The Impact of Security Protocols on TCP/UDP Throughput in IEEE 802.11ax Client–Server Network: An Empirical Study

Abstract

IEEE 802.11ax (Wi-Fi 6) technologies provide high capacity, low latency, and increased security. While many network researchers have examined Wi-Fi security issues, the security implications of 802.11ax have not been fully explored yet. Therefore, in this paper, we investigate how security protocols (WPA2, WPA3) affect TCP/UDP throughput in IEEE 802.11ax client–server networks using a testbed approach. Through an extensive performance study, we analyze the effect of security on transport layer protocol (TCP/UDP), internet protocol layer (IPV4/IPV6), and operating systems (MS Windows and Linux) on system performance. The impact of packet length on system performance is also investigated. The obtained results show that WPA3 offers greater security, and its impact on TCP/UDP throughput is insignificant, highlighting the robustness of WPA3 encryption in maintaining throughput even in secure environments. With WPA3, UDP offers higher throughput than TCP and IPv6 consistently outperforms IPv4 in terms of both TCP and UDP throughput. Linux outperforms Windows in all scenarios, especially with larger packet sizes and IPv6 traffic. These results suggest that WPA3 provides optimized throughput performance in both Linux and MS Windows in 802.11ax client–server environments. Our research provides some insights into the security issues in Gigabit Wi-Fi that can help network researchers and engineers to contribute further towards developing greater security for next-generation wireless networks.

1. Introduction

The IEEE 802.11ax (Wi-Fi 6) standard, released in 2018, represents a major step toward improving wireless performance by supporting higher capacity, reduced latency, and more efficient spectrum utilization [1]. Unlike its predecessor (802.11ac), 802.11ax operates on both 2.4 GHz and 5 GHz bands, making it well-suited for IoT and dense environments. More recently, Wi-Fi 7 (802.11be) has emerged, but Wi-Fi 6 remains widely deployed in enterprise and residential networks due to its maturity and compatibility [2,3].

While the technical features of Wi-Fi 6, such as OFDMA and MU-MIMO, have been extensively documented in the literature [1,2,4,5,6,7,8,9], less attention has been paid to the interaction between these features and advanced security protocols. WPA3, introduced in 2018, was designed to replace WPA2 with stronger encryption, resistance to brute-force attacks, and improved protection in public networks. However, the impact of WPA3 on real-world IEEE 802.11ax performance remains underexplored.

IEEE 802.11ax client–server networks have become central to evaluating Wi-Fi 6 performance in real-world deployments. Unlike simulation-only environments, client–server testbeds allow for the empirical measurement of throughput, latency, jitter, and packet loss under controlled conditions. Several studies have analyzed Wi-Fi 6 enhancements such as MU-MIMO, OFDMA, and higher-order modulation in client–server setups, but most of these works have focused on baseline MAC/PHY performance or secured connections [10,11]. Very few have examined the effect of WPA3 in such environments, despite its growing importance as the default security protocol for modern networks. This study builds on client–server methodologies to investigate how WPA2 and WPA3 influence TCP/UDP throughput in IEEE 802.11ax networks, thereby extending the scope of prior research to address both performance and security dimensions.

Most prior studies have focused on WPA2 or older standards (e.g., IEEE 802.11ac), often using simulation environments with limited validation in practical testbeds [3,12,13,14]. Few have examined WPA3 empirically in Wi-Fi 6 networks, particularly across transport protocols (TCP/UDP), network protocols (IPv4/IPv6), and different operating systems.

This study addresses that gap by conducting a testbed-based evaluation of WPA2 and WPA3 in IEEE 802.11ax client–server networks. Specifically, we analyze throughput, jitter, and packet loss under varying packet sizes, transport protocols, and operating systems (Windows and Linux). The findings provide practical insights into the performance–security trade-offs in Wi-Fi 6 and demonstrate that WPA3 can deliver strong security while maintaining optimized throughput.

1.1. Research Challenges

In this study, we address the following three research questions/challenges:

Research Question 1: What impact does WPA3 have on throughput performance of 802.11ax client–server networks?

To address Research Question 1, we identify and discuss the key factors influencing security protocols affecting the performance of 802.11ax networks. These factors include encryption overhead, key management, and protocol negotiation times. The proposed solution involves analyzing WPA3 protocols in both personal and enterprise settings using a RADIUS server for enterprise-level authentication. WPA3 introduces small overheads due to its advanced encryption, but it ensures greater security and maintains high throughput in 802.11ax networks due to the efficiency of the protocol in high-density environments.

Research Question 2: What impact do transport layer protocols (TCP and UDP) have on throughput performance of IEEE 802.11ax client–server network across both IPv4 and IPv6 for varying packet sizes?

The selection of transport protocols (TCP or UDP) can significantly influence network performance, particularly when combined with IP protocols (IPv4 vs. IPv6) and varying packet sizes. The connection-oriented nature of TCP contrasts with the connectionless approach of UDP, leading to differences in overhead, which in turn affects throughput and latency.

To explore Research Question 2, we examine the specific factors that distinguish the impact of TCP and UDP on network performance in both IPv4 and IPv6 environments. The key factors include protocol overhead, packet loss, and throughput efficiency. In our methodology, both TCP and UDP protocols were implemented and tested across IPv4 and IPv6 networks using different packet sizes. The findings revealed that UDP, being connectionless, delivered lower latency but experienced higher packet loss compared to TCP. Conversely, TCP, due to its connection-oriented design, achieved higher throughput, particularly with larger packet sizes. Additionally, IPv6 demonstrated slightly improved performance with large packets, attributed to its more efficient header structure.

Research Question 3: What impact does multi-user MIMO (MU-MIMO) have on the performance of 802.11ax networks, and how can security protocols (WPA3) be optimized to support this?

The IEEE 802.11ax introduces uplink and downlink MU-MIMO, allowing for multiple devices to communicate simultaneously. However, managing multiple simultaneous connections in high-density environments (e.g., public places or large offices) poses challenges for maintaining high throughput and low latency, especially when security protocols like WPA3 are applied. The complexity of securing these parallel connections without degrading performance needs to be explored.

