Intro to Wi-Fi Networks
Wi-Fi networks serve as local area connections that operate using wireless technology, specifically adhering to the 802.11 standard. Wi-Fi operates over specific radio frequencies, typically in the 2.4 GHz 5 GHz and 6 GHz bands. It’s interesting to note that 802 is a broader set of standards developed by the IEEE (Institute of Electrical and Electronics Engineers).
The 802.11 standard has become incredibly widespread in both residential and commercial networks. Its popularity stems from the convenience it offers, enabling a diverse range of devices such as laptops, IoT gadgets, and printers to connect to the network without the need for physical cables. These devices use wireless adapters to join the wireless LAN and access the network.
Wi-Fi Connection
When a Wi-Fi client (also called station) joins a network, two fundamental processes are involved: the WPA supplicant, which manages Wi-Fi Protected Access authentication, and the DHCP client, which obtains network configuration through the Dynamic Host Configuration Protocol. These two key process enables devices to connect to the internet wirelessly.
The WPA supplicant process handles the 802.11 Authentication and Association of the client with a BSSID. After 802.11 Authentication and Association, the 4-way handshake establishes a secure, authenticated connection between the client and the access point.
After authenticating, and associating to the network, the DHCP client requests a dynamic IP address. The client will use the IP address to connect to the network and exchange communication with the outside world. At this point, the client can connect to the internet through the wireless router, and multiple devices can access the internet simultaneously using the same Wi-Fi network.
802.11 Authentication and Association
At the beginning of the 802.11 Authentication and Association process, the client scans all of the available frequencies in search of SSIDs to join. The client sends probe request frames which contain supported data rates and 802.11 capabilities. These requests are transmitted as radio signals over multiple channels, allowing the client to discover available network connections. Access points in proximity reply with probe response frames that contain the SSID and BSSID, which corresponds to the access point’s MAC address.
When the client detects an SSID matching its configuration, it initiates an authentication request probe. The authentication request and response frames remain unencrypted. The 4-way handshake that follows establishes encryption.
The authentication request and response phase records the client’s MAC address. MAC filtering can use this information if implemented. If the network permits the client to connect, it associates itself with the access point boasting the stronger signal. The Wi-Fi access point is a key component of a wireless router that provides network connectivity within a home, enabling device mobility by allowing devices to connect and move freely within its coverage area.
Rowell Dionicio (host of ‘Clear to Send’ podcast), wrote a more detailed article on the 802.11 Authentication and Association process. Once the 802.11 Authentication and Association process completes, the WPA supplicant client initiates the 4-way handshake.
The 4-way Handshake Phase in WiFi Protected Access
How Wi-Fi work relies on secure authentication and encryption protocols to protect wireless communication.
The 4-way handshake is used to authenticate the WiFi client and encrypt all communications with the access point. The client’s WPA supplicant and the access point’s authenticator establish the handshake by exchanging EAPoL frames.
Modern Wi-Fi security protocols, such as WPA2, use the Advanced Encryption Standard (AES) to enhance network security. Earlier protocols like Wired Equivalent Privacy (WEP), introduced in 1999, are now considered obsolete and insecure due to significant vulnerabilities and should not be used to protect wireless networks.
SSIDs with WPA2-Personal settings use a pre-shared key during the 4-way handshake process. SSID with WPA2-Enterprise settings execute an EAP transaction with the 802.1x authentication server (Radius). Wi-Fi Protected Setup (WPS) was introduced to simplify the connection process, but it can present security risks and is vulnerable to certain types of attacks.
This article won’t cover the details of how the 4-way handshake process works. Read the 4-way handshake article written by Rowell Dionicio to learn more about it. You can also read the 802.1x Wikipedia page and the page on the IANA website about EAP methods.
Once the 4-way handshake completes, the client can now request an IP address to complete the connection.
