Forum

Passive v Active scanning.

2 posts by 2 authors in: Forums > CWNA - Enterprise Wi-Fi Admin
Last Post: August 26, 2013:
  • By OG150
    Reply

    Hi all, apologies for what sounds like a straightforward question, but I have just read something in a training course manual (I won't disclose the provider) which has thrown my understanding......

    I thought the following was the flow of events for PASSIVE scanning and association:

    1. Wireless client displays all the beacons he has 'heard' (list of SSIDs).
    2. User clicks on the SSID he wants to connect to.
    3. Wireless client sends an authentication request to the AP.
    4. AP responds with an authentication response to the wireless client.
    5. Wireless client sends an association request to the AP.
    6. AP responds with an association response to the wireless client.
    7. Wireless client is connected to the wireless network.
    NOTE: At no point were probe request/responses used in the above!

    I thought the following was the flow of events for ACTIVE scanning and association:

    1. Wireless client sends a probe request for the SSID he wants to connect to.
    2. AP with the SSID configured sends a probe response to the client.
    3. Wireless client sends an authentication request to the AP.
    4. AP responds with an authentication response to the wireless client.
    5. Wireless client sends an association request to the AP.
    6. AP responds with an association response to the wireless client.
    7. Wireless client is connected to the wireless network.
    NOTE: At no point were beacons used in the above!

    My questions are:
    1. The content I have seen states that (for ACTIVE scanning) the wireless client receives the beacon first and then sends the probe request. If that is true, what is the point of using probe requests - just use the beacons right?
    2. The only reason I can see for using probe requests is to connect to SSIDs that do not broadcast the SSID inside beacons? In other words, you have to ask for SSID 'xyz' because it is not broadcasted.

    Can anyone help clarify the above, I'd be very grateful.

    Thanks
    Darren

  • By Howard
    Reply

    DJ,

    From your descriptions, you obviously you understand the difference between Active and Passive Scans!

    Other than ACK processing, security considerations, and perhaps DHCP post processing you've got it right. Unfortunately the operator does not dictate whch type of scan is used - the client device does.

    There are several considerations which may dictate the probe request/response mechanism. Occaisionaly, a manufacturer just doesn't understand how the mechanism is supposed to work. More likely, they have run into some circumstance(s) that necessitate this behavior. BTW is this a Wi-Fi certified device?

    Probably the biggest reason to probe after listening, is that just because the client can hear the AP, does not mean that the AP can hear the client. This can happen with lower power mobile devices. This approach makes for less network congestion and also makes the remaining authentication/association logic simpler.

     You should ask for clarification.

Page 1 of 1
  • 1