To address Research Question 3, we assess the various dynamics that influence the performance of MU-MIMO in high-density environments, including channel interference, device synchronization, and security overhead. The proposed solution implements uplink and downlink MU-MIMO in IEEE 802.11ax networks with WPA3 encryption and tests performance in crowded scenarios. Our results show that MU-MIMO significantly improves throughput by allowing for multiple devices to communicate simultaneously. However, the additional encryption overhead from WPA3 introduces minimal delays in device synchronization. To mitigate this, we propose optimizing WPA3 key management and encryption algorithms, ensuring that security does not negatively impact MU-MIMO performance.

1.2. Research Scope and Contribution

The main contributions of this paper are outlined as follows:

• We provide an in-depth evaluation of 802.11ax security protocols (WPA2 and WPA3) in client–server networks. To this end, we thoroughly investigated the impact of WPA2 and WPA3 on system performance in both personal and enterprise networking environments.
• We optimize WPA3 performance in high-density environments by reducing the overhead introduced by advanced encryption processes, ensuring both security and efficiency in wireless communication. To this end, we demonstrate the effect of these security protocols on network throughput.
• We provide a comparative analysis of the impact of transport layer protocols (TCP and UDP) on system performance for IPv6 network layer protocol. To this end, we provide a detailed comparison of TCP and UDP protocols, analyzing their performance across both IPv4 and IPv6 802.11ax networks. By varying packet lengths, we examined protocol efficiency, packet loss, and latency. This contribution provides an insight into the optimal transport protocols and packet lengths for achieving higher throughput and reliability in both legacy and modern IP networks Wi-Fi 6 standards.
• We study the performance optimization of Multi-User Multiple-Input Multiple-Output (MU-MIMO) in high-density 802.11ax networks. To this end, we investigate the impact of uplink and downlink MU-MIMO in 802.11ax in high-density environments, focusing on the synchronization and management of multiple devices. We also explored the methods of security protocols like WPA3 that could be optimized to maintain high throughput and low latency in such settings. Our study demonstrates practical methods to improve MU-MIMO performance, enabling efficient multi-user communication in dense networks while ensuring robust security.

1.3. Structure of the Paper

The related works on 802.11ax Wi-Fi security protocols and network performance are presented in Section 2. The research methodology is discussed in Section 3. The system evaluation, test results, and analysis of the impact of security protocols (WPA2, WPA3), transport protocols (TCP, UDP), and IP versions (IPv4, IPv6) on system performance are presented in Section 4. The benefits and practical implications are discussed in Section 5. Finally, the paper is concluded in Section 6.

2. Background and Related Work

IEEE 802.11ax, also known as Wi-Fi 6, represents a significant evolution in wireless networking technology. It addresses growing demands for high-speed, high-capacity wireless communication, especially in dense environments such as offices, stadiums, and urban areas. While Wi-Fi 6 promises substantial improvements over its predecessor (IEEE 802.11ac), particularly in terms of throughput, latency, and capacity, several factors influence its real-world performance, including security protocols, transport layers (TCP/UDP), and network layers (IPv4/IPv6). These factors are crucial when assessing the practical application of Wi-Fi 6 in diverse environments [3,11,12,13,15,16,17].

Wi-Fi 6 introduces several key features that distinguish it from previous Wi-Fi standards. Orthogonal Frequency Division Multiple Access (OFDMA) and MU-MIMO significantly enhance the efficiency and capacity of the network by enabling simultaneous data transmission from multiple devices. The enhanced Basic Service Set (BSS) coloring feature reduces interference in high-density environments, further improving throughput [11].

The work by Khorov et al. [13] provides an in-depth analysis of the enhancements brought by 802.11ax, particularly in crowded environments. Their study shows that the standard is well-suited to handle the increasing proliferation of IoT devices, smart appliances, and other connected devices, which require stable and high-capacity wireless networks. However, while Wi-Fi 6 offers numerous advancements, its performance is subject to various external factors, especially in relation to the security protocols that protect data integrity and user privacy [13]. Security protocols are vital for safeguarding wireless networks, particularly in enterprise and public environments. The WPA3 protocol, introduced to replace WPA2, provides enhanced encryption and better protection against brute-force attacks. However, the trade-off is the additional computational overhead introduced by WPA3, which can degrade network performance, especially in bandwidth-intensive applications.

Wi-Fi PPDU begins with a Short Training Field (STF) for coarse synchronization and AGC convergence, followed by a Long Training Field (LTF) for channel estimation and fine timing/frequency offset correction; the data field then carries the encoded payload. This legacy framing remains foundational across modern amendments, including IEEE 802.11ax, and is orthogonal to higher-layer security (WPA2/WPA3), which operates above the PHY [18].

Alghamdi [17] conducted a comparative analysis of WPA2, and WPA3 security protocols on Wi-Fi networks and found that WPA3’s advanced encryption mechanisms introduced significant latency and reduced throughput compared to WPA2. However, the existing literature has focused primarily on isolated environments, and there is limited research on the interaction between security protocols and other network layers, such as the transport and internet layers. This research addresses this gap by critically examining the effect of WPA2 and WPA3 on Wi-Fi 6 performance in different transport (TCP/UDP) and network layers (IPv4/IPv6) to provide a more holistic understanding of how security protocols influence network performance in real-world applications. The transition from IPv4 to IPv6 has been a major focus in recent networking literature, driven by the growing demand for IP addresses due to the proliferation of IoT devices and mobile technology. IPv6 offers a larger address space, better routing efficiency, and enhanced support for mobile networks, making it more suitable for modern networking needs. It also eliminates the need for Network Address Translation (NAT), reducing overhead and improving performance [19]. Deng et al. [20] demonstrated that IPv6 generally outperforms IPv4 in Wi-Fi networks, particularly in terms of latency and throughput. However, these studies focused primarily on earlier Wi-Fi standards such as IEEE 802.11ac, and there is limited research on how IPv6 performs in Wi-Fi 6 environments, particularly in combination with advanced security protocols like WPA3. WPA3 was introduced in 2018 as a successor to WPA2 to strengthen wireless security against emerging attacks. Its main motivations include stronger protection against brute-force dictionary attacks, forward secrecy, and improved usability in open networks. WPA3-Personal employs the Simultaneous Authentication of Equals (SAE) key exchange, which is resistant to offline password-guessing attacks, while WPA3-Enterprise supports 192-bit minimum security. Encryption is achieved using AES-256-GCMP and, in some configurations, ChaCha20-Poly1305. Additionally, WPA3 introduces Opportunistic Wireless Encryption (OWE) for encrypting open networks without requiring credentials. Our empirical findings—minimal throughput degradation (<4%)—are consistent with WPA3’s intended design of balancing robust security with high performance.

