CWNA Certification Journey


I managed to get my CWNA certification today, this was my 2nd attempt. The first attempt was a failure a few months ago.

Failed Attempt: 53%

Passed Attempt: 82%

Below are a few tips which I would like to share so that you get most for this certification.

It would be quite beneficial if you already work for a Network/Wireless service provider or Manage wireless network for a company. Being in such a position certainly pays and gives room for joining the pieces of this puzzle.

This course will require some monetary investment. I managed to get some certification videos. Though the videos are for old CWNA course but majority of the conceptual stuff does not change for new revision. Here is the link >

There are no video training courses available on CBT nuggets or INE as of today. I did check with CBT Nuggets via twitter but they do not have any official dates for the.

So back to the actual course curriculum. It would be highly beneficial to check the course outline and objectives – You can check the differences from CWNA 106 so that you can prepare better

If would be good a good buy to get the new sybex CWNA official study guide >,miniSiteCd-SYBEX.html

This one is quite a thick book with over 1000 pages. I guess this book will be used throughout your career in wireless as a reference guide and a starting point for everything wireless. Some great work by the 2 David(s) Westcott & Coleman. When you buy the book you also get online flash cards + practice test questions valid for 1 year which you can use for further strengthen your knowledge.

Would be great and worth downloading the common terms used in the exam/book for the CWNA –

I read almost 1-2 chapters per week. The book might give you a feeling of information overload every once in a while. Another resource which I used during the preparation were some podcasts listed below.

  1. CleartoSend –
  2. WLAN Professional –
  3. Packet Pushers –
  4. WiFi for Beginners –

Twitterati (Twitterverse/Twitter users) – Would highly recommend you to join and follow the wireless enthusiasts. Thankful to the wireless online community! Many of them have a vast industry experience and certifications which go a long way in helping and coaching someone who is new to the wireless domain.

Slack Groups to recommended –

All the best with your CWNA Study and the Exam! Please buy the exam voucher directly form CWNP website  ( rather than going directly via PearsonVue. I saved $50USD by doing so.

I am on to the next Adventure of CWAP and will try and blog more often about the learnings from the course study.

CWNA – Chapter 2 Summary & Exam Essentials

CWNA Chapter 2 – IEEE 802.11 Standards and Amendments.

“Defined” means the amendment either no longer exists or it was rolled into the existing (or prior versions) 802.11-2007 spec. “Defines” means it is a ratified amendment that will be rolled into 802.11-2011. “Will define” means it is a work in progress and not yet amended.

802.11-1997 (sometimes called 802.11 “prime”) — the original 802.11 specifications included the base functionality along with FHSS and DSSS PHYs.

802.11a — Defined OFDM usage in 5 GHz with data rates up to 54 Mbps.
802.11b —Defined 5.5 and 11 Mbps with HR/DSSS in 2.4 GHz.
802.11c — Defined MAC bridging for 802.11. Was incorporated into 802.1D.

802.11-1999 rolled up 802.11 prime with new enhancements.

802.11d — Defined 802.11 operation in new regulatory domains.
802.11e — Defined QoS
802.11F — Recommended Inter-Access Point Protocol (IAPP) for interoperability of different vendor products. Was not used by anyone and is now withdrawn.

Note: A capital letter designates a recommended practice standalone standard (similar to 802.1X). A lowercase letter designates an amendment to a parent standard. Hence, 802.11F was designed to be a standalone document (and also happened to be a recommended practice), not a part of the full 802.11 standards. This is often a confusing topic in standards naming.

802.11g — Defined ERP PHY, which introduces data rates up to 54 Mbps in 2.4 GHz.

802.11-R2003 rolled up 802.11-1999 and prior amendments, excluding 802.11e.

802.11h — Defined Dynamic Frequency Selection (DFS) for radar detection and avoidance in some 5 GHz bands. Also defined Transmit Power Control (TPC) for managing client transmit power.
802.11i — Defined security enhancements including TKIP, CCMP, and use of 802.1X with WLANs.
802.11j — Defined 4.9 – 5 GHz operation in Japan.

802.11-2007 rolled up 802.11-R2003 with prior amendments.

