Thread: A few questions about the probe request and probe response management frames

    I am grasping the concepts of the beacon frame. Now, I am working my way through the probe request and probe response frames, since I am guessing this is the next step in an eventual communication line. Lets take a scenario.

    A is my AP
    B is my connected laptop to my AP
    C is my laptop, but I have just turned it on and it is not yet connected to my AP
    D is a neighborhood AP
    E and F are neighborhood laptops which are either connected or not to their own AP's

    Question 1
    The AP's [A and D] are continously sending out beacon frames. To synchonise their own home networks and at the same time giving information to whomever is out there, no matter if there are laptops in the area or not. Correct?

    Question 2
    Both my laptops [B and C] are sending out probe requests. My laptop B is sending out probe requests even though it is already connected to my network, because it is checking to see if other AP's are out there. My laptop C is sending out probe requests because it is looking for possible AP's to connect to. Correct?

    Question 3
    My AP [A] will, because of the probe requests, send out probe responses. In this case, it will send out probe responses to my laptop C, which is not connected to any AP and to the neighboorhood laptops E and F. Even though E and F are connected or not connected to their own AP's. Correct?

    Question 4 (stuck)
    Is my AP sending out probe responses to my laptop B which is connected to it? My laptop is still sending out probe requests to see what is out there, (in broadcast?), but since my AP has it connected, my AP is not sending probe responses to it. Though it is sending out probe requests to the neighboorhood laptops. Correct?

    Question 5 (stuck)
    Is my laptops, both the connected one and the not connected one, sending out probe requests to spesific AP's? The one's that is it receiving beacons from? Or is it just sending out probe requests like an AP is sending out beacons? And would there be a difference in the probe request depending on if the AP's are hidden or not. I am just thinking that the probe request is broadcast if the AP SSID is not known, but a specific request if the AP SSID is known?

    [I am in the beginning stages of using Wireshark to learn this, together with its display filters.] Any help in clarifying this is much appreciated.


    Question 1:
    Yeah pretty much. I don't really know what you mean by "synchronize their own home networks" but an AP will send out Beacon Frames to tell everyone that it's there.

    Question 2:
    Yes, but keep in mind (anyone correct me if I'm wrong..) that you will only send out probe requests for SSID's that your computer knows (ie, has connected to before)

    Question 3:
    Your AP will send out a probe response to ANY probe request. However, I would think that it would only send them to your neighbour's machines if they had either connected to your AP previously, or were currently trying to connect... I could be wrong.

    Question 4:
    Not sure to be honest. I think your machine might still send out probe requests to your AP, because it could be looking for a stronger signal from the same SSID in your ESS (another AP in your network with the same name. Mainly used for enterprise networks) and thus your AP would respond with a probe response...

    Question 5:
    Your machine will send out probe requests for any network it has connected to previously. If an AP is not sending out Beacon Frames (Hidden SSID), it will still respond to your probe request and you will connect, provided you have the correct credentials.

    Hope that helps.

    [EDIT]Actually, an AP with hidden SSID might still send out Beacon Frames, just not the SSID in that frame... I can't remember. It's been a while.[/EDIT]
    Question 1:
    By synchronise, I mean "the timestamp", which forces all wireless devices to update their local clock and synchronize with the access point. This I am guessing are only the connected wireless stations.

    Question 2:
    If it is sending out probe requests to only the AP's that it has connected to before, then there shouldn't be more than 1 AP found in the network list. As how now, you usually can see many of your neighbors networks on the list, even though the laptop never has connected to them before. Isn't it automatically checking to see how many networks are out there and also checking to see if there might be APs out there with better signal strength? For example in the case of roaming?

    Have been googling this stuff, but many webpages differ with their information and I am not quite able to pinpoint which websites are correct.

    The AP send out beacons (beacon frames contain many parameters among them: Timestamp, SSID, channel, security info (WEP, WPA, etc), rates supported, CRC, header, etc).

    The Laptop or PC (The Radio NIC) is scanning to see what AP's are out there. It reads beacons, knwos the AP's, then send a beacon request to asociate...That's all..After asociating, it keeps scanning for more beacons ( future available AP's)...

    The rest of the traffic between them are info frames, data frames, etc... between beacons (from AP)...

    Nertwork Manager will record all network info using keyfile plugin..It will rank AP according to signal strenght and will conect preferable AP.....But if you are already connected to one, it will not terminate connection to re-connect to the one with better signal...It will be done when booting or done by user request...

    daedalus1776 answered all of your questions very precise.