MU-MIMO is one of the most important features of Wi-Fi 6, allowing multiple devices to communicate simultaneously with the access point. This significantly enhances network capacity and reduces latency in high-density environments. However, managing multiple connections poses challenges, particularly when security protocols like WPA3 are in place. Hoefel [11] explored the impact of MU-MIMO on network performance in Wi-Fi 6 networks and found that while MU-MIMO improves throughput, it also increases the complexity of device synchronization, especially when encryption is enabled. Additionally, packet size plays a significant role in determining network performance. Larger packets generally lead to higher throughput but can cause more packet loss in congested networks. Tsetse et al. [3] showed that packet size optimization is crucial for balancing throughput and latency in Wi-Fi networks.

The literature highlights significant advancements in Wi-Fi 6 technology, particularly in terms of throughput, latency, and efficiency. However, the interaction between security protocols, transport layers, and network layers remains underexplored. While WPA3 offers enhanced security, its impact on network performance is substantial, particularly when combined with TCP/UDP protocols and IPv4/IPv6 configurations. By critically analyzing these interactions, this research contributes to the optimization of Wi-Fi 6 networks for both performance and security, addressing the gaps identified in the existing literature. Deng et al. [9] provide a comprehensive evaluation of IEEE 802.11ax WLANs, emphasizing its ability to enhance throughput and spectral efficiency. The study highlights the role of OFDMA in enabling simultaneous transmission to multiple users, thereby reducing contention and improving network efficiency. Similarly, Weller et al. [15] focus on the performance measurement of 1024-QAM and downlink OFDMA, demonstrating significant improvements in data rates and spectral efficiency. Their findings indicate that these features are particularly effective in environments with high user density, such as stadiums and urban areas. However, the performance gains of Wi-Fi 6 are not without challenges. Qu et al. [7] note that the efficient deployment of Wi-Fi 6 requires careful configuration and management of network resources. For instance, the dynamic allocation of OFDMA subcarriers and the optimization of MU-MIMO transmissions are critical for maximizing throughput. The study also highlights the need for robust interference management techniques to mitigate the impact of co-channel interference in dense deployments.

Alghamdi [5] examines the impact of security protocols on the performance of WLANs, focusing on IEEE 802.11ac. The study highlights the trade-offs between security and performance, noting that encryption and authentication mechanisms can introduce significant overhead, thereby reduce throughput and increase latency. While the study predates Wi-Fi 6, its findings are relevant for understanding the security-performance trade-offs in modern WLANs. Tsetse et al. [3] extend this analysis to IEEE 802.11ac networks, demonstrating that the overhead associated with security protocols can have a pronounced impact on network performance. Their findings suggest that the implementation of advanced security mechanisms in Wi-Fi 6 must be carefully balanced against the need for high throughput and low latency.

The studies provide valuable insights into the performance and security of Wi-Fi 6 networks. However, several gaps remain in the literature. First, there is limited research on the interaction between advanced security mechanisms and the performance of Wi-Fi 6 in high-density environments. Second, the impact of Wi-Fi 6E on network security requires further investigation, particularly in the context of emerging threats and vulnerabilities. Finally, more work is needed to address the challenges of deploying Wi-Fi 6 in real-world scenarios, including interference management, resource allocation, and the optimization of security protocols. The summary of related work is presented in

Table 1. Summary of related work on impact of security protocols on Wi-Fi client–server network.

Reference	Scope	Transport Layer (TCP/UDP)?	IP Layer (IPv4/v6)?	Gigabit Wi-Fi Security?	Testbed Approach?
[12]	Overview of 802.11	×	×	×	×
[9]	Performance evaluation of 802.11ax	√	×	×	√
[19]	802.11ax performance for Infrastructure	√	√	×	√
[15]	Wi-Fi 6 performance of 1024-QAM and DL OFDMA	√	×	√	√
[16]	Wireless security in Wi-Fi 6e networks	×	×	√	×
[7]	Survey and performance evaluation of 802.11ax	√	√	√	√
[5]	Throughput analysis of 802.11ac security	√	×	√	√
[4]	Impact of security on 802.11ac networks	√	×	√	√
[13]	Tutorial on 802.11ax high efficiency WLANs	√	√	×	√
Our work	Exploring Wi-Fi 6 security	√	√	√	√
	Investigated the effect of Wi-Fi 6 Security on TCP/UDP throughput and packet losses in client–server networks using a testbed approach.

.

3. Methods

3.1. Research Methodology Adopted

We employ a test-bed measurement approach to study the system performance. Research methodologies are typically categorized into three main types: qualitative analysis, quantitative analysis, and a mixed-method approach that combines both. For this study, a quantitative approach was adopted (testbed) to evaluate the network’s performance.

In this study we focus on system throughput performance. We also measure jitter and packet losses empirically. The network performance metrics that we considered are briefly discussed next.