802.11k — Defines radio resource management processes for RF data collection and sharing.
802.11l — Due to potential confusion between an “l” (letter) and “1” (number), 802.11l was bypassed.
802.11m — Was used as a maintenance amendment that updated inaccuracies, omissions, and ambiguities.
802.11n — Defines High Throughput (HT) PHY with MCS rates up to 600 Mbps in 2.4 GHz and 5 GHz.
802.11o — For similar reasons as 802.11l, 802.11o was bypassed. ‘Is that an “o” (letter) or a “0” (number)? I don’t know, let’s just skip it.’
802.11p — Defines wireless access for the vehicular environment (WAVE).
802.11q — Due to potential confusion with 802.1Q, 802.11q was bypassed.
802.11r — Defines fast BSS transitions (fast secure roaming). Maybe one of these days we’ll use it.
802.11s — Will define 802.11 mesh internetworking.
802.11T — Specified a way to test wireless performance prediction. Remember, capital letters are recommended practices standalone standards. 802.11T was canceled.
802.11u — Will define internetworking with external networks, such as cellular.
802.11v — Will define enhancements for network management.
802.11w — Defines protected management frames to prevent some security vulnerabilities.
802.11x — 802.11 technologies as a whole are often referred to as 802.11x, so this amendment was bypassed.
802.11y — Defines use of OFDM in 3650-3700 MHz.
802.11z —Defines enhancements to Direct Link Setup, which no one uses.
802.11aa — Will define enhancements to video transport streams.
802.11ab —Was bypassed to avoid confusion with devices using 802.11a and 802.11b PHY technologies, which are often abbreviated as 802.11ab.
802.11ac — Will define Very High Throughput (VHT) with gigabit speeds, building on 802.11n MIMO technology.
802.11ad — Will define short range Very High Throughput (VHT) in the 60 GHz spectrum.
802.11ae — Will define enhancements for QoS management.
802.11af — Will define the usage of Wi-Fi in newly opened TV whitespace frequencies.
802.11ag — Similar to 802.11ab, 802.11ag was skipped to avoid confusion with devices using 802.11a and 802.11g PHY technologies, which are often abbreviated as 802.11ag.
802.11ah — Will define the usage of Wi-Fi in frequencies below 1 GHz. Also used as an expression of Wi-Fi pleasure. 802.11…ah!
802.11ai — Will define FILS (fast initial link setup). Designed to address challenges in high-density environments which a large number of mobile users face.
802.11aj – Will define modifications to the IEEE 802.11ad-2012 amendment’s PHY and MAC layer to provide support to the Chinese Millimeter Wave (CMMW).
802.11ak – Will define amendment to General Link for use in bridged networks.
802.11aq – Will define delivery of network service information prior to the association of stations on 802.11 networks.
802.11ax – Will define HE(High Efficiency). Expected to be next big PHY enhancement to the 802.11 standards. Operate in both 2.4/5GHz.
802.11ay – Will define improvement of an 802.11ad amendment providing faster speeds.
802.11az – TBC

CWNA – Chapter 1 Summary & Exam Essentials

Overview of Wireless Standards, Organisations and Fundamentals.

4 Key organisations involved with wireless networking industry

– FCC and other regulatory domains (ITU-R (ACMA (Australia)) (ARIB(Japan)) – FCC regulates communication from/to/within US. Both licensed and unlicensed communications are typically regulated in the following 5 areas 

– Frequency, Bandwidth, Maximum power of the intentional radiator (IR),  Maximum equivalent isotropically radiated power (EIRP), Use (indoor and/or outdoor), Spectrum sharing rules.

– IEEE – 802.11 working group is responsible for creating WLAN standard.

– IETF – International community of people whose goal is to make the internet work better. 

– Wi-Fi Alliance – Global, non-profit organisation of more than 550 member companies devoted in making the wireless communication better. Its main task is to ensure interoperability of WLAN products by providing certification testing.

ISO – international Organisation for Standardisation. 

OSI model – Open Systems Interconnection (APSTNDP)

Application Layer 7- WWW browsers, NFS, SNMP, Telnet, HTTP, FTP
Presentation Layer 6 – Include encryption, ASCII, TIFF, GIF, JPEG, MPEG, etc..
Session Layer 5 –  NFS, NetBIOS names, RPC, SQL
Transport Layer 4 – TCP, UDP 
Network Layer 3 – Provides switching and routing technologies, creates logical paths, known as virtual circuits.
Data Link Layer 2 -The MAC layer and the Logical link control (LLC) layer. IEEE 802.3, ATM, Frame Relay.
Physical Layer 1 – Cables, Ethernet, Fibre, etc.

The 802.11-2016 standard defines communication mechanism only at the Physical and the MAC sublayer of the Data-Link layer of the OSI model. 

Communications Terminology 

Simplex – Device is either capable of transmitting or receiving.
Half-Duplex- Capable of transmitting and receiving but not at the same time. Only 1 device can transmit at a time.
Full- Duplex – Capable of transmitting and receiving at the same time.

