Hi Laz, I have some more questions.
This is from Jeremy’s IT Lab (free on YouTube)
[image removed]
I don’t get some things here.
How can a client be authenticated but not associated? How does that work?
And why is an authentication request/response sent before association? Why does it even exist? What does it do?
Because any form of authentication takes place once the user receives an association response. Here is an example.
Sorry for the worse quality. The actual authentication (in this case, the 4-way handshake) begins after an association request is received and a response is sent back.
So what do the authentication request and authentication response messages even do? They don’t authenticate the user, the 4-way handshake does that which occurs after the association response 
This raises one final question, when is the user actually associated with the AP? It should be once the 4-way handshake succeeds, right?
Thank you.
David