• Throughput: Throughput is the quantity of application layer data transferred across the network. It is the rate at which messages are transmitted from source to the destination node. For instance, a network throughput is the average data rate (measured in bits per second) across the network. For maximum performance, all packets must be able to get to the right destination without any errors. If an excessive number of packets are losing their way during transmission, the network’s performance is likely to be dropped. Therefore, it is crucial to keep track of network traffic speed. It can help gain the visibility of network performance in real-time and provide better understanding of the rate of delivery of packets. The network’s throughput average is generally believed to reflect the network’s overall performance accurately. The fact that if network throughput performance is not optimal indicating an issue with packet loss or network congestion on the network.
• Packet Loss: Packet losses occur when some or all the data packets moving over a network do not reach their destination. Loss of packets in the TCP connection can also prevent congestion and deliberately reduce the speed of the connections. For example, for UDP Down to 60 Mbps and losses 40% indicating that during the most recent test cycle, the server sent one megabit of data in 10 milliseconds, and the client received 0.6 megabits in 10 milliseconds, with 0.4 megabits lost in transit. It is usually the reason for the loss of packets. There are two primary protocols that can be transmitted: either TCP or User Datagram Protocol (UDP) transport layer protocol. The TCP needs a reliable connection to send traffic. It returns to the packets lost in times with a very high delay and resends them until they reach their destination. When using UDP traffic, there is no automated transmission for lost packets. However, UDP is utilized in live streaming applications (e.g., VoIP and video traffic), handling specific amounts of loss of packets.
• Jitter: Information is transferred to data packets transmitted over the network. Jitter is a measure of delay variance (in milliseconds) experienced by the packets of the same flow. For real-time applications (e.g., voice and video), the packets must be released to the destination in the correct order and at the same rate released at the source. The buffer at the client (called de-jitter buffer) compensates for the jitter introduced by the network if the delay variation is not too much. It is usually caused by congestion on networks, and occasionally, routes change.

3.2. Research Methods

The purpose of empirical study (testbed) was to observe live network performance using real hardware/software. The client–server network testbed is shown on Figure 1. It consists of a Server, an 802.11ax Access point/Router (TP-Link) and a wireless client (802.11ax laptop). The server is connected to TP-Link Router with a category 6 (CAT6) cable (1 Gbps).

The AP provides IEEE 802.11ax MU-MIMO (DL/UL) with explicit beamforming. Experiments used a client–server topology employing two spatial streams; MU-MIMO support remained enabled at the AP throughout, so the measured WPA2/WPA3 overhead reflects a MU-MIMO-capable Wi-Fi 6 deployment, even without scaling to concurrent multi-client traffic. The AP and client were positioned 3 m in a controlled laboratory environment to minimize interference. The testbed operated in the 5 GHz band with a 160 MHz channel width, using channel 48 (5.2 GHz) to ensure interference-free communication. The AX11000 was configured with downlink and uplink MU-MIMO enabled and explicit beamforming active. While our trials exercised a single AP–client flow with two spatial streams, the AP operated under 802.11ax MU-scheduling, so contention/allocation and PHY features active in Wi-Fi 6 were preserved. This ensures measured WPA2/WPA3 effects reflect a MU-MIMO-capable configuration even without concurrent multi-client traffic. Although the router supported up to eight spatial streams, only two were utilized in our experiments. To enhance reliability, each experiment was repeated ten times and average values were reported. Background interference was further minimized by isolating the AP and conducting tests outside peak usage hours. Link adaptation was active on both AP and client with support up to MCS11 (1024-QAM); in our low-interference 3 m LoS setup, the link typically held high MCS indices, consistent with the high throughputs reported. The AP was run in 802.11ax mode with OFDMA and 1024-QAM enabled, consistent with device defaults. This ensures measurements capture Wi-Fi 6 PHY/MAC efficiencies when assessing WPA2/WPA3 overheads. To isolate the effects of the security protocols, several variables were controlled:

• AP and client were placed at a fixed distance of 3 m in line-of-sight.
• No physical barriers were present.
• Tests used an isolated 5 GHz channel (channel 48 at 5.2 GHz) during low-usage hours to minimize interference.
• All experiments were repeated under identical laboratory conditions.

The evaluation considered the transport layer (TCP/UDP), network layer (IPv4/IPv6), and WPA2/WPA3 security protocols. As a baseline, system performance was first measured in an open configuration (no security), after which WPA2 and WPA3 were enabled for further analysis. In all scenarios, the router was configured solely as an 802.11ax access point, while Windows Firewall and Antivirus were disabled to prevent interference with measurements. This methodology enabled a systematic investigation of Wi-Fi 6 security and its impact on throughput, jitter, and packet loss in a Gigabit client–server environment.

3.3. Protocol Configurations and Measurement Tools

IPerf [21] is as an open-source network analysis tool to measure network bandwidth. For protocol configuration, WPA2 and WPA3 were implemented in Personal mode using WPA2-PSK (AES) and WPA3-SAE (AES-256-GCMP) The main analysis uses Personal mode (WPA2-PSK/AES and WPA3-SAE/AES-256-GCMP). WPA3-Enterprise with RADIUS (192-bit minimum security) was configured and validated for consistency, but quantitative results presented correspond to Personal-mode trials, which dominate client–server deployments. The AP was also tested in Open System mode (no encryption) for baseline comparison. In enterprise scenarios, WPA3-Enterprise was configured with a RADIUS server supporting 192-bit minimum cryptographic strength. Default recommended security configurations were used to ensure alignment with industry practice. This tool offers client/server network functionality to measure throughput between nodes. iPerf generates TCP and UDP traffic loads between two hosts. It determines the maximum network bandwidth (throughput) between a server and a client to perform stress testing on the network’s communication channel. It is compatible with Linux and Windows operating systems for various parameters as shown in

Table 2. Parameters used in the investigation.

