With an understanding of management frames, we can explore the states of association. In this example we’re looking at the steps necessary for a connection between a client and an open access point.
In the Unauthenticated and Unassociated state, the client seeks the access point. This is either done passively by listening to the broadcast address for beacon frames transmitted by the access point, or actively by transmitting a probe request.
Once the client has received either a probe response or beacon frame from the access point, it can determine its operating parameters (channel, protocol, data rate, modulation details, etc). The client will then send the access point an authentication frame requesting access. In the case of an open network, the access point will send the client back an authentication frame responding with a success message.
Now the client is Authenticated and Unassociated. Next the client will send the access point an association request. The access point will reply with an association response.
If successful, the client will now be Authenticated and Associated. At this point any additional security, such as WPA2, may be negotiated. Otherwise in the case of an open network, the usual first network interactions will occur. These are the same as in wired networks, and typically begin with obtaining IP address information from a DHCP server on the host network.
In the case of the WiFi Pineapple, the client network is open and the DHCP server will assign new clients with addresses in the 172.16.42.0/24 range