Radio Frequency Fundamentals 

1. Amplitude – Height, force, or the power of the wave. 
2. Wavelength – Distance between similar points on two back to back waves.

Frequency – Describes a behaviour of waves. How fast the wave travels, or more specifically how many waves are generated over a period of time, is known as frequency.

Phase – is a relative term. It is the relationship between 2 waves with the same frequency

Keying Methods – Some more explanation here.

1. Amplitude-Shift Keying
2. Frequency-Shift Keying
3. Phase-Shift Keying.


1. Know the 4 Industry Organisations
2. Understand core, distribution and access layer
3. Explain the difference between simplex, half-duplex, and full duplex.
4. Understand Wavelength, Frequency, Amplitude & Phase.
5. Keying Methods.

CWNA, Authentication & Encryption Types

Different Authentication types

  1. Open
  2. PSK
  3. 802.1X

Open Authentication – There is no authentication (Free for all). Device connects to wireless network without any issue.  Open Authentication might also redirect to a captive portal like at a Airport or Public Wireless places. There is a two way packet exchange. It is not the secure way to setup the wireless.

PSK / WPA/WPA2 – Preshared Key – Authentication using a set password on the network. Used in small/medium and mostly home deployments. Also deployed in secondary wireless network in organizations.
There is no additional requirements for authentication. PSK can be subjected to dictionary attacks. Suggested to change the PSK regularly. Recently there was an outbreak for WPA2 Krack attack ( You can setup a phrase or lengthy password. Consists of WPA/WPA2 Personal.

802.1X / WPA2 Enterprise – Strongest of all the authentication types. Framework which defines authentication, there is a Supplicant(Client which wants to connect), Authenticator(AP/Controller) and Authentication Server(Radius, ISE etc). Advantageous if there are more than 1 radius servers as a backup if primary server is not available due to any reason. Different EAP (Extensible Authentication Protocol) types are used in this setup. EAP method used (Credentials/Certificate/SIM Card etc) will be defined for the user authentication to the wireless network.

Upcoming Authentication Types in near future

SAE – Simultaneous Authentication of Equals – SAE is resistant to passive attack, active attack, and dictionary attack. It provides a secure alternative to using certificates or when a centralized authority is not available.
DPP – Device provisioning protocol – authenticate device without password like QR code, some kind of tag etc. Applies to lot of IoT devices which do not have screen for authentication.
WPA3 – The new WPA3 security standard is expected to land in devices later in 2019. our new capabilities for personal and enterprise Wi-Fi networks will emerge in 2018 as part of Wi-Fi CERTIFIED WPA3™. Two of the features will deliver robust protections even when users choose passwords that fall short of typical complexity recommendations, and will simplify the process of configuring security for devices that have limited or no display interface. Another feature will strengthen user privacy in open networks through individualized data encryption. Finally, a 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will further protect Wi-Fi networks with higher security requirements such as government, defense, and industrial. (

Encryption Types

Only the payload of data frames are encrypted in general cases. In some advanced cases, management frames can also be encrypted. Encryption here is targeted towards data frames.

None – No Encryption – Open Authentication, relying on application for encryption, not reliable. Suggested to use your personal VPN services to mitigate against any attacks. OWE – (Opportunistic Wireless Encryption) – may offer some encryption for open authentication in the near future. ( 
TKIP (Temporal Key Integrity Protocol)- Introduced in 2002, Patch WEP (Wireless Encryption Protocol). It uses RC4 as its cipher, same as WEP.  You should refrain from using TKIP and upgrade your devices. Data rates are also limited to 54Mbps.
CCMP/AES (Counter Mode Cipher Block Chaining Message Authentication Code Protocol) – Strongest of all, not compromised till now. Suggested to use for your network. WPA/WPA2 – WPA uses TKIP, WPA2 uses CCMP/AES and TKIP as well.

Thanks to SemFio network for the diagram below.


CCK – Complementary Code Keying
DSSS – Direct Sequence Spread Spectrum
OFDM – Orthogonal Frequency Divisional Multiplexing
FHSS – Frequency Hopping Spread Spectrum

There are various versions of WLAN standard developed to address different data rate and coverage requirements. IEEE 802.11b supports four data rates viz. 1 Mbps, 2 Mbps, 5.5 Mbps and 11 Mbps.
DSSS is used to provide support for 1 Mbps and 2 Mbps data rate.
CCK (to old for CWNA Exam) for 5.5 and 11 Mbps while OFDM is used for higher data rate applications.
OFDM is used in IEEE 802.11a, 11g, 11n, 11ac and 11ad versions. OFDM is employed along with MIMO to increase the data rate further.

