Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
ehamud
Staff
Staff

Created on ‎03-22-2023 11:11 PM

Article Id 249956

Technical Tip: Beacon management frame under FortiAP-421E

Description

 

This article describes Beacon's management frame.

 

Scope

 

All 802.11 technologies.

 

Solution

 

All access points, stations, and IBSS use Beacon frames, are fundamental to create a communication based on WLAN networks. The beacon announces the presence of an Access Point nearby, and therefore the device can be connected to the network.

 

Let´s analyze the format making a comparison with one FortiAp421E, as it is visible, there are some mandatory fields and some optional fields.

 

ehamud_0-1679505250733.png

 

It is possible to obtain a frame packet capture using a wireless card that supports monitor mode in combination with aircrack-ng and airodum-ng all under a Linux distribution system.

 

# airmon-ng start <interface>

# airodump-ng --band abg <interfaceMonitormode>

 

Some beacon Frames are already captured from the FortiAP421E, use this filter: wlan.fc.type_subtype == 8

 

- Timestamp (8 byte): It represents the time in microseconds the Access points have been active.

- Beacon Interval (2 byte): It represents the number of time units; the default value is 100TU (102.4 milliseconds).

 

ehamud_0-1679505339391.png

 

- Capability Information (2 byte):  It shows us the number of subfields used for optional capabilities.

 

ehamud_1-1679505339397.png

 

- SSID (variable): Service Set Identifier is present in other frame types of probe request, probe response, association request, and re-association request, when an SSID is hidden, the element ID is 0. Consider if an SSID name is given to not exceed more than 32 characters.

 

ehamud_2-1679505339400.png

 

- Supported Rates(variable): It is possible to find out in Beacons, Probe Req, Probe Res, Association Req, Association Res, Reassociation Req, and Re-association Response. The FortiAP is supporting these rates.

 

ehamud_3-1679505339404.png

 

- DS parameter set (2 byte): Can be generated by stations using Clause 15, 18, or 19 PHY.

 

ehamud_4-1679505339407.png

 

- Traffic Indication Map: It contains information for stations in low-power mode. Every AP uses DTIM to inform if it has broadcast or multicast frames buffered.

 

ehamud_5-1679505339409.png

 

- Country: It regulates the channels or power level allowed in their regulatory domain.

 

ehamud_6-1679505339414.png

 

- Power Constraint: Dedicated for UNII2 & UNII-2 extended (CH52,56,60,64 & CH100-139) used for weather radar, and airport radar, is related to 802.11h DFS.

 

ehamud_7-1679505339417.png

 

- RSN Information: Authentication Cipher, Encryption Cipher, and other RSN capabilities of stations will be discovered. In the FortiAP WPA2 RSN IE - PSK / CCMP = 00-0F-AC-04 CCMP is used.

 

ehamud_8-1679505339422.png

 

- HT Capabilities: Used in 802.11n It shows us values supported by the wireless network including the Modulation Coding Schemes, used by a FortiAP and device for sending unicast traffic.

 

ehamud_9-1679505339427.png

 

- VHT Capabilities: Used in 802.11ac.

 

ehamud_10-1679505339430.png

 

VHT Operation: The FortiAP works at 20MHz or 40MHz channel width.

 

ehamud_11-1679505339432.png

 

- Vendor Specific: Related to the cipher suite selector, it includes four bytes long and it starts with an OUI for the vendor.

 

ehamud_12-1679505339436.png

708
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.