Understanding wireless beacon packet ( captured using pcap API’s )

As per Wikipedia, Beacon frame is one of the management frames in IEEE 802.11 based WLANs. It contains all the information about the network. Beacon frames are transmitted periodically, they serve to announce the presence of a wireless LAN and to synchronise the members of the service set. Beacon frames are transmitted by the access point (AP) in an infrastructure basic service set (BSS). In IBSS network beacon generation is distributed among the stations. For the 2.4 GHz spectrum, having more than 15 SSIDs on overlapping channels (or more than 45 in total) and beacon frames start to consume significant amount of air time and degrade performance even when most of the networks are idle.

As we have already captured the wireless packets using tcpdump into pcap file, we will just analyse how the beacon packet actually looks like,

$ hexdump -C understand_beacon_pkt.pcap -n 393 | cut -c 11-59
d4 c3 b2 a1 02 00 04 00 00 00 00 00 00 00 00 00
ee 05 00 00 7f 00 00 00 10 30 60 56 5e 5d 0d 00
89 01 00 00 89 01 00 00 00 00 1a 00 2f 48 00 00
0a 6a 30 00 00 00 00 00 02 18 6c 09 c0 00 d0 00
00 00 50 00 30 01 08 ec a9 e8 1b 64 30 b5 c2 93
8a 13 30 b5 c2 93 8a 13 b0 2c fb 87 be b1 00 00
00 00 64 00 11 04 00 09 43 48 45 4d 49 4c 49 46
45 01 08 82 84 8b 96 12 24 48 6c 03 01 01 2a 01
04 32 04 0c 18 30 60 2d 1a 6e 11 16 ff 00 00 00
01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 3d 16 01 05 06 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 30 14 01 00 00
0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00
00 dd 18 00 50 f2 02 01 01 00 00 03 a4 00 00 27
a4 00 00 42 43 5e 00 62 32 2f 00 4a 0e 14 00 0a
00 2c 01 c8 00 14 00 05 00 19 00 7f 04 00 00 00
01 dd 07 00 0c 43 00 00 00 00 07 06 49 4e 20 01
0d 10 dd 9d 00 50 f2 04 10 4a 00 01 10 10 44 00
01 02 10 3b 00 01 03 10 47 00 10 bc 32 9e 00 1d
d8 11 b2 86 01 30 b5 c2 93 8a 13 10 21 00 18 52
61 6c 69 6e 6b 20 54 65 63 68 6e 6f 6c 6f 67 79
2c 20 43 6f 72 70 2e 10 23 00 1c 52 61 6c 69 6e
6b 20 57 69 72 65 6c 65 73 73 20 41 63 63 65 73
73 20 50 6f 69 6e 74 10 24 00 06 52 54 32 38 36
30 10 42 00 08 31 32 33 34

As we see above, we captured a wifi beacon packet in a .pcap file using PCAP API’s. The pcap file contains a global header at the start of the .pcap file, details of which can be found at http://www.lynxbee.com/understanding-pcap-file-format-part-i-global-header/

So, this initial 40 bytes contains global header,

Follow Lynxbee

Leave a Reply / Ask Question