802.11w Packet Formats

What is IEEE 802.11w?

IEEE 802.11w is an amendment to the 802.11 standard that enhances security by protecting management frames.

What types of frames are affected by 802.11w?

Management frames such as Disassociation, Deauthentication, and Action frames are protected by 802.11w.

Does 802.11w change the overall packet format?

No, it retains the general MAC frame format but includes additional fields for encryption and integrity checks in protected frames.

What is the role of the Management MIC (MMIC)?

MMIC is a Message Integrity Code used to protect the integrity of management frames.

Where is the MMIC located in a protected frame?

It is located in the payload of the frame, appended after the management frame content.

What new frame field is introduced by 802.11w?

A “Protected Frame” bit is used in the Frame Control field to indicate that the management frame is protected.

Are control or data frames protected under 802.11w?

No, 802.11w specifically protects only certain management frames.

Does encryption apply to all fields in a protected frame?

No, only the frame body is encrypted; the MAC header remains in plaintext to ensure correct routing.

How is integrity ensured in protected management frames?

Through the use of cryptographic hashes and the MMIC field to prevent tampering or forgery.

What happens if the MMIC check fails?

The frame is discarded, and depending on configuration, the system may trigger security alerts.

How are packet formats in 802.11w compatible with legacy devices?

Legacy devices ignore the Protected Frame bit and other 802.11w-specific fields unless they support the amendment.

Is the Sequence Control field modified in 802.11w frames?

No, it remains the same, but is used in MMIC calculations to ensure integrity.

What cipher suite is used for frame protection in 802.11w?

CCMP (Counter Mode with CBC-MAC Protocol) is used to protect management frames.

Do protected frames include timestamps?

Yes, some management frames such as beacons may include timestamps for synchronization purposes, though not necessarily protected.

Are Beacon frames protected in 802.11w?

No, Beacon frames are not protected under 802.11w to maintain compatibility and visibility for all devices.

Are Action frames protected by default in 802.11w?

Yes, Action frames are one of the key management frames protected by 802.11w.

How is replay protection handled in frame formats?

Replay counters and sequence numbers are used to detect and discard replayed frames.

Is there a length limit for protected frames?

The total frame length must comply with standard MAC frame size limits (typically 2346 bytes), even after protection fields are added.

Can protected frames be fragmented?

Frame fragmentation is typically avoided for management frames; protection assumes the full frame is delivered intact.

Where can I find full packet format diagrams for 802.11w?

Detailed formats are available in the IEEE 802.11w amendment and incorporated into later versions of the IEEE 802.11 standard.

Topics in this section,

• Reference links

Reference links

• Reference links