• I am using CommView for Wifi for protocol analysis and working through trying to identify all the different frame types and exchanges and see what they look like in practice.

    I have a client which I power up whilst running the protocol analyser.

    I see an initial MNGT/Probe Request frame to broadcast address (what I expected). I then see a probe response from the nearby AP (also what I expected). This exchange is then repeated.

    I then see another MNGT/Probe Request frame to broadcast address followed by three probe response frames.

    The above repeats with various numbers of probe responses coming back to a request and then eventually we get a MNGT/AUTH frame and off we go and authenticate/associate.

    I am just wondering if this is expected behaviour?

    I would have expected the station to try and authenticate as soon as it received the first probe response.


    CWAP hopeful...

  • Hi Andrew of UK:

    I see this all the time.

    A 2.4 GHz (DSSS, HR/DSSS, and ERP) client in the USA typically will send a multicast probe request on each of the eleven channels, waiting a moment after each one to receive any response(s).

    A beacon producer (access point or IBSS client) that hears a probe request will send a unicast probe response, and retransmit until it gets an ACK or reaches its retransmit limit.

    The less expected part comes when the transmission on, for example, channel 6 is heard with varying degrees of signal strength on channels 2 through 10, prompting probe responses from beacon producers in all those channels, and sometimes leaving a trail of retransmission attempts.

    After probing all the channels the client picks the service set that is most appealing to itself based on potentially a long list of features. Fortunately each probe response carries with it the channel number of the sender.

    Since a protocol analyzer can only tune to one channel at a time, and yet receives some but not all frames transmitted on nearby channels, sorting out the reason for each captured frame is a challenge in deed.

    This is not so messy in the 5 GHz OFDM world where the channels barely overlap if at all.

    I hope this helps. Thanks. /criss

  • Hi Criss

    Thanks for the response.

    sorting out the reason for each captured frame is a challenge in deed.

    This is the reason for attempting CWAP - new challenge needed!



Page 1 of 1
  • 1