• Have a client connect to an AP. Use whatever security mechanism you like.

    Install CommView for WiFi on a laptop, capture a beacon from the AP, save it as a template, and then use CommView for WiFi's frame generator tool to customize the beacon to have channel 0 and the same SSID and BSSID of the legitimate AP. Transmit the beacon every 102.4 milliseconds (to simulate a real AP).

    See what happens to the client. Please explain what happened here on the forum.



  • Sounds like a Beacon poisoning attack. I remember reading about this a few months ago as one of the DoS attacks that will be prevented with 802.11w protected management frames.

  • Hi Devin:

    What is channel zero?

    Is the fake beacon stream transmitted on the same channel as the original?

    Thanks. /criss

  • Yes, the fake beacon is a replica of the original with a different channel number.

    Here's more info:

    Yes, the spoofed beacons are transmitted on the same channel as the real beacons.

Page 1 of 1
  • 1