Parameter	Value
Network Configuration	Client/Server
Security Protocol	Disable
Transport layer protocol	TCP/UDP
IP Version	IPv4 and IP6
Packet Size	128 Kb
Bandwidth/data rate	1024 Mbps
Time	30 s

, including TCP and UDP with IPv4 and IPv6 protocols. Although industry-standard tools such as Netperf and Nuttcp are widely used, iPerf3 was chosen for its cross-platform compatibility (Linux/Windows), detailed throughput/jitter/loss statistics, and scripting integration for repeatability. For TCP experiments, we used the default congestion control algorithms: CUBIC on Linux and NewReno on Windows. Default flow control and congestion window parameters were retained to reflect typical system configurations. Jitter values are taken from iPerf3 per-UDP-stream reports and represent the variance of inter-packet arrival times at the receiver. For TCP, iPerf3 reports near-zero jitter because reliability mechanisms (ACKs/retransmission/flow control) mask inter-arrival variation at the application layer.

3.4. Windows Testbed Setup (Microsoft Windows, 64-Bit)

The objective of the Windows testing method is to assess the performance of the network using iPerf3 as a network testing tool on both the server and client sides. By running iPerf3 on a Windows Server and connecting it with a Windows Client, the experiment measures the network’s bandwidth and performance under specific parameters such as packet size, bandwidth, and duration. The test evaluates the effectiveness of IPv4 communication, with a focus on throughput and data transfer efficiency over a 30 s window. The results provide insights into the network’s capacity to handle varying packet sizes and bandwidth settings under controlled conditions. The following commands parameters of windows have been set for the testing purposes as shown in

Table 3. Technical specifications for setting up a testbed.

Hardware/Software	Function	Technical Specifications
TP-Link AX11000 Tri-Band Router (Ubuntu 22.04 LTS, kernel 5.15)	Wireless router	AX11000 delivers Wi-Fi speed over 10 Gbps
Dell XPS 15 9500	Client	Intel Core i7-10750H@ 2.60 GHz 16 GB DDR4 Ram Intel Wi-Fi 6 AX1650s Wireless Network Adapter 160 MHz
Dell OptiPlex 7060	Server	Intel i5-8500T 2.1-GHz 8 GB DDR4 RAM Intel 7 I219-LM Gigabit Ethernet Adapter
IPerf 3	Traffic generator/collector
CommView for Wi-Fi	Wireless monitoring tool	802.11 a/b/g/n/ac/ax networks
MS Windows OS (Windows 10 (64-bit))	Server and Client	Windows 10 (64-bit)

.

4. Results

The client–server network (Windows-based) testbed was set up and configured to study the system performance. The investigation centered on four primary performance metrics including MS Windows TCP and UDP throughput, jitters, and packet losses (IPv4 vs. IPv6). These results and comparative analysis provide a deeper understanding of the impact of security protocols on system performance in varying packet lengths. After the initial observation, we obtain TCP/UDP throughput for open security, WPA2, and WPA3 utilizing both IPv4 and IPv6 traffic. It is important to note that jitter and packet losses are also measured and analyses. The UDP traffic analysis is particularly relevant to connectionless communication protocols where packet timing and loss significantly impact the system performance. This structured approach enabled a thorough evaluation of the interplay between security protocols, transport layers, and IP versions in the Windows environment. The system performance measurement and analysis are structured through six studies presented next.

(i)

Study 1: Throughput performance

In Figure 2a, we plot packet length versus TCP throughput for WPA2 and WPA3 security protocols for both IPv4 and IPv6 client–server (MS Windows 10) network. The results for open security (device security turn off) are also presented for comparison purposes. Likewise, the impact of Wi-Fi 6 security on UDP throughput is shown in Figure 2b.

Generally, TCP throughput increases as packet length increases. In an open network, IPv4 considerably outperforms IPv6 for all packet sizes. The noticeable difference was observed at packet length of 1024-byte IPv6 outperforms IPv4 by 23% at this packet size (520 Mbps for IPv6 compared to 400 Mbps for IPv4), which offers a 120 Mbps increase in throughput.

For WPA2, IPv6 outperforms IPv4 for all packet sizes. IPv6 outperforms IPv4 by 21% (480 Mbps for IPv6 and 380 Mbps for IPv4) and offers a maximum throughput increase of 100 Mbps. For WPA3, the maximum difference in throughput is spotted at packet length of 1024 bytes. IPv6 offers higher throughput than IPv4 by 20% (490 Mbps for IPv6 and 390 Mbps for IPv4). Therefore, when running IEEE 802.11ax in an open system network, TCP maintains consistent throughput regardless of packet sizes. The most significant difference in throughput between an open system and one with WPA2 security is observed at packet length of 1408 bytes.

By looking at Figure 2b, it is evident that UDP throughput increases with packet size increases. For an open security (no security), IPv6 offers higher throughput than IPv4 across all packet sizes. For instance, IPv6 achieves 16.5% (575 Mbps for IPv6 and 480 Mbps for IPv4) higher UDP throughput than IPv4 at the packet size of 1408 bytes. For WPA2 security, the greatest disparity between IPv6 and IPv4 occurs at packet size of 1280 bytes, with IPv6 surpassing IPv4 by 18.2% (520 Mbps for IPv6 compared to 425 Mbps for IPv4). Similarly, for WPA3 security, the maximum throughput difference is observed at packet size of 1408 bytes, where IPv6 outperforms IPv4 by 17.4% (570 Mbps for IPv6 versus 470 Mbps for IPv4).

When comparing IPv4 performance across the studied security modes (open security, WPA2, and WPA3), the TCP throughput remains approximately consistent, indicating minimal variation. In contrast, IPv6 exhibits slight differences in throughput depending on the security mode. The most notable difference occurs at packet size of 1408 bytes, where WPA2 drops throughput by 7.7% (520 Mbps for open system and 480 Mbps for WPA2). This suggests that while IPv6 generally delivers superior performance, the choice of security mode can influence throughput, particularly at larger packet sizes. These findings highlight the importance of considering IP versions and security configuration when optimizing throughput performance. We observe that WPA3 drops TCP and UDP throughput by 3.8% and 0.9% for IPv6. Overall, IPv6 outperforms IPv4 in both open and protected systems such as WPA2 and WPA3.

