Revisiting WLAN frames
As this book deals with the security aspects of Wireless network, we will assume that you already have a basic understanding of the protocol and the packet headers. If not or if it's been some time since you worked on wireless network, this would be a good time to revisit it again.
Let us now quickly review some basic concepts of WLANs which most of you may already be aware of. In WLANs, communication happens over frames. A frame would have the following header structur:
The "Frame Control" field itself has a more complex structue:
The Type field defines the type of WLAN frame, which has three possibilities:
- Management frames: Management frames are responsible for maintaining communication between the access points and wireless clients. The Management frames can have the following sub-types:
- Authentication
- De-authentication
- Association Request
- Association Response
- Reassociation Request
- Reassociation Response
- Disassociation
- Beacon
- Probe Request
- Probe Response
- Control frames: Control frames are responsible for ensuring a proper exchange of data between the access point and wireless clients. Control frames can have the following sub-types:
- Request to Send (RTS)
- Clear to Send (CTS)
- Acknowledgement (ACK)
- Data frames: Data frames carry the actual data sent on the wireless network. There are no sub-types for data frames.
We will discuss the security implications of each of these frames when we discuss different attacks in later chapters.
We will now look at how to sniff these frames over a wireless network using Wireshark. There are other tools like Airodump-NG, Tcpdump, or Tshark which can used for sniffing as well. We will, however, use Wireshark for most of this book, but we encourage you to explore other tools. The first step in doing this is to create a monitor mode interface. This will create an interface for our Alfa card which allows us to read all wireless frames in the air, regardless of whether it is destined for us or not. In the wired world, this is popularly called promiscous mode.