802.11 beacon frame

Stuck with a problem in your code? Seek help here.

802.11 beacon frame

Postby Mjolinor » December 12th, 2015, 9:01 am

I am making a clock. Very early stages yet but I want to not have to set the time on it. Options here are GPS or connect to Internet and NTP but I've been googling a bit and reading and it seems to me that the beacon frame that an AP transmits includes a time since EPOCH so I should be able to retrieve that and use it to set my clock without having to connect to any wifi, just take any spurious wifi beacon frame packet that happens to be floating past and take the time from it.

Most APs now have NTP already installed so I figure it will be an accurate enough time for what I need.

With this in mind I reckon a ESP8286 would be perfect for this job.

I am just struggling a bit to find some good google hits to help. I am not too comfortable writing in C but usually struggle my way through and I have written code before for recovering specific data from Ethernet when I made a bespoke serial <> ethernet converter for a specific application.

Is my understanding correct that the time included in the beacon frame is the real time if the clock is set on the AP?
Can anyone give me some good links to reading material about it.
Mjolinor
 
Posts: 231
Joined: July 30th, 2013, 10:05 am
Location: Burnley, UK

Re: 802.11 beacon frame

Postby bandersnatch » December 13th, 2015, 6:24 pm

Hi,

A quick G$$gle search for: "802.11 beacon frame timestamp"
yields some useful info:
http://mrncciew.com/2014/10/08/802-11-mgmt-beacon-frame/
explains the beacon frame fields in some detail but describes the timestamp as "the number of microseconds the AP has been active."
....eh?.....hmmm......

https://ask.wireshark.org/questions/44591/time-delta-between-80211-beacon-frames
discusses a packet time discrepancy issue but contains the hidden gem :
"pcap gets the time stamp of a packet by mechanisms that return the time in UN*X format i.e. seconds and fractions of a second since January 1, 1970, 00:00:00 UTC"
...oh really??? aha....

Important info seems to be in http://%20http://web.cecs.pdx.edu/~jrb/netsec/lectures/80211/beacon.txt
This analysis of a beacon hex packet lists the EPOCH timestamp in REVERSE BYTE ORDER !!!
ie the beacon packet contains 50f1133cca040000 in the 8 timestamp bytes but the Timestamp is listed as 0x000004CA3C13F150..
...Hmmm... might be useful to know this (!)

The G$$gle hitlist also contains many 802.11 PDFs & the info you need is probably in there somewhere, but I would take the direct approach

Fire up Wireshark (you DO have wireshark??? If not then grab it asap, indispensible for messing about with WLAN programs)
Set the filter to catch beacons packets only & save the packet hex values for a few beacon packets.
Extract the 8 hex bytes from the beacon packet, reverse the byte order & use the awesom EPOCH tools at
http://www.epochconverter.com/ to convert the timestamp bytes back to a real date.
You may need to divide by 1000, or add/remove a timezone offset.... , mess about with offsets... blah blah...
The goal is to first manually discover exactly how to convert the time

Then Forget "C" for the time being... ;^))) & Write a quick conversion program in your favourite high-level language
to extract the 8 hex bytes from the timestamp field of the beacon packet and convert these into a datetime value

Write the C routine once your high-level language version is working.
My only reservation is the reference to ... "the number of microseconds the AP has been active."....
On the surface, this would mean that every AP would return a different timestamp in the beacon packet & you will need to use another timestamp, but the references I have found with my quick searches are all a bit vague.

I would follow the "suck it & see" method, have a quick play with Wireshark on your own WLAN & maybe compare the results
with a few other WLANs..

I hope this helps .... Let me know how you get on

STFB
bandersnatch
 
Posts: 150
Joined: September 17th, 2014, 12:06 pm

Re: 802.11 beacon frame

Postby Mjolinor » December 13th, 2015, 11:25 pm

Cheers for that. I have read most of the google hits on the actual packet format and wiresharked (<<is that a word?) a bit but the "C" bits to make the wireless card gimme data without connection on the APs that are beaconing didn't seem to be sensible. This may be because it was backwards as you point out, I shall try that to see.

I see you are finding the same vague references that made me ask in the first place. I decided to suck it and see but I haven't turned the laptop on (desktop has no wireless) for more than a couple of years and Mint decided it couldn't update etc etc and two days later I am still trying to get it to the stage where I can start putting the required software on without a re-install.
Mjolinor
 
Posts: 231
Joined: July 30th, 2013, 10:05 am
Location: Burnley, UK

Re: 802.11 beacon frame

Postby Mjolinor » December 15th, 2015, 1:11 am

Hmm, googling wrong as usual. "esp8266 packet sniffing" brings back lots of hits and some good small examples that just need parsing for the data I need.
Mjolinor
 
Posts: 231
Joined: July 30th, 2013, 10:05 am
Location: Burnley, UK


Return to Help Me! Software

Who is online

Users browsing this forum: No registered users and 3 guests