WPA Supplicant and Logs
In Linux, the 802.11 Authentication and Association and the 4-way handshake are handled by the WPA supplicant process. The following table reports the different stage transitions that the WPA supplicant process logs. The default location of the file on many Linux distributions is /var/log/wpa_supplicant/wpa_supplicant.log.
| State transition logged | Meaning |
|---|---|
| SCANNING -> ASSOCIATING | The WiFi client has completed the scan and has initiated the 802.11 Authentication and Association |
| ASSOCIATING -> ASSOCIATED | The 802.11 Authentication and Association process is completed |
| ASSOCIATED -> 4WAY_HANDSHAKE | The WiFi client has begun the 4-way handshake |
| 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE | The 4-way handshake is occurring |
| 4WAY_HANDSHAKE -> GROUP_HANDSHAKE | The 4-way handshake is completed and the exchange of the group keys has begun |
| GROUP_HANDSHAKE -> COMPLETED | The group keys exchange is completed |
This article by Panos Vouzis explains how to read WPA logs in Linux
Getting a DHCP address via D-O-R-A
Once the 4-way handshake completes, the client moves to the “network phase” of the connection to request a dynamic IP address. Getting a DHCP address for WiFi clients is the same process as it is for Ethernet ones. While a wired connection uses physical cables to communicate with the DHCP server, a wireless connection relies on radio waves to establish communication and obtain an IP address. The DHCP transaction between the DHCP client and the server is called D-O-R-A. This acronym relates to the frames exchanged during the transaction between client and server (see below image).
The transaction begins with a DHCP discovery frame. Here, the DHCP client sends broadcasts to all the hosts in the local subnet. If a DHCP server is available, it replies with a DHCP offer that contains an IP address available for use.
Then, the client verifies with an ARP lookup that no other hosts are using the address offered by the server. If no other host replies to the ARP request, the client confirms the intent to use that IP with a DHCP request. The DHCP server acknowledges the IP address confirming with a DHCP acknowledgement. That marks the end of the D-O-R-A transaction.
Reading DHCP logs
This section will help you troubleshoot DHCP issues on a WiFi client running Linux. I recommended that you configure the dhclient to log messages on /var/log/dhcpd.log rather than sending them to syslog. This way, it will be easier to review DHCP logs.
In the dhcpd.log, you’ll find messages containing the following strings for the D-O-R-A transaction:
- DHCPDISCOVER
- DHCPOFFER
- DHCPREQUEST
- DHCPACK
- How to use DHCP hooks on Linux
The DHCP state machine exchanges these D-O-R-A messages while it’s in the PREINIT to BOUND stage transition. Here’s a list of the most important DHCP stages that will help you troubleshoot what’s going with the DHCP process.
| Stage | Meaning |
|---|---|
| PREINIT | In this state, the DHCP client is initializing. |
| BOUND | The client has obtained a DHCP lease. |
| RENEW | The client is trying to renew its DHCP lease. |
| REBIND | The client didn’t renew the lease on time and requests a lease extension to any available server. |
| TIMEOUT | The client timed out and didn’t get a DHCP lease from a server. |
| FAIL | The client failed to obtain a DHCP lease for some other reasons. |
If you want to learn more about DHCP messages, check out the IANA page on DHCP. For more information about the DHCP stages, check out the online TCP/IP guide on DHCP
Wi-Fi Connection Methods
There are several ways to establish a Wi-Fi connection, each suited to different needs and environments. The most common method involves a wireline internet connection, such as fiber cable, a DSL or cable line connected to a wireless router. This setup creates a wireless network within a home or office, allowing multiple devices to access the internet connection without the need for ethernet cables.
Another popular method is using a mobile hotspot, which leverages a cellular network to provide internet access. Mobile hotspots can be created using smartphones or dedicated portable routers, making it easy to share a WiFi connection with other devices while on the go. This is especially useful for travelers or in locations where traditional wired connections are unavailable.
For residential internet access in areas without reliable wired infrastructure, LTE and 5G wireless networking technology offer high-speed internet through cellular networks. These connections use a wireless router or gateway that communicates directly with the cell phone carrier’s network, providing internet access to all connected devices.
Each WiFi connection method has its own advantages and disadvantages. Wired connections with a cable modem and wireless router typically offer the most stable and high-speed internet access, while mobile hotspots and cellular-based solutions provide flexibility and mobility, though they may be affected by signal strength and data limits.
Devices and Wi-Fi
A wide range of devices can connect to a Wi-Fi network, making wireless internet access both versatile and convenient. Desktop computers, laptops, mobile phones, smart TVs, and game consoles all use built-in or external wireless adapters to detect and join available Wi-Fi networks. These wireless adapters are responsible for converting radio waves, transmitted by the wireless router or access point, into digital data that the device can process.
Once connected to the same Wi-Fi network, these devices can access the internet, stream high-definition content, play online games, and communicate with other devices on the local network. For example, a smart TV can stream movies, while a desktop computer downloads files, and mobile phones browse the web – all simultaneously, thanks to the shared wireless signal.
