Once a client station is discover a SSID (Probe Request/Response or listening to Beacons) it move to Join phase. This exchange comprise of at least 4 frames
1. Authentication (Request)
2. Authentication (Response)
3. Association Request
4. Association Response

The frame format of those Authentication frames are as shown below.(from page 136- CWAP Official Study Guide)

CWAP - Mgmt-Auth-01As you can see above, frame body of an Authentication Frame consist of the following filds
1. Authentication Algorithm Number0 for Open System & 1 for Shared Key
2. Authentication Transaction Sequence Number -Indicate current state of progress
3. Status Code0 for Success & 1Unspecified failures
4. Challenge Text – Used in Shared Key Authentiction frame 2 & 3

Below table summarize the authentication frame field values & usages.(from page 137- CWAP Official Study Guide)

CWAP - Mgmt-Auth-03The initial purpose of the authentication frame is to validate the device type (verify that the requesting station has proper 802.11 capability to join the cell). This exchanged is based on simple two-frame (Auth Request &  Auth Response) called Open System.

In IEEE 802.11-1997 standard included a  WEP shared key exchange authentication mechanism called “Shared Key” where 4 authentication frame exchange. (when more complex authentication like 802.1X/EAP in place, Open System is used first & then complex method followed by Association frames). Below shows a Open System Authentication (note that all unicast frame ACK, so Auth frames get acknowledged)

Below diagrams show an Open System authentication frame exchange & associate packet capture.CWAP - Mgmt-Auth-00 CWAP - Mgmt-Auth-02Here is the first Authentication Frame in this exchange (frame 247). You can see the Authentication Algorithm Number is 0 (indicate Open System). Auth Seq Number is 1 indicate this is the first Authentication Frame in the given exchange. Status code is Reserved for the first frame (refer the table above)

CWAP - Mgmt-Auth-04Here is the 2nd Auth Frame (Auth Response) of the Open System frame exchange. As you can see here, Auth Seq Number is 2 indicating this is Auth Response frame. Also status code is 0 indicating successful Open System Authentication.

CWAP - Mgmt-Auth-05Even in a 802.1X/EAP Authentication, Always Open System Authentication occur first & then followed by EAP Authentication & 4 Way handshake prior to encrypt data. Here is 802.11r FT Association where 802.1X frame exchange after the Open System Authentication & Association completes.

CWAP - Mgmt-Auth-06If it is a Shared Key authentication, there will be 4 authentication frame exchanged as shown below.

CWSP-WEP-8Here is a frame capture of thisCWSP-WEP-09Here is the first Authentication Frame in Shared Key exchange (Auth Seq No =1). As you can see this time Authentication Algorithm is 1 (indicate Shared Key)

CWSP-WEP-10Here is the 2nd Auth Frame (Auth Seq No=2) . Note that this frame contain a “Challenge Text”. It is expected receiving device of this frame encrypt it using WEP & send it inside Auth frame 3.CWSP-WEP-11Here is the  3rd Auth Frame in that exchange. You can see WEP encryption usedCWSP-WEP-12Here is the last frame (Auth Seq No =4) of Shared Key Authentication. Note that Status code=0 indicate Successful Authentication.

1. CWAP Official Study Guide – Chapter 4

Related Posts

1. 802.11 Management Frame Types
2. 802.11 Mgmt – Beacon Frame
3. 802.11 Mgmt – Action Frames