read) this information is vendor specific, which is common for every vendor to have put their own proprietary information within the Beacon frames. The main thing is make sure this extra information does not create its own incompatible issues with older WLAN client devices.

So in conclusion there’s a basic Cisco WLAN beacon frame, it should be a mirror image of the configuration for your WLAN. Looking at the beacon is just a simple way to make sure the WLAN is doing what’s it’s configured to do.

Written by Stephen J. Occhiogrosso

June 22, 2011 at 8:00 AM

3 Responses

Subscribe to comments with RSS.

  1. Reblogged this on What a wonderful world!.

    bradlinvic

    May 16, 2014 at 10:17 PM

  2. Hi, What tool did you use to capture the 802.11 Beacon Frames. It’s better if you can send an reply to my email. Thanks.

    Jeff

    June 16, 2014 at 4:45 PM

    • In that post I used a normal Linux laptop in monitor mode with Wireshark, However I’ve also used Omnipeek or AirPcap with Wireshark, they are all great options.

      Stephen J. Occhiogrosso

      June 16, 2014 at 5:17 PM


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 539 other followers

%d bloggers like this: