-
Notifications
You must be signed in to change notification settings - Fork 176
02. 802.11 Specifications
-
Beacon Frame = Advertisements of AP (include info about AP's supported rates, encryption capabilities...)
-
Probe Request = Frame sent by station looking for AP.
2 types of Probe Requests:- Directed Probe Request = Client looks for a specific known SSID. Can be used by attacker to find hidden SSID, or to reconstruct client's PNL ("Is MyWiFi here ?").
- Broadcast Probe Request = Client broadcast request to check if there is any wireless network nearby ("Is any WiFi here ?").
-
Probe Response = Frame sent by AP to station, when replying to Probe Request. Contains similar info as Beacon Frames.
-
Authentication Request = Station initiates authentication to AP.
-
Association Request = After authentication, station asks for association with AP.
-
Deauthentication Request = Sent by AP to client to disconnect it. Can be sent by attacker in order to try to disconnect a client.
-
Disassociation Request = Sent by AP to client. Contrary to deauthentication request, disassociation is normally sent to client when AP is powered down/rebooting. An attacker can also send this type of request along with deauthentication request, to increase chances to successfully disconnect a client.
Station AP
<------- Beacon -----------------------
...
<------- Beacon -----------------------
...
-------- Probe Request --------------->
<------- Probe Responde ---------------
-------- Authentication Request ------>
<------- Authentication Response ------
-------- Association Request --------->
<------- Association Response ---------
<--------------- Data ---------------->
Authentication Request/Response are confusing because there is no actual authentication mechanism here.
- In Open Network, client can use the wireless network directly after this Association Handshake.
- In Protected Network (e.g. WPA/WPA2), a "real" authentication occurs after this Association Handshake.
- 01. WiFi Basics
- 02. 802.11 Specifications
- 03. WPS (WiFi Protected Setup)
- 04. WPA Protocol Overview
- 05. WPA/WPA2 Personal (PSK) Authentication
- 06. WPA/WPA2 PSK Traffic Decryption
- 07. WPA/WPA2 Enterprise (MGT)
- 08. Evil Twin Attacks
- 09. 802.11 Network Selection Algorithms
- 01. WiFi Interfaces Management
- 02. WiFi Connection
- 03. WiFi Monitoring (Passive Scanning)
- 04. Hotspot Captive Portal Bypass
- 05. WiFi Denial of Service
- 06. WEP Authentication Cracking
- 07. WPA/WPA2 Personal (PSK) Authentication Cracking
- 08. WPA/WPA2 Enterprise (MGT) Authentication Cracking
- 09. WPA/WPA2 Personal (PSK) Traffic Decryption
- 10. Basic AP (Manual Configuration)
- 11. Open Network (no passphrase) Rogue AP / Evil Twin
- 12. WPA/WPA2 Personal (PSK) Rogue AP / Evil Twin
- 13. WPA/WPA2 Enterprise (MGT) Rogue AP / Evil Twin