WiFi Pineapple Mark VII
  • WiFi Pineapple Mark VII
  • Setup
    • Connecting the WiFi Pineapple
    • Setting up your WiFi Pineapple
    • Connecting to the WiFi Pineapple on Linux
    • Connecting to the WiFi Pineapple on Windows
    • Setting up the WiFi Pineapple over WiFi
    • Setup by USB Disk
  • UI Overview
    • Introduction to the UI
    • Dashboard
    • Campaigns
    • PineAP
    • Recon
    • Handshakes
    • Modules
    • Settings
    • Cloud C²
  • Developer Documentation
    • Developer Resources
    • Contributing to the Module Repository
  • WiFi Basics
    • Introduction to WiFi
    • Radios and Chipsets
    • Stations and APs
    • Transmit Power
    • Antennas
    • Channels and Regions
    • Protocols
    • Modes of Operation
    • Logical Configurations
    • MAC Addresses
    • Broadcast and Multicast MAC Addresses
    • SSIDs
    • 802.11 Frame Types
    • 802.11 Frame Structure
    • Management Frames
    • Frame Injection
    • Association and State
  • FAQ / Troubleshooting
    • MacOS Support
    • Establishing an Internet Connection
      • Configuring a Client Mode Connection
      • ICS on Linux
      • Configuring ICS on Windows
      • Configuring a USB Ethernet Adapter
    • Password Reset
    • Factory Reset and Recovery
    • WiFi Pineapple Updates
    • WiFi Pineapple Beta Updates
    • Compatible 802.11ac Adapters
  • Extras
    • MK7 LED Mod Installation
    • MK7 Kismet Case Installation
Powered by GitBook
On this page

Was this helpful?

  1. WiFi Basics

Management Frames

To enable the joining and leaving of a Basic Service Set, management frames contain subtypes such as beacon, probe, association, and authentication.

Beacon frames come in only one variety, and advertise the presence of an access point. They contain everything a client needs to know about a network in order to connect, including the SSID, supported data rates, protocol and other parameters pertinent to the APs modulation. Access points regularly transmit beacons, typically several times per second, to the broadcast address.

Beacon frames are essential for network discovery. When a client passively scans for nearby access points, it does so by listening for beacon frames. Typically this is done in conjunction with channel hopping, whereby a client will listen on each channel for a brief period before moving on to the next.

Probe frames further network discovery and come in two variety, probe requests and probe responses. Probe requests are transmitted by clients seeking access points. Probe responses are the access point’s replies to these client requests.

When a probe request is transmitted by a client seeking an access point, this is considered active scanning. The client will transmit to the broadcast address either a general probe request or a directed probe request. The former simply asks “what access points are around” while the later specifies the particular SSID for which the client seeks.

The probe response includes all of the basic information about the network also included in the beacon frame.

Association frames come in five forms: the association request, association response, reassociation request, reassociation response, and disassociation. Respectively, these can simply be thought of as “I’d like to be friends”, “Ok, we will/won’t be friends”, “Remember me, I’m your friend”, “I do/don’t remember you” and “Get lost, friend”.

Similar to probe frames, the requests are transmitted by clients while the responses by access points. Disassociation frames in particular are sent by any station wishing to terminate the association. This is the graceful way to ending an association, giving the station a heads up that the conversation is over and allowing it to free up memory in the association table.

Authentication frames are similar to association frames in that they enable the relationship between client and access point to form. Originally only two security states existed for WiFi – Open or Wired Equivalent Privacy (WEP). The later is a broken and deprecated technology which has given way to more secure schemes such as WPA2 and 802.1X. For this reason authentication frames are almost always open, regardless of the security state, with the actual authentication handled by subsequent frames after the station is both authenticated and associated. In this case a client will send an authentication request with the access point sending an authentication response.

Deauthentication frames act similar to disassociation frames and are sent from one station to another as a way to terminate communications. For example, an access point may send a deauthentication frame to a client if it is no longer authorized on its network. When this unencrypted management frame is spoofed by a third party, the technique is often called a deauth attack.

Last updated 3 years ago

Was this helpful?