(ii)

Study 2: Jitter performance

Figure 3 shows the Jitter (ms) for IPv4 and IPv6 on WLAN 802.11ax Client–Server (Windows 10) with WPA2 and WPA3 security and open system. One can observe that this test exhibits no jitter for both IPv4 and IPv6, which correspond to all OS, WPA2, and WPA3 security protocols.

(iii)

Study 3: Packet losses

Figure 4 shows the lost datagram for IPv4 and IPv6 in an 802.11ax client–server network for security protocols (WPA2 and WPA3). Operating systems supporting IPv4 and IPv6 were identified by measuring their packet sizes between 128 and 1408 bytes. The results for lost datagrams show that both MS Windows and Linux IPv4 portray the same throughput. For IPv6, the lost datagram (in %) steeply increases as the packet size increases. However, Windows outperforms (about 5%) Linux for most larger packet sizes. The maximum performance difference between Linux and Windows IPv6 is at packet size of 512 bytes. However, Linux outperforms Windows IPv6 by 100%.

4.1. Comparative Analysis

In this section we study the impact of Windows and Linux on system throughput for various security protocols, including WPA2 and WPA3. We focus on analyzing system performance using both Linux and Windows testbeds for various scenarios, including the effect of WPA3, WPA2, and open security on TCP/UDP throughput (Windows vs. Linux).

(iv)

Study 4: Effect of WPA3 on Throughput (Windows vs. Linux)

Figure 5a shows WPA3 TCP throughput for IPv4 and IPv6 on 802.11ax Client–Server Windows 10 operating system (OS). The result for Linux is also shown for comparison purposes. In most scenarios, as packet sizes increase, so does TCP throughput for MS Windows. For Linux, throughput rises with an increase in packet sizes to 900 Mbps, after which the curve flattens. On a WPA3 network, Linux IPv6 and IPv4 significantly outperform Windows 10 by about 40% for all packet sizes, with a maximum difference of 87.6% at packet size of 256 bytes. Linux OS exceeds Windows system by 87.6% (900 Mbps for Linux system and 111 Mbps for windows). For WPA3, in the windows operating system, the TCP throughput increases equally for IPv4 and IPv6 with packet sizes.

Figure 5b shows the UDP throughput for IPv4 and IPv6 on 802.11ax Client–Server (Windows vs. Linux) with WPA3 security. As the packet size changes, UDP’s throughput also increases consistently along with them. UDP throughput for Linux with IPv6 outperforms Windows IPv6 for all packet sizes up to 1152 bytes, after which the throughput drops consistently with increasing packet size to 1280 bytes and rises again to 1480 bytes, though at a lower rate than MS Windows. Linux throughput on IPv4 outperforms IPv4 Windows for all packet sizes with an average improvement of 30.6%. For WPA3 in Linux vs. Windows with IPv4, the maximum difference between Linux IPv4 and Windows IPv4 is at packet size of 512 bytes, where IPv6 outperforms IPv4 by 51.7% (369 Mbps for Linux IPv4 vs. 178 Mbps for Windows IPv4), representing a 191 Mbps increase. IPV6’s WPA3 security shows that between two OS systems, they are spotted at 512 bytes, where IPV6 Linux shows 372 Mbps over IPV6 Windows at 178 Mbps, which is 52.15% difference. On MS Windows, IPv4 and IPv6 had approximately equal throughput for all packet sizes. Across the board, Linux outperforms MS Windows in WPA3-secured networks.

(v)

Study 5: Impact of WPA2 Security on Throughput (Windows vs. Linux)

Figure 6a shows the TCP throughput for IPv4 and IPv6 on 802.11ax Client–Server (Windows 10 vs. Linux) with WPA2 security. In most scenarios, as the packet size increases, the throughput of TCP also increases consistently for Windows. For Linux, the throughput increases with an increase in packet size to 900 Mbps, after which the curve flattens. On the WPA2 network, Linux IPv6 and IPv4 significantly outperform Windows 10 on all packet sizes by about 40%, with the most significant difference at a packet size of 256 bytes. On WPA2 network, Linux IPv6 and IPv4 significantly outperform Windows for all packet sizes by about 40%. The TCP throughput increases equally for IPv4 and IPv6 throughout the packet lengths for Windows. The Linux system with WPA2 outperforms Windows on IPv6 and IPv4, where the maximum difference is spotted at 256 bytes. Overall, Linux outperforms Windows in WPA2 secured system.

Figure 6b shows the UDP throughput for IPv4 and IPv6 on Linux and Windows operating systems running on WPA2 secured network. In all scenarios, as the size of the packet increases, the performance of UDP also increases proportionally. The Linux Operating system with IPv6 and IPv4 outperforms Windows IPv4 and IPv6 with an average increase of 50.4% on all packet sizes.

(vi)

Study 6: Impact of Open Security on Throughput (Windows vs. Linux)

Figure 7a shows IPv4 and IPv6 TCP throughput on Windows and Linux server for Open security. For Windows, increasing the packet size from 128 to 256 bytes improves throughput by 58.7 Mbps. As we increase the packet size, IPv4 performs equally as IPv6 throughout the packet’s length, with a slight difference at packet size of 1408 bytes. For Linux, UDP throughput increases with increased packet size consistently, to 898 Mbps, after which the curve flattens. IPv4 performs better than IPv6, with the highest throughput difference of 16 Mbps at 1152 bytes for all packet sizes. As packet size increases, performance remains nearly constant up to 1408 bytes. Linux operating systems with IPv4 and IPv6 have the same throughput for small packet sizes (256 bytes). Still, the throughput increases steeply as the packet size increases. However, for most of the large packet sizes, throughput is slightly constant. Also, IPv4 gives a higher throughput than IPv6 for packet sizes larger than 384 bytes. We observe that Linux outperforms Windows throughout the packet sizes by 60%. The maximum difference is at packet size of 256 bytes, where the Linux server outperforms Windows by 86.6% (898 Mbps for Linux and 111 Mbps for Windows).

