Wireless Fundamentals: Beacon Frame

Beacon 

Beacon is a management frame in the 802.11 wireless networking. It is periodically transmitted by an Access Point (AP) and serves as the first information a client device receives when looking to connect to a wireless network. Beacons help client devices understand available networks, synchronize with the AP, and make initial connection decisions.

Importance of Beacons in Wireless Communication

From a client device's perspective, the beacon frame services many purposes which is not just limited to initial connection. It helps client devices in following ways:
 
Identify the Wireless Network: It provides essential information about available networks, allowing the client to recognize which networks are within range.
Time Synchronization: Beacons help synchronize the timing between the AP and client devices, which is crucial for efficient communication.
Supports Roaming: Beacons allows roaming clients to discover new APs and assess when to transition from one AP to another. 

Following image shows the Beacon Frame Structure and its components, which we would elaborate in the later section. 




Let's understand the Key Components of a Beacon Frame and visualize them using a Wireshark Capture:

MAC Header of 802.11 Beacon Frame contains following main components as showing in the image below::




1. Frame Control Field (0x8000):
  • Version: This is set to 0, indicating the current 802.11 version.
  • Type: The value is 0, which signifies this frame as a "Management" frame.
  • Subtype: Set to 8, indicating it is specifically a "Beacon" frame.
Flags: The flags shows the following sub components:
  • To DS / From DS: Both are 0, as the beacon frame is not leaving or entering a distribution system (DS); it's simply being broadcasted by the AP.
  • More Fragments: 0 as the beacon is never fragmented.
  • Retry: 0 as beacons are sent periodically without retransmissions; they do not require an acknowledgment (ACK).
  • Power Management (PWR MGT): 0 since the AP will stay active and is not in power-save mode.
  • More Data: 0 because no buffered data is sent with this beacon.
  • Protected Flag: 0 since the beacon data itself is typically not encrypted.
  • Order: 0 as the frame is not transmitted in strictly ordered fashion.

2. Duration (0x0000): Always set to 0 for beacon frames since they do not have any follow-up frames that would require a duration.

3. Address Fields:
  • Receiver Address (RA): Broadcast address (ff:ff:ff:ff:ff:ff), as beacons are intended for all client devices in range.
  • Destination Address (DA): Also set to the broadcast address, ff:ff:ff:ff:ff:ff, to reach all devices.
  • Transmitter Address (TA): The MAC address of the transmitting access point (e.g., RuckusWi_97:e0:4c), which uniquely identifies the RUCKUS AP as the Transmitter.
  • Source Address (SA): Same as the transmitter address (0c:f4:d5:97:e0:4c), identifying the originator of the frame.
  • BSS ID: MAC address of the Basic Service Set (BSS), which is typically the same as the AP’s MAC address for the respective WLAN. Here, it’s 0c:f4:d5:97:e0:4c.

4. Fragment Number (0): Always 0 as beacon frames are not fragmented.

5. Sequence Number (889): This is a unique sequence number for the beacon frame, incrementing with each successive beacon transmission. The next beacon's sequence number would be 890.

Fixed Parameters: 

The fixed parameters of a beacon frame provide critical timing and capability information about the network. These fields have fixed lengths and are essential for informing client devices about the network’s current status and capabilities. Following Wireshark capture shows the Fixed Parameters of a Beacon Mgmt Frame:


1. Timestamp: A 64-bit field that helps client devices synchronize their clocks with the AP’s clock, enabling time-sensitive functions within the network. The timestamp field indicates the uptime of the BSS in microseconds, which is set by the AP’s internal clock.. This synchronization is crucial for time-sensitive tasks and maintaining consistent communication timing across the network.

2. Beacon Interval: (0.102400 seconds or 100 Time Units (TUs)) The beacon interval defines how frequently the AP sends beacon frames. Here, the interval is set to 100 TUs, with each time unit representing 1.024 milliseconds, making the interval approximately 102.4 milliseconds. This information is crucial for client devices, particularly those in power-saving mode, as it helps them manage when to wake up and listen for beacons. 

