Start with Wifi Basics - Part 1: Scanning

-
Let us start with the basics of Wifi:

Well if you want to connect to a Wifi Network, the first thing would be that your device finds it.
The device finds the available Wifi networks in its vicinity by a process called "Scanning".

Scanning is a process that a wifi station/client does to search the available networks around it. This can be done in two ways:
Active Scanning
Passive Scanning

Active Scanning: In this, the Wifi Station (your Laptop, your mobile phone etc) sends out a packet called Probe Request in each of the available channels and then waits to listen to a response from the Access Point ( A device that serves Wifi, usually seen hanging on the ceiling in offices) called a Probe Response. This packet contains the information like the SSID ( name of the network ), security Info ( what kind of security is required to connect to this network), Country Info, Channel info, Data rates etc.

Passive Scanning:  In this, the Wifi Station just listens for Beacons on every channel. A beacon is usually sent every 100 ms by the AP, it contains all the info that a Probe response contains. In passive scanning the device does not send any active probe and wait for response rather just listens on every channel.

To sum up the differences:
Acitive Scanning is fast as it does not have to wait for a Beacon to get the info instead it sends out a Probe request and immediately gets a probe response. This comes at the cost of Power consumption to send out Probe request on all channels. Passive scanning does not consume much power as there is not transmission but it is slow as it needs to wait for 100ms for a Beacon.

So we learnt about Scanning and its use, the differences between Active and Passive Scanning and also got introduced to 3 kinds of Packets:
Beacon - A packet that is transmitted by the AP every 100ms on the channel it is operating which contains all information related to that network. It is a way that the AP advertises its network capabilities
Probe Request -  A packet sent by Wireless client to actively search for available networks.
Probe Response - A packet sent by Wireless AP in response to Probe request.

Additional Info: 
To increase the security of wifi networks, the SSID is not added in Beacon and therefore is Hidden. Passive Scan will not be able to find this network.

Active Scan are of 4 types:
Null SSID Scan - SSID field is empty in Probe Request. All APs respond to this Probe Request.
SSID Scan - SSID field contains a specific SSID. Only the AP having this SSID will respond.
Broadcast Scan - Desitination is Broadcasted.
Directed Scan - Destination is of a Particular AP MAC

Roam Scan is a scan that is done when the current APs Signal Strength is decreasing and the Client needs to roam to another AP. Roam scan is done so that the client finds a better AP than current AP.
Roam Scan is a Broadcast SSID Scan.


Comments

  1. Network30 September 2018 at 11:36

    Can you please give some real time scenarios where active and passive scanning happens?? ..

    ReplyDelete
    Replies
    1. pavan30 September 2018 at 20:00

      As mentioned, Active Scanning is done when client is trying to connect to a network, when client is trying to Roam etc.
      Passive Scanning is done on DFS Channels like 52,56,60, 64.
      Active Scanning can also be done on this channels after the client finds that there are no Radar signals and APs are operating on these channels

      Delete
  2. Network30 September 2018 at 11:40

    Also i would like to know how long do the client wait before sending probe request again and for how many times will it try ?

    ReplyDelete
  3. pavan30 September 2018 at 19:58

    HI Chiranjib, This is not defined in 802.11 specification and is Vendor Specific.
    I have seen clients sending 3 Probe Request per channel, and then moving to next channel.

    ReplyDelete

Post a Comment

Popular posts from this blog

Wifi Roaming Techniques : Pre-Authentication, PMK Caching, OKC, Fast Transition - 11r

-
Image
Wifi Roaming Techniques: Roaming is one of the most crucial aspect of Wifi. Roaming in simple terms is Handing off Client connectivity from one Access point to another without losing connectivity. When the Client sees that the RSSI ( signal Strength ) of connected AP is decreasing, the Client does a roam Scan and sees if there are other APs with better RSSI. Once it identifies the better AP, it starts association with this AP. This process is called Roaming. Why is Roaming Important: Wifi is mostly used in devices which are mobile such as mobile phones, Laptops etc. User intend to use these device while moving from one place to another and it is expected that the devices are always connected to wifi and the user can continue his work seamlessly. It would not be desirable that wifi keeps disconnecting and connecting to other Access Point while the user is moving, there should be a way where in the client can remain connected to wifi network while it moves. This issue is add
Read more

802.11w Protected Management Frames (PMF)

-
Image
802.11w Protected Management Frames Why? As you are aware that Management Frames are not encrypted in WLAN networks and this causes WLAN networks to be vulnerable to Denial of Service Attacks (DoS). Let us see a few of the Denial of Service attacks which Attackers can use to disrupt few or all of the users in a WLAN network. DoS Attacks Following frames can break the existing wireless connection (without PMF support) and will lead to Denial of Service attack. Sending Deauth or Disassoc notification to AP Sending (Re) Association request to AP. Sending Auth frame to AP. Sending Deauth or Disassoc notification to Station Sending Channel switch announcement to Station. How to solve the problem? Once the 4 way Handshake is done, the AP and the STA have the PTK and GTK to encrypt data. The same keys can now be used to encrypt Management frames to provide a certain level of Protection against DoS Attacks. Access Point and the Station both needs to have s
Read more

Power Saving Techniques

-
Image
Why it is so Important? As you are aware that most of the Wifi Devices are Battery Operated such as Mobile Phones, Laptops etc. It is very important to consider the Power consumed of every component of such devices. If the device drains its battery too often, then it limits it mobility capability. It is very essential to conserve the battery when the device is not using any of such components. For Ex: Screen times out if there is no activity by User. Similarly when there is no active data transfer over Wifi, it is best to put it in a low power consumption mode to avoid Battery Wastage. Basic Mechanism: 1. STA sends out a packet to AP indicating that it is going to sleep mode. 2. AP Start buffering data for the client and indicates that there is data buffered in Beacon. 3. STA wakes up, listens to Beacon and sees if there is any data buffered for it. If no, go back to sleep. If yes, send a packet to AP to say that it is awake and send the buffered data. 4. AP after sending th
Read more