CCK is the modulation form used in the 802.11b standard when operating in 5.5 Mbps or 11 Mbps. CCK was chosen because it uses the same approximate bandwidth as MOK and can use the same header and preamble of pre-existing 1 and 2 Mbps wireless networks, thus facilitating interoperability.

FHSS – RF carrier frequency is changed according to the Pseudo-random sequence(PRS or PN sequence). This PN sequence is known to both transmitter and Receiver and hence help demodulate/decode the information. Within one chip duration, RF frequency does not vary. Based on this fact there are two types of FHSS, fast hopped FHSS and slow hopped FHSS. Dwell time usually 400ms, amount of time that a system transmits on a frequency. Hop time is measurement of amount of time taken by transmitter to change from one frequency to another.

DSSS In DSSS, information bits are spread across both frequency and time planes, hence minimizes effect of interference as well as fading. Hence DSSS system prone to errors but at low level compare to FHSS systems. FHSS produces strong bursty errors. DSSS delivers capacity upto 11 Mbps while FHSS supports upto 3 Mbps. DSSS is very sensitive technology while FHSS is very robust technology. This is observed in harsh environment comprising large coverage, noises, collocated cells, multi-path and presence of bluetooth frequency waves etc. DSSS is ideal for point to point applications while FHSS can be used in point to multipoint deployment with excellent performance. 

OFDM  The idea of OFDM is to map complex data on to multiple narrow band subcarriers so that higher data rate can be achieved. The same is shown in the figure. As shown complex modulation scheme such as 16-QAM is first used to map binary data information into complex frequency domain vector form. 16-QAM maps 4 bits on each of the subcarrier. This bunch of subcarriers as per IFFT size are combined and given as input to IFFT block. This block converts frequency domain complex mapper data into time domain data vector. This vector is converted to analog form before being provided as input to RF converter before transmission into the air using antenna.  OFDM solves multipath issues.

CWNA , IEEE 802.11!

  • Hi IEEE 802.11 Key Concepts

Let’s get started with the IEEE 802.11 Journey synopsis. Standards are defined at physical and mac-sub layer(data-link). We are referring to different ways of transmitting data over the air. Also how our communication signal would deliver information. One of the original ones we’ve come across is FHSS (Frequency Hopping Spread Spectrum) and DSSS (Distributed Sequence Spread Spectrum).

In 2007, the IEEE consolidated 8 ratified amendments along with the original standard, creating a single document that was published as the IEEE standard 802.11-2007
The standard covers IEEE standard 802.11-1999, 802.11a.1999, 802.11b-1999, 802.11g-2003,802.11i-2004

802.11b (Sep 1999) is high rate DSSS – Based on 2.4GHz to 2.4835 GHz ISM band
802.11a (Sep 1999) is OFDM (Orthogonal Frequency Divisional Multiplexing) would operate in 5GHz frequency.  There are 3 U-NIII (Unlicensed National Information Infrastructure) frequency bands consisting of 12 channels.
802.11b (1999) – High Rate DSSS, operates in 2.4 GHz frequency. OFDM transmission type and supports BPSK (binary phase shift keying) and QPSK (Quadrature PSK) – 1 & 5.5Mbps and 2 & 11 Mbps. 
802.11g (June 2003) – Speeds upto 54Mbps/works similar to 802.11b in 2.4 GHz. Used a new technology called Extended Rate Physical (ERP) – ISM frequency band.
802.11i (Security) – From 1997 – 2004, not much defined in terms of security in the original 802.11 standard. Three key components of security solution – Data Privacy/Data Integrity/Authentication. This amendment defined a RSN (Robust Security Network).
802.11r-2008 (FT)-  Technology is more often referred to as fast secure roaming because it defines faster handoffs when roaming occurs between cells in WLAN using a strong security defined by RSN.
802.11w (Sep 2009) – IEEE Task Group was a way of delivering management frames in a security manner. Preventing the management frames from being able to be spoofed.802.11 – only on 2.4. Uses hi rate DSSS. It actually came out before 802.11a. Enabled 5.5 and 11Mbps data rates. 22MHz wide channels. Today these rates have become legacy rates. 
802.11n (October 2009) – also known as Wi-Fi 4 is an amendment that improves upon the previous 802.11 standards by adding multiple-input multiple-output antennas (MIMO). 802.11n operates on both the 2.4 GHz and the 5 GHz bands. Support for 5 GHz bands is optional. Its net data rate ranges from 54 Mbit/s to 600 Mbit/s
802.11ac (December 2013) – VTH (Very high throughput, wider channel (20MHz-160MHz) – also known as Wi-Fi 5 is an amendment to IEEE 802.11, published in December 2013, that builds on 802.11n.[28] Changes compared to 802.11n include wider channels (80 or 160 MHz versus 40 MHz) in the 5 GHz band, more spatial streams (up to eight versus four), higher-order modulation (up to 256-QAM vs. 64-QAM), and the addition of Multi-user MIMO (MU-MIMO). As of October 2013, high-end implementations support 80 MHz channels, three spatial streams, and 256-QAM, yielding a data rate of up to 433.3 Mbit/s per spatial stream, 1300 Mbit/s total, in 80 MHz channels in the 5 GHz band
802.11ax ( Sometime in 2019*)  – IEEE 802.11ax also known as Wi-Fi 6 is the successor to 802.11ac, and will increase the efficiency of WLAN networks. Currently in development, this project has the goal of providing 4x the throughput of 802.11ac at the user layer, having just 37% higher nominal data rates at the PHY layer.  More can be read here