The ability to connect multiple devices to a single Wi-Fi network not only provides seamless internet access but also enables device-to-device communication, such as file sharing or media streaming within the home. As more devices become WiFi-enabled, from smart home gadgets to IoT sensors, the importance of reliable wireless connectivity continues to grow.
Public Wi-Fi Considerations
Public Wi-Fi networks are widely available in places like coffee shops, airports, hotels, and libraries, offering convenient internet access for mobile devices and laptops. However, these networks often lack robust security protocols, making them vulnerable to cyber threats such as hacking, data interception, and unauthorized access.
When using public Wi-Fi, it’s important to take precautions to protect your personal information and devices. Avoid accessing sensitive data, such as online banking or confidential work documents, over unsecured networks. Using a virtual private network (VPN) can add an extra layer of security by encrypting your internet traffic, making it more difficult for attackers to intercept your data.
While public Wi-Fi networks are convenient for checking emails or browsing the web in coffee shops and other public spaces, always be mindful of the potential risks. Ensuring your device’s security settings are up to date and being cautious about the information you access can help keep your data safe when connected to public WiFi.
Internet Speed and Performance
The speed and performance of your Wi-Fi connection play a crucial role in your overall online experience. Several factors influence Wi-Fi speed, including the quality of your wireless router, the capabilities of your internet service provider, and the number of devices connected to the network at the same time.
Modern wireless routers, especially those supporting the latest Wi-Fi standards, can deliver faster speeds and handle more simultaneous connections. Internet service providers offer a range of internet service plans, so choosing the right plan for your household or business needs is essential for optimal internet speed. Activities like streaming high-definition video, online gaming, and video conferencing require a fast and reliable internet connection to avoid buffering and lag.
Wi-Fi speed can also be affected by physical obstacles, interference from other wireless devices, and the distance between your device and the router. Regularly updating your wireless router’s firmware and placing it in a central location can help maximize your Wi-Fi speed and ensure a stable internet connection for all your devices.
Wi-Fi Technology and Evolution
WiFi technology has undergone significant advancements since its introduction, continually improving speed, reliability, and capacity. The first widely adopted WiFi standard, 802.11b, launched in 1999 and operated on the 2.4 GHz frequency band, providing basic wireless local area network connectivity. Subsequent standards, such as 802.11a and 802.11g, introduced support for additional frequency bands and higher data rates.
The evolution continued with 802.11n and 802.11ac, which brought faster speeds, greater range, and support for multiple devices on the same WiFi network. The latest standards, 802.11be, also known as WiFi 6, operates on both the 2.4 GHz and 5 GHz bands, offering even higher speeds, improved performance in crowded environments, and better energy efficiency for mobile devices.
Looking ahead, WiFi 7 is set to further enhance wireless networking technology, promising even faster speeds, lower latency, and increased capacity for multiple access points and devices. These advancements have made wireless fidelity an essential part of modern life, enabling seamless internet access and connectivity for homes, businesses, and public spaces around the world.
Test Wi-Fi Connection Timing with NetBeez
NetBeez offers an effortless method for Wi-Fi network monitoring. The dashboard collects real-time data from wireless sensors that connect to one or multiple SSIDs. The Wi-Fi sensors test the connection, measure the time it takes, and logs the signal strength and other statistics. Monitoring the Wi-Fi signal and internet signal is essential for maintaining a reliable network connectivity home network. Within the NetBeez dashboard, you can examine the entire WiFi connection timing procedure, categorized into phases: association, authentication, and DHCP.
Each test also provides detailed logs from the WPA client supplicant and DHCP client processes. The NetBeez dashboard can help identify issues with the wireless access point or Wi-Fi router that may affect network performance. In the following screenshot you can read the log of the WPA Supplicant client.
In the next screenshot, I have filtered the DHCP messages logged when a Wi-Fi Beez is requesting a DHCP address. You can easily identify the D-O-R-A transaction between the Beez and the access point.
Conclusion
A Wi-Fi client connects by scanning for Wi-Fi networks and receiving responses. It then starts the 802.11 authentication and association process, recording the MAC address. The 4-way handshake creates a secure connection, and the client gets an IP address through DHCP to access the network.
In Wi-Fi monitoring, engineers set up WLAN agents to detect Wi-Fi connection problems. These agents reconnect to the network at regular intervals. They test 802.11 authentication, association, and DHCP.
NetBeez is a Wi-Fi monitoring solution that provides a simple to use dashboard with plug and play wifi sensors. Request a free trial or a demo to learn more.
