Greg Hammond

Authentication Frames in 802.11 are not about verifying the identity of clients or forming a secure connection. These frames are used to ensure each radio is actually a valid .11 device that can communicate on the network. It has been described similarly to plugging a network cable into the wall or switch.  Please note this is only valid for networks using WPA or WPA2. WPA3 introduces SAE (Simultaneous Authentication of Equals) and uses a 4 message exchange for authentication. We will be looking at Open System Authentication frames here.  In the above we have the two frame exchange between the client device and the AP. Each message is the essentially the same and contains a Sequence Number and Status Code to tell whether or not authentication was successful.  As with all other frames we can look at the FCF to verify what type of message it is too. And that's all there really is to it. If each radio can authenticate with one another they can proceed to the Association stag...

In the previous post we looked at Probe Requests which are frames sent by a STA wishing to join a BSS and needing additional information to make a selection. The Response is sent from the AP with a list of its capabilities and other information about the BSS. Note this is not the full capabilities. Since I went over the fields in the previous post Ill start with the FCF in the form of a packet capture.    FCF     Again we can see information about what type of frame we are viewing. Management Subtype 5 is a Probe Response.  Moving on to the Frame Body we'll start with the Basic and Supported Rates. Rates with a (B) marked next to them are basic rates and are required to be supported in order to join the BSS. Also note the lack of a 6Mbps rate. This is because its disabled on my network and therefor not advertised.  Basic and Supported Rates Next we can see the regulatory domain the AP is operating in, its channel capabilities and what environment is can be ...

I finally got around to signing up for the test and really going over the study guide. You can see my most of my notes here if you want an idea of the content and if it wasn't implied in the title already, I passed! While I was able to take a CWNA course through a previous employer that was not the case this time. My study methods were basically reading the book from front to back, reading various blogs (also listed in the top bar), doing packet captures and taking the practice tests. Out of those methods, I feel being able to take packet captures is what will solidify your knowledge for this exam. Luckily I was able to acquire a WLANPi a few years ago before the shortage and discontinuation of the neo2 board. Wlanpros appears to be working on another version (I think I also spied dual radios so maybe we'll get the ability to capture roaming events!) but I haven't seen anything for sale yet.  For those who don't have the pi you can either purchase software like CommVie...