top of page
Search
  • Writer's pictureBhanu Prasad
    • Aug 21, 2023
    • 2 min read

DEAUTHENTICATION REASON CODE 6

Updated: Aug 22, 2023

The article is about my experience in the field. I saw Deauthentication (Deauth) frame with below reason.



Anyone seeing above reason for Deauth will have a question, what is Class 2 frame in Wireless?


To answer the above question, we need to understand different states of wireless stations will be and frames allowed in each state.


Please find the diagram from IEEE 80211-2020 document which gives details about State of Wireless stations and related class frames.





All Wireless stations does go through open Authentication to negotiate both wireless user devices and Access point using same Authentication algorithm.


You can filter the frames by using below filter in Wireshark to see what the Authentication is algorithm.

wlan.fc.type==0 && wlan.fc.type_subtype==11


For example, below is the flow of the frames for 802.1x Authentication.

If we see in the above diagram 3 & 4 Frames Auth & Auth Response are for Open Authentication and actual 802.1x authentication starts after successful Association that is after association response.


State-1 : The user device is said to be in State-1 if user device is unauthenticated & Unassociated with the Access point. Unauthenticated refers to Authentication (open Authentication) before Association request.


If User device is in State-1 only Class 1 frames are allowed. Class 1 frames are like RTS, CTS and ACK etc. in Control frames, Management frames like Probe Request , Authentication (Open Authentication) and Deauthentication etc.


For more information on Class 1 Frames, you can refer to 802.11-2020 IEEE document section 11.3.3.


State-2: The user device is in State-2 if the user device is Authenticated (successful open authentication) and not associated (means user device did not send association request yet).


The user device in State-2 can send class 1 & Class 2 frames. Class 2 frames are Management frames like Association Request, Re-association Request, and Disassociation.


From the above, what the error says is user device is not Authenticated (no open authentication frames exchanged between AP & User device) but trying to send Class 2 frames.

A user device shall not transmit Class 2 frames unless in State 2 or State 3 or State 4.


Successful authentication sets the state for a user device to State 2, if the user device was in State 1. Unsuccessful authentication leaves the state for the user device unchanged.



322 views1 comment

Recent Posts

See All

RADIUS Attribute Proxy-State

RADIUS is a networking Protocol that provides AAA services and is commonly seen in any Enterprise network. In this article, we will discuss the importance Radius attribute Proxy-state which is seen on

Opportunistic Wireless Encryption(OWE)

Opportunistic Wireless Encryption (OWE) /enhanced open authentication helps secure the data to be precise encrypt data. If a hacker/anyone eavesdropping will not understand the data collected, the inf

Wireless Dauthentication / Diassociation Attacks

The Wireless Deauthentication /Disassociation frame sent by an AP to the user device is unicast. In the recent past, I visited one of my customers as the customer complained, saying the Apple devices

bottom of page