Capability Information: 

This 16-bit field provides information about the AP’s capabilities, including supported data rates, security features, and operational modes (e.g., whether the AP supports short preamble, DSSS, or other protocols). Following is a breakdown of each component of the capability field: 

  1. ESS (Extended Service Set) capabilities (1): Indicates that the transmitter is an AP belonging to an infrastructure network (as opposed to an independent or ad-hoc network).
  2. IBSS (Independent Basic Service Set) status (0): Indicates that the transmitter does not belong to an IBSS, meaning this is not an ad-hoc network.
  3. CFP (Contention-Free Period) participation capabilities (0): Shows that there is no point coordinator, so no contention-free period is supported by the AP.
  4. Privacy (1): Indicates that the AP supports WEP (Wired Equivalent Privacy), suggesting the network is secured. This value signifies that clients will need authentication to join the network.
  5. Short Preamble (0): The AP does not support short preambles; only long preambles are allowed. Preambles help prepare devices for data reception, and using a long preamble can improve compatibility with older devices.
  6. PBCC (Packet Binary Convolutional Coding) (0): Indicates that PBCC modulation is not allowed. PBCC is an older modulation technique used in some legacy networks.
  7. Channel Agility (0): Channel agility is not used, meaning the AP does not dynamically change channels to avoid interference.
  8. Spectrum Management (1): Spectrum management is implemented, meaning the AP can manage frequency spectrum usage, possibly to avoid interference with other networks.
  9. Short Slot Time (0): Short slot time for CSMA/CA (Carrier Sense Multiple Access with Collision Avoidance) is not supported. Short slot times improve efficiency but might not be compatible with legacy devices.
  10. Automatic Power Save Delivery (APSD) (0): APSD is not enabled. APSD allows the AP to deliver frames to client devices in power-saving mode, improving power efficiency.
  11. Radio Measurement (RM) (1): Radio measurement capabilities are implemented, meaning the AP can participate in radio measurement requests and responses, which can assist with network diagnostics and optimization.
  12. DSSS-OFDM (Direct Sequence Spread Spectrum - Orthogonal Frequency Division Multiplexing) (0): DSSS-OFDM modulation is not supported, indicating this network does not support certain legacy 802.11 standards.
  13. Delayed Block Acknowledgment (0): This feature is not implemented, meaning that the AP does not support delayed acknowledgment of block frames, a feature that can improve throughput in certain scenarios.
  14. Immediate Block Acknowledgment (0): Immediate block acknowledgment is also not implemented, meaning the AP does not immediately acknowledge aggregated frames.

Variables Components of Beacon:

The variable components of a Beacon frame provides network-specific information which is variable/dynamic and can change depending on the SSID configuration or supported features by the Radio. These components are transmitted as Information Elements (IEs). Following Wireshark Captures shows the Variable Component of a Beacon Frame:


  1. SSID (Service Set Identifier): The network name, which allows client devices to identify and differentiate the network from others. This field can be hidden, but when visible, it’s a key identifier.
  2. Supported Rates and Extended Supported Rates: These fields list the data rates supported by the AP, allowing clients to determine if they can operate at compatible speeds.
  3. Frequency and Channel Information: Provides the operating frequency or channel of the AP. This is essential for clients to connect on the correct channel and reduce interference.
  4. Traffic Indication Map (TIM): For networks supporting power-save features, TIM provides information on buffered data waiting at the AP for specific client devices.
  5. Country Information: Specifies the regulatory domain, which helps ensure compliance with local wireless regulations regarding power levels and frequency usage.
  6. Power Constraint: Indicates any constraints on power levels due to regulatory or environmental restrictions, which can affect transmission range and signal quality.
  7. ERP (Extended Rate PHY) Information: Applicable for 802.11g and newer networks, this field helps legacy devices understand coexistence requirements and access methods.
  8. RSN (Robust Security Network) Information: Specifies security protocols (like WPA2 or WPA3) and encryption methods used by the AP, enabling clients to ensure they connect securely.
  9. HT (High Throughput) Information: Found in beacons from 802.11n and newer APs, this field includes information on MIMO (Multiple Input Multiple Output) capabilities, channel bandwidth, and other high-throughput features.
  10. VHT (Very High Throughput) Information: For 802.11ac or newer networks, this field specifies details like spatial streams, bandwidth, and other enhancements that support higher speeds.
  11. HE (High Efficiency) Information: For 802.11ax (WiFi 6) networks, this field includes details on OFDMA (Orthogonal Frequency Division Multiple Access), MU-MIMO (Multi-User MIMO) for both uplink and downlink, 1024-QAM modulation, and Target Wake Time (TWT) for improved battery life.
  12. Extended Capabilities: An optional field that provides information on additional features, like QoS (Quality of Service), interworking, and other advanced capabilities.
  13. Vendor-Specific Information: Manufacturers may include proprietary information for specialized devices or functions within the network.

 


Comments

Post a Comment

Popular posts from this blog

Understanding RSSI and LQI Metrics of IOT

Image
 In the rapidly increasing adaption of Internet of Things (IoT), understanding  the basics network performance metrics is crucial for building reliable and efficient systems. Two fundamental metrics that play a n important role in the IOT Device communication are the Received Signal Strength Indicator (RSSI) and Link Quality Indication (LQI). Let's dive deep into what these metrics mean and why they matter for IoT implementations. Received Signal Strength Indicator (RSSI) RSSI serves as a fundamental measurement of RF power received by a wireless device. What makes RSSI particularly interesting is that it measures all RF power in a channel, regardless of the source. This means it captures: Signals from IEEE802.15.4 transmitters Interference from Bluetooth devices WiFi signals Background radiations This comprehensive measurement makes RSSI an essential tool for Clear Channel Assessment (CCA), helping devices determine if a channel is free befo...
Read more

Understanding "Invalid FTE" Error with 802.11r Roaming

Image
 When investigating Fast Transition (FT) roaming issues in enterprise wireless networks, packet captures often hold the key to diagnosis. Let's analyze this specific roaming failure case where a client fails to roam from one access point to another. Problem Statement: Random Devices are facing FT roaming issue and requires reauthentication.  While the problem statement sounds easy, capturing roaming failures could be challenging when the problem is random/intermittent. It is also important to know where to capture; Remember CWAP Guidelines? For roaming we need to capture near multiple AP's.  In this case we used RUCKUS AP Remote PCAP feature to stream captures from multiple AP's to the Wireshark and Voila! We were lucky to capture the failure  use case.  Now lets see what does it look like: The packet captures shows us an "Invalid FTE (0x0037)" error. FTE stands for Fast Transition Element, a critical component of the 802.11r protocol that facilitates seaml...
Read more

Association Failures with Legacy Printers due to Management Frame Protection- A Technical Analysis

Image
 Let's understand first, what is Management Frame Protection? Based on the IEEE 802.11w amendment, Protected Management Frames (PMF), also known as Management Frame Protection (MFP), is a security feature that provides integrity protection for both unicast and broadcast management frames, while also encrypting unicast management frames in the same way as data to provide confidentiality. Without the Protected Management Frames feature, all management frames are sent unprotected in the open. Transmitting open frames makes connections vulnerable to attack. To leverage Protected Management Frames, both the AP and the STA need to be capable of using it, and it must be activated for each encrypted Wi-Fi network of the AP. If those conditions are met, Protected Management Frames are automatically invoked during client association. Understanding Management Frame Protection Failures MFP is one of the common challenge when working with legacy devices in modern wireless networks. My recent t...
Read more