While learning about 802.11 PHYs (Physical) I have come across this extremely useful table from cleartosend podcasts/posts as below




Wave Length and Frequency Basics

Wave Length – is the distance between 2 successive crests (peaks).

Commonly, lower frequency signal will travel farther than higher frequency.
2.4GHz – 4.82 inches (12.24 cms), 5GHz – 2.04 inches (5.19 cms)

Frequency – Peaks of signal, seen over a period of time. Defined in Hertz.

1 Hz = 1 cycle p/s
1 KHz = 1000 cycles p/s
1 MHz = 1 Million cycles p/s
1 GHz = 1 Billion cycles p/s

High frequency > more peaks and low frequency -> lower peaks

Amplitude – Strength or Power of the signal.

Phase : Relation between 2 or more signals with same frequency.

If 2 signals have 0 degree difference in phase then the amplitude may increase as much as double
if 2 signals have 180 degree difference in phase, they would cancel each other

CWNA : New Things Learnt today

Cinemas jamming mobile phone signals #cinemajammers

The US’s National Association of Theater Owners wants the FCC’s permission to block mobile reception inside cinemas. To be honest I thought this already happened in some places… maybe I’d mentally linked it to office buildings with Faraday cage wall structures to prevent eavesdropping on wireless data transfer; I don’t know how common these are in general, but would guess that more sensitive workplaces have had these for a long time.
Of course, the problem with not being able to dial emergency services may be significant, although one would hope that the cinema staff would be able to use a land line to do that if alerted. What might be a more worrying problem is the audience not being able to receive messages/calls–imagine a situation where some urgent or critical news (e.g. “Come home, your house is on fire”) can’t be communicated to someone simply because he or she is in the cinema. Yes, before cellular phones (and pagers) that wouldn’t have been an issue anyway, but it is now.

#EVILTWIN #securityattack – Evil Twin attack

“A Fake WiFi access point is a wireless access point that has been installed on a secure network without explicit authorization from a local network administrator, whether added by a well-meaning employee or by a malicious attacker.” – Wikipedia

Fake WiFi access point is often called as:

Using this method it is possible to retrieve the WPA/2 passphrase in clear-text within minutes. No need of cracking or any extra hardware other than a Wireless adapter.

In some cases you don’t even need an adapter. When ? that we will discuss

Keep reading…

#fresnelzone  FRESNEL ZONE

resnel zones are used by propagation theory to calculate reflections and diffraction loss between a transmitter and receiver. Fresnel zones are numbered and are called ‘F1’, ‘F2’, ‘F3’ etc.

There are an infinite number of Fresnel zones, however, only the first 3 have any real effect on radio propagation.

In Radio Mobile Fresnel zones ove a radio path can be analysed in ‘Radio Link‘ and ‘RMpath

What is a Fresnel zone and why is it important?

Fist, what is it? A Fresnel zone is a cylindrical ellipse drawn between transmitter and receiver. The size of the ellipse is determined by the frequency of operation and the distance between the two sites.

Earth Bulge #Earthbulge

Earth bulge is a term used in telecommunications. It refers to the circular segment of earth profile which blocks off long distance communications.

Fade Margin #fademargin

Fade Margin is an expression for how much margin – in dB – there is between the received signal strength level and the receiver sensitivity of the radio.