Wi-Fi
IEEE 802.11
Types of Wi-Fi
The main types include WEP, WPA, WPA2, and WPA3, each progressively enhancing security standards.
WEP Wired Equivalent Privacy
The original WiFi security protocol, WEP, provides basic encryption but is now considered outdated and insecure due to vulnerabilities that make it easy to breach.
WPA WiFi Protected Access
Introduced as an interim improvement over WEP, WPA offers better encryption through TKIP (Temporal Key Integrity Protocol), but it is still less secure than newer standards.
WPA2 WiFi Protected Access II
A significant advancement over WPA, WPA2 uses AES (Advanced Encryption Standard) for robust security. It has been the standard for many years, providing strong protection for most networks.
WPA3
WiFi Protected Access III
The latest standard, WPA3, enhances security with features like individualized data encryption and more robust password-based authentication, making it the most secure option currently available.
The Connection Cycle
The general connection cycle follows this sequence.
Beacon FramesProbe Request and ResponseAuthentication Request and ResponseAssociation Request and ResponseSome form of handshake or other security mechanismDisassociation/Deauthentication
Frame Types
In 802.11 communications, there are a few different frame types utilized for different actions
00
Management
Allowing the access point and client to control the active connection
01
Control
Managing the transmission and reception of data frames within wi-fi networks (quality control)
10
Data
Contain data for transmission
00 - Management Frame Sub-Types
00 - Management Frame Sub-Types1000
Beacon Frames
Used by the access point to communicate its presence to the client or station (info such as supported ciphers, authentication types, its SSID, etc.)
0100
Probe Request
Allow the client to discover nearby access points. Client will send a probe request with the SSID of the access point
0101
Probe Response
The access point will then respond with information about itself for the client.
1011
Authentication Request and Response
Authentication requests are sent by the client to the access point to begin the connection process. These frames are primarily used to identify the client to the access point.
0000
Association Request
The client sends an association request to the access point.
0001
Association Response
The access point then responds with an association response to indicate whether the client is able to associate with it or not.
0010
Reassociation Request
Similar to Association Request
0011
Reassociation Response
Similar to Association Response
1010
Disassociation
Sent from the access point to the client and they are designed to terminate the connection between the access point and the client (contains reason code).
1100
Deauthentication
Similar to Disassociation
Wireshark Filter
(wlan.fc.type == 0) && (wlan.fc.type_subtype == 8)Handshake in WPA2
eapolAuthentication Methods
There are two primary authentication systems commonly used in WiFi networks: Open System Authentication and Shared Key Authentication.
Open System Authentication
Not require any shared secret or credentials right away. This authentication type is commonly found for open networks that do not require a password.
Shared Key Authentication
Involves the use of a shared key. In this system, both the client and the access point verify each other's identities by computing a challenge-response mechanism based on the shared key.
WEP
WPA
Interface
Choose an interface with
IEEE 802.11ac or IEEE 802.11ax support (2.4G and 5G)
Monitor Mode and Packet Injection
See Airgeddon.
Modes
Managed
Act as a client or a station (Default).
Master
Act as a access point/router.
Ad-hoc
Essentially this mode is peer to peer and allows wireless interfaces to communicate directly to one another.
Mesh
We can set our interface to join a self-configuring and routing network.
Monitor
Also called Promiscuous. Can capture all wireless traffic within its range, regardless of the intended recipient.
Last updated
Was this helpful?