626WiFi

Action Frames Type: 00 Subtype: 1101 (13)      Action frames are a subtype under management frames. Action frames are able to trigger a specific action to happen. Action frames do not expect an acknowledgement. There are several categories of action frames, like spectrum management, QoS, HT, VHT, radio measurement, DLS, Public, Fast BSS Transition, SA Query, Protected dual of public action, Reserved/Unused, Vendor specific, and Error.     If you want to see the specific category of the action frame, you can view this under IEEE 802.11 Wireless Management section in the frame under the "fixed parameters":                                   Pictured is a block ack request action frame.      Below is an example of a block ack response:     Here's an example of an 802.11k neighbor report request and response, note the category code as radio mea...

  Association Request: Type: 00 Subtype: 0000     The association request frame is the next step when joining the BSS after the Authentication frame exchange. The association request contains important information like Capability Information, Listen Interval, SSID, Supported Rates and Extended Rates, Channels Supported and QoS capability. The point of the association request frame is to advertise the capabilities of the client to the AP that match what the AP advertised in the beacon or probe response frames. Pictured is the association request frame format: Association Response: Type: 00 Subtype: 0001     If the capabilities of the client match the required capabilities of the AP, the AP will send an association response frame with the status code of Successful and with an Association ID for the specific client. All clients in the BSS receive a specific association ID. Pictured is the association response frame format:

      Probe Requests and Responses are key for active scanning. This allows a client station to find out information about the networks around them. When a client transmits a probe request, the client is requesting information about either a specific SSID that they know of or are requesting information from any APs in the area. This can be done by changing the value of the "SSID parameter set". When changing this to a specific SSID, the client is probing for that specific network. When this value is changed to a wildcard value, the client is asking any AP that hears it to respond. If the AP is configured to hide its SSID in beacon frames, the client must send a probe request with the SSID parameter set to the SSID of the network for it to receive a probe response back. Probe Request:     Probe requests are sent to a broadcast address (ff:ff:ff:ff:ff:ff). During active scanning the client sends probe requests to a specific channel, waits for a response, and then ...

       While Authentication frames are not officially classified as a Request or a Response frame, this two frame exchange is key to how client devices gain access to the network. Open system authentication is the process of the two stations confirming who they are. Open system authentication should always be successful. The Authentication Request is sent from the client station to the AP. From there the AP sends an Authentication Response back to the client. Since these are unicast frames, each are followed by an ACK from the receiving station. Simplified view of the frame exchange: The authentication frame format looks like the following: If you were to view it inside of a packet capture: Authentication Request from Client: Authentication Response from AP:     You can see in the authentication response that the sequence number is 2 and that the status code is successful in both the authentication request and the response. Also note that the type field as...

     The biggest part of the CWAP exam is "MAC Sublayer and Functions" which encompasses 25% of the exam. Because of this, you need a deep understanding of frame formats and what their purpose is in the environment. I started with management frames: Management frames have type 00 in the Frame Control Field      The Frame Control Field is in all 802.11 frames and it contains information like the frame subtype along with tons of other information that will be discussed later. Management Frame Subtypes:      As you may have noticed in the image above, the frame control field contains a Subtype. There are 16 management frame subtypes: Each of the frame subtypes are important to managing the stations that are on the WLAN. Beacon      The beacon frame is something we see visualized without knowing it. This is visible to us when you go into the wireless settings on your device and see the SSID's of WiFi networks around you. The inform...

    After passing the CWNA exam, you're faced with several options on how to proceed with your career. The CWNA opens the door to three specialties, all of which are important and valid in their own way.      Do you choose to focus on Security, Design, or Analysis? This may be an easy decision based on your profession. As a technician, I chose to begin studying the CWAP.  Currently 1/2 through the official certification guide, I realize just how much I need the information presented in this certification.     My current role is heavily centered on troubleshooting, I occasionally look at packet captures, but that's partially out of my scope in my current level of authority. Though it is an important skill to learn. So why, as a network technician, do I need to study for a professional level analysis certification? One obvious reason is career advancement and becoming better at my current role.      Learning the PHYs in dept...