December 28, 2024

Active and Passive Scanning

Active and Passive scanning is depends upon the behavior of client and AP to start an association process.

For every 100 time units​ there will be a Beacon Interval in which AP sends a Beacon. A time unit is equals to 1.024ms.

Active scanning



In Active scanning client will send probe request frame from all of its channel in search of AP’s and listens to probe response from the AP.

when the client receives the probe response frame from the AP it starts the association process.

There are two mode in it. They are:​

  1. Direct mode
  2. Null mode

Directed Mode​ Active Scanning


Direct Mode

In this mode probe request frame contains the SSID of AP in which STA wants to connect.​

station knows the SSID of an AP in which it wants to associate so it sends the probe request to that AP.

Null Mode Active Scanning

​In this mode station sends probe request frame with 0 value in SSID field and listens for probe response frames.

similarly when client receives the probe response frame​ client collects all the response from AP’s and then move to association process with the AP which is having the highest signal strength and good RSSI value.

For example a station wants to connect to a network in addition to that it will send a probe request frame instead for waiting for a beacon.

Moreover it collects all the probe requests from the AP’s. It will choose a better AP which has high signal strength and starts association process.

WLAN Active scanning – Null mode

Passive Scanning

In Passive scanning station moves to each channel as per channel list and listens for Beacon frames.

when it receives a beacon frame client will send a probe request frame in response to beacon frame sent by AP.

If the client gets a probe response frame then client starts association process with the AP.



​Frames are buffered and are used to decode and extract information about Basic service set(BSS).​

Not only the client listens for beacon frames in all its channels but also in this mode client saves power as it does not transmit signals.​

After extracting Basic service set information the client starts the association process as a result of whose signal strength is highest.​