WLAN SCANNING (ACTIVE & PASSIVE)

 

What is Scanning?

Scanning is a mechanism to find out  APs within range. If STA finds required AP in scan list , then it can be sure that target AP is alive. So STA proceed for connection if needed.

Is Scanning is STA or AP Feature?

In general Scanning is performed by  the client or station to get list of APs. But AP can also do scan.

In this Blog we will discuss about STA scanning feature only.

How many types of Scanning are there in 802.11?

There are two types of scanning are there...

1) Active Scanning.

2) Passive Scanning.

Scenario:

Let's assume there are three APs (2.4Ghz) and one client/STA is there.

AP1 [Broadcast SSID, Channel 1]

AP2 [Broadcast SSID, Channel 11]

AP3 [Hidden SSID, so does not broadcast SSID, Channel 1]

Active Scanning:

1. STA sends probe request on first channel 1 of 2.4Ghz band.

There are two types of probe request

In general Probe request is broadcast packet. This means whoever gets this probe request, may (Except hidden SSID AP ex: AP3) reply with probe response to STA.

Probe request can be unicast to particular AP. This type of probe request is called directed probe request.

Let's think our STA sends broadcast probe request.

2. Now AP1, AP2, AP3 can see this broadcast probe request. So, AP1 replies with probe response frame to STA.

3. STA sends 802.11 ACK to AP1.

4. Now, STA continues to send probe request on channel 2,3,4...11 (or 12,13 if supported). STA receives probe response from AP2 when probe request was sent on channel 11.

If STA supports 5Ghz, then STA also perform active scan starting from channel 36 to 165 (Depending on supported channel).

5. At last STA collects all AP probe response and make scan list. This is implementation depended that STA can do scan on all channels or only one channel [Directed Probe Request] or non-overlapping channels only.

Passive Scanning:

1. If STA is in passive scanning mode then STA does not send any frame in air.

2. STA waits certain time on one supported channel and receive beacon frame broadcasted by AP.

3. Then STA moves to next supported channel (Ch: 1,2,3,...11 or 36...165) and repeat the same.

4. After completing all supported channel STA collects SCAN results.

For passive scan we do not see any packet in sniffer capture.

Which SCANNING is better Active scan or passive scan?

It depends on application. Here are the advantages and disadvantages of these two scanning method.

Active scan is quick as STA sends Probe Request and get probe response. But passive scan slower as STA has to wait for beacon in each channel.

Passive scan saves more battery as no frame is transmitted in the air.