Figure 7b compares UDP throughput of IPv4 and IPv6 using Windows and Linux security. We observe that the highest throughput is achieved using Linux client–server network than MS Windows 10 Server. For example, for IPv4 using Linux Server, the throughput is 549 Mbps (13.3% increase from Windows 10, which has a throughput of 476) at a packet size of 1408 bytes. On the other hand, the highest throughput for IPv6 using Linux Server is 514 Mbps (7.4% increase from Windows 10 Server, which is at 476 Mbps) at packet size of 1408 bytes. For open system (no security), the maximum difference in IPv4 and IPv6 between Windows and Linux was observed at packet size of 512 bytes where IPv6 and IPv4 on Linux outperform MS Windows by 52.15%.

Each experiment was repeated ten times under identical conditions, and the reported throughput values represent the averaged results. During repetitions, the variation across runs was minimal (within ±2–3% of the mean), indicating stable system performance. Given this consistency, error bars or confidence intervals were not included in the graphs, as they would overlap with the plotted values and provide limited additional insight. Instead, the averages reported in both the figures and accompanying summary tables reliably capture the system performance trends across WPA2 and WPA3 configurations.

The observed differences between Windows and Linux performance can be attributed to differences in network stack design and NIC driver implementations. Linux employs a more streamlined kernel-level network stack with efficient buffer management, faster context switching, and optimized NIC drivers, which reduces processing overhead. Windows, by contrast, relies on additional abstraction layers (e.g., WinSock API) and background services, which increase latency and reduce throughput. Furthermore, Linux supports more advanced offloading features (e.g., TCP Segmentation Offload, Large Receive Offload), which improve packet handling efficiency. These architectural distinctions explain the higher throughput and smoother convergence trends observed in Linux compared to Windows across WPA2/WPA3 scenarios.

4.2. Summarization of Results

The summary of key research findings is presented in

Table 4. Effect of WPA3 security on TCP/UDP throughput dropping.

	Open System	WPA2	WPA2 Throughput Drops (%)	WPA3	WPA3 Throughput Drops (%)
TCP Throughput (Mbps)	520 IPv6 400 IPv4	480 IPv6 380 IPv4	7.7 5.0	500 IPv6 390 IPv4	3.8 2.5
UDP Throughput (Mbps)	575 IPv6 480 IPv4	520 IPv6 425 IPv4	9.6 11.5	570 IPv6 470 IPv4	0.9 2.1

Note: (1) WPA3 UDP offers 12.3% higher throughput than TCP for IPv6. (2) For WPA3, IPv6 outperforms IPv4 by 23% and 16.5% for TCP and UDP throughput, respectively.

. The TCP and UDP throughput (Mbps) for open system (no security), WPA2, and WPA3 for both IPV6 and IPv4 are shown in Row 2 and Row 3, respectively. Column 5 shows average throughput drops because of Wi-Fi 6 WPA3 security protocol. For instance, WPA3 TCP throughput drops by 3.8% [${\displaystyle \frac{520-500}{520}}\times 100\mathrm{\%}]$ for IPv6. This throughput degradation is due to encryption overheads.

The performance fluctuation and convergence trends observed in Figure 5, Figure 6 and Figure 7 can be attributed to the distinct design strategies of Windows and Linux operating systems. Linux employs a lightweight, modular kernel-level network stack that emphasizes efficiency in packet scheduling, buffer management, and interrupting handling. This design allows Linux to achieve smoother convergence and reduced variance in throughput as packet sizes increase. By contrast, Windows incorporates additional abstraction layers (e.g., WinSock API) and background processes for security and compatibility, which can introduce latency and variability in data handling. Furthermore, Linux NIC drivers typically expose more advanced offloading features (e.g., TCP Segmentation Offload, Large Receive Offload), whereas Windows applies stricter consistency and verification mechanisms that increase overhead. These architectural differences explain why Linux demonstrates more stable performance trends with minimal fluctuation, while Windows shows greater variance and slower convergence under the same WPA2/WPA3 security configurations.

To complement the graphical results, two summary tables are provided for quick reference.

Table 5. Average Throughput (Mbps) for WPA2 and WPA3 across TCP/UDP and IPv4/IPv6.

Security	Protocol	TCP (IPv4)	TCP (IPv6)	UDP (IPv4)	UDP (IPv6)
Open	Baseline	400	520	480	575
WPA2	Enabled	380	480	425	520
WPA3	Enabled	390	500	470	570

Note: Values represent averages across 10 test runs. WPA3 shows minimal degradation compared to WPA2, with IPv6 consistently outperforming IPv4.

presents the average throughput values for WPA2 and WPA3 across TCP/UDP and IPv4/IPv6 environments. The results confirm that WPA3 introduces only minimal performance degradation (<4%) compared to WPA2, with IPv6 consistently achieving higher throughput than IPv4.

Table 6. Comparative Performance of Windows vs. Linux under WPA2 and WPA3 (Throughput, Jitter, Packet Loss).

Security	OS	TCP (Avg. Mbps)	UDP (Avg. Mbps)	Jitter (ms)	Packet Loss Trend
WPA2	Windows	~380–420	~425–450	~0	Low (IPv4), Moderate ↑ with IPv6 size
WPA2	Linux	~600–900	~650–950	~0	Very Low overall
WPA3	Windows	~390–430	~440–470	~0	Low (IPv4), Moderate ↑ with IPv6 size
WPA3	Linux	~650–900	~700–950	~0	Very Low overall

compares the performance of Windows and Linux under WPA2 and WPA3 in terms of throughput, jitter, and packet loss. The findings demonstrate that Linux achieves higher and more stable throughput with negligible jitter and lower packet loss, whereas Windows shows greater fluctuation due to additional abstraction layers in its network stack. These results align with the figures presented earlier and provide a concise numerical reference to support the observed trends.

