What is a Beacon Interval? | CWNP - Guest Blog

What is a Beacon Interval? | CWNP - Guest Blog

By Mohammad Razavi, CWNA, CWDP, CWAP, CWSP, CWISA On 10/05/2022

Wikipedia defines a beacon as "an intentionally conspicuous device designed to attract attention to a specific location. A common example is a lighthouse, which draws attention to a fixed point that can be used to navigate around obstacles or into port."

In computer networking and specifically wireless technologies, the beacon is used for transmitting frames (management type) that show the presence of the base station (Access Point, or AP), which broadcasts not only the SSIDs but also some other important information as well.

There are three distinct types of frames transmitted when we use Wi-Fi. In each of the three types, there exist subtypes (for example, the Beacon is a subtype of the Management type). Those frame types are:

• Management frames
• Control frames
• Data frames

The management frames are used to manage the wireless network, which we call the BSS (Basic Service Set). These frames allow for associating, authenticating, etc. of clients who connect to the same BSS.

To better understand the frame in wireless protocols, imagine there is a big container, and this container is a collection of some small containers which do not serve any purpose up until they come together and form one big container.

Now, think of the same container as a frame. The frames are divided into small parts that, by themselves, do not have any meaningful purpose until they come and work together.

Let me show you in a simple diagram what I mean. For this blog, I'll try to make it as simple as possible.

Figure 1 - 802.11 Frame Format

As you can see, the frame is divided into several parts, which are then divided into further parts. For example, the Frame Control part (field) is broken into several sub-parts (subfields). I'll focus on the first three subfields for this article.

• Protocol version: which in our case is always shown by 00, which is to indicate that 802.11 (Wireless) is in use.
• Type field indicates the following:
• (00 - means it is management frames)
• (01 - means control frames)
• (10 - means data frames)

Each one of the aforementioned has different subtypes, for example, management frames have the following Subtypes:

• 0000 - Association Request
• 0001 - Association Response
• 0010 - Re-association Request
• 0011-Reassociation Response
• 0100 - Probe Request
• 0101 - Probe Response
• 0110-Timing Advertisement
• 0111-Reserved
• 1000-Beacon
• 1001-ATIM
• 1010-Disassociation
• 1011-Authentication
• 1100-Deauthentication
• 1101-Action
• 1110-Action No Ack(NACK)
• 1111-Reserved

You may be wondering why I used this type of numbering to show the frame subtypes. The reason is that these subtypes are based on 4 bits (binary values) which start from 0, which is the Association Request frame, and the last subtype in the management type is number 15. which in total gives us 16 subtypes. This type of numbering has another benefit, which is to help us filter these subtypes in protocol analyzers such as Wireshark.

In this blog, we focus mainly on the Beacon subtype, which is 1000 in binary or number 8.

The beacon frame is generated by the AP for the BSS to provide information about its network capabilities and timestamps. It is transmitted periodically, in specific every 102.4 milliseconds or 1024 microseconds. In the documentation, they call this interval the Target Beacon Transmission Time (TBTT). It is the time at which a node (AP in a BSS, Station when in ad hoc mode (IBSS)) must attempt to send the beacon to the stations which are listening for it.

Let me show you a beacon frame by using the following filter in Wireshark to show the beacon frames based on an SSID. You can use the same and replace "XYZ" with your SSID: "wlan.ssid==xyz&&wlan.fc.type_subtype==8"

Figure 2 - Wireshark Beacon Frame Delta time is 0.1024

Figure 3 - Wireshark Beacon Frame Delta time

You may be wondering why the number 102.4 is not the exact number as shown in the frame capture in the delta time column. It's because the AP was not allowed to transmit the beacon at that particular moment. It is because, in Wi-Fi, we are dealing with "Shared Medium." The medium belongs to every wireless-capable device to transmit data across the air.

Therefore, there must be a system in place to avoid collisions among those frames over the air so everyone can talk as required without interference.

For this purpose, the researchers implemented the idea of using Carrier Sense Multiple Access with Collision Avoidance, in short, CSMA/CA, approaches to control the shared medium. That transmitter is going to make sure that there is no significant energy in the air by sensing it before it can transmit data.

As you can see in Figure 3, the delta time between frames No.1492 and 1537 is more than 200 milliseconds. So there must be something in between using the medium which did not give any chance for the beacon frame to be broadcast. Let's deep dive and see what was happening in between. I am going to remove the filter and try to see what was transmitted during that time in between.

Figure 4 - Frames between 1492 and 1537

As you can see, there are multiple management and data frames in between and before our designated AP found an opportunity to transmit its Beacon frame.

That is why you see different timing in Beacon intervals during the capture as some more than that value of 102.4 ms, which is directly related to the channel utilization and contention. The more data is on the air, the less likely the transmitter can broadcast the Beacon frame.

In the following screenshot, you can see some Beacon frames are out of the ordinary, which is normal (Not-Preferred) in an environment with multiple SSIDs broadcasted over a single AP, which creates management overhead.

Figure 5 - Delta Time Column showing beacon interval of more than 1024 microseconds

As previously mentioned, the beacons are not just providing information related to their network. they are also helping all the stations in the network to change their local clocks and synchronize.

Conclusion

Beacons are very important frames to manage the wireless network. However, there are some design criteria that a designer must follow to have an effective network with reliable performance. The first and foremost is to reduce management overhead.

The simple solution to reduce management overhead is to reduce the number of SSIDs per AP.

In my lab, I created three different SSIDs on the same AP. The less SSID each AP has, the less management overhead it produces and, consequently the less channel utilization and more chance for other wireless-capable devices to transmit and receive data across the medium.

*-BSSID: Basic Service Set is the term used to describe a collection of Wireless-Capable devices connecting to the AP to be able to communicate together and transmit data.

**-IBSS: Independent Basic Service Set, Is the simplest IEEE 802.11 simplest type of network which does not need any infrastructure to be able to connect and transmit data. The other term used for this type of network is Ad-Hoc.

Tools Used for the Lab

• MacBook Pro
• ARUBA AP (3 SSID's)
• iPhone 11 (To generate traffic)
• Wireshark
• Airtool 2

Tagged with: cwnp, beacon interval, 802.11 beacon interval, cwap, wifi beacon interval

Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.