5. Practical Implications

The results from both Windows and Linux testbeds reveal important insights into the impact of Wi-Fi 6 security protocols (Open security, WPA2, and WPA3) on system performance, especially TCP/UDP throughput for IPv4 and IPv6. While both operating systems showed consistent patterns, MS Windows demonstrated slightly lower throughput than Linux, especially for IPv6 traffic. The higher efficiency of Linux, particularly in handling IPv6 traffic, can be attributed to its more optimized network stack and reduced overheads. For TCP throughput, the Linux-based testbed consistently outperformed MS Windows, with a significant performance gap observed at larger packet sizes demonstrating a 49% increase in throughput for IPv4 at packet size of 1408 bytes. Similarly, UDP throughput on Linux was notably higher, especially for IPv6, where Linux achieved an 87.7% increase compared with Windows at a packet size of 256 bytes.

WPA3 achieves optimized performance in high-density environments primarily through its Simultaneous Authentication of Equals (SAE) handshake and Opportunistic Wireless Encryption (OWE), which reduce the time and overhead of key exchange in crowded networks. When combined with 802.11ax MU-MIMO and OFDMA, these mechanisms allow multiple devices to authenticate and transmit securely with minimal encryption-induced delays. Our results confirm this: WPA3 introduced only a 3.8% throughput drop for TCP and 0.9% for UDP in IPv6 environments, which demonstrates that WPA3’s overhead remains negligible even in multi-user scenarios.

We observe that WPA3 introduced small overheads, as expected, due to its more advanced encryption techniques. However, both Linux and Windows testbeds showed that the performance degradation caused by WPA3 was minimal, particularly for IPv6 traffic, where the simplified and more efficient header structure mitigated the impact. This result highlights the robustness of WPA3 in maintaining high throughput and low latency, even in more secure environments. Jitter and packet losses remained minimal in both operating systems, with slight differences in UDP packet delays. Linux’s efficient socket layer and faster kernel switches provide better performance for all security protocols with respect to packet transmission and reception.

Our findings suggest that while both Windows and Linux can handle the demands of 802.11ax networks (Wi-Fi 6), Linux outperforms Windows in most scenarios, particularly when dealing with IPv6 traffic and larger packet sizes. This performance gap is likely due to the inherent differences in the network stack and system architecture between the two operating systems investigated. However, the relatively small differences in throughput, jitter, and packet losses contributing to dropping system performance for all security protocols indicate that 802.11ax wireless network is designed to maintain consistent performance, regardless of the security features enabled. These results highlight the scalability and reliability of 802.11ax, making it suitable for complex, high-demand wireless network environments. The security-related impact of WPA2 and WPA3 is reflected in system-level metrics such as throughput, jitter, and packet loss. Encryption introduces additional computation at both transmitter and receiver, which can lead to reduced throughput and increased packet processing delays. However, our results show that WPA3 overhead was minimal (≤3.8%), indicating that the security mechanisms are efficient and do not compromise quality of service. Thus, throughput, jitter, and packet loss serve as indirect indicators of security-performance trade-offs, confirming that WPA3 maintains robust protection without significantly burdening system performance.

Our empirical testbed results are consistent with prior simulation-based studies [4,5], which also reported throughput degradation when encryption mechanisms were applied. However, unlike earlier simulation work conducted in IEEE 802.11ac environments, where WPA3 introduced noticeable reductions in throughput, our IEEE 802.11ax testbed results show only minimal degradation (<4%). This indicates that the enhanced MAC/PHY layer efficiency of Wi-Fi 6, including OFDMA and MU-MIMO that effectively compensates for the additional processing overhead introduced by WPA3’s advanced encryption. Thus, our findings not only confirm but also extend simulation-based evidence, providing practical validation in real-world deployments and demonstrating that WPA3 can achieve strong security while maintaining near-baseline throughput in Wi-Fi 6 networks.

6. Conclusions

This study comprehensively analyzed the security features of 802.11ax (Wi-Fi 6) network across both MS Windows and Linux operating systems. We have measured throughput, packet loss, and packet jitter using iPerf3 tool and provided a detailed assessment of network behavior. The research findings revealed that IPv6 consistently outperformed IPv4, attributed to its streamlined header structure, absence of packet fragmentation, and efficient checksum processing. The testbed was set up to study the system performance and to simulate real-world scenarios, facilitated precise data collection across a range of packet sizes, enabling a robust evaluation of system performance in both Linux and MS Windows server environments. The obtained results have shown that the impact of WPA3 security on TCP/UDP throughput is not very significant. For instance, WPA3 drops TCP throughput and UDP throughput by 3.8% and 0.9%, respectively, for IPv6. This decrease in throughput is due to overheads introduced by advanced encryption technology. IPv6 consistently outperforms IPv4 in both TCP and UDP throughput. UDP offers higher throughput than TCP in IPv6 environments. Linux outperforms MS Windows in all scenarios, especially with larger packet sizes and IPv6 traffic.

However, as networks continue to grow in complexity, further research is recommended to explore potential challenges and optimizations. Future studies could investigate energy efficiency and scalability aspects of 802.11ax networks across both MS Windows and Linux operating systems, particularly in more diverse and demanding network conditions. Such investigations would provide valuable insights into enhancing the deployment and performance of next-generation wireless networks. While full-duplex transmission is being explored in next-generation standards such as IEEE 802.11be (Wi-Fi 7), our study focused on 802.11ax, which primarily enhances performance using OFDMA and MU-MIMO. At present, 802.11ax devices do not implement true MAC/PHY full-duplex capability, and therefore this feature was not included in our experiments. Future studies will investigate the impact of WPA3 when combined with full-duplex technology as it becomes available in Wi-Fi 7 deployments. This study focused on baseline performance under benign conditions to isolate the impact of security protocols. Future work will extend this evaluation to real-world security threats such as de-authentication attacks, man-in-the-middle (Evil Twin) attacks, and offline dictionary attacks. Such experiments will help to assess WPA3’s resilience and performance trade-offs under adversarial conditions.