Wireshark-users: [Wireshark-users] Concerning WMM decoding
From: "zze-Comodo RENAULT M ext RD-BIZZ-ISS" <mrenault.ext@xxxxxxxxxxxxxxxxxx>
Date: Mon, 29 Jan 2007 17:42:59 +0100
Hi everyone,
My name is Mathieu. I use Wireshark a lot at my work (and also at
home!).
My wireshark sniffer is installed on an Ubuntu with a 2.6.15 kernel. I
use a netgear WG511T PCMCIA card. The madwifi driver version is 0.9.1.
My problem is the following :
Iam working with Access Points and stations which implemennt WMM ( "QoS"
for wifi).
The frame format changes in comparison with 802.11 frame.
For a WMM data frame, the format is the following:
|Frame_ctrl 2B|Dur 2B|Addr1 6B|Addr2 6B| Addr3 6B| Seq_Ctrl 2B | Addr4
6B or 0B| QoS_Control 2B| Body nB|FCS 4B|
The QoS control field is :
15 7|6 5| 4 |3|2 0|
--------------------------------
0 |ack| EOSP |0| UP |
When I capture data frames (which carry RTP packets), the decoding of
the QoS control field changes depending on whether the frame is sent by
the station or the AP
Please see the QoS parameter field in these captures
==============================================
|WMM Data Frame sent by the station to the AP|
==============================================
No. Time Source Destination Protocol
Info
9238 41.491213 172.16.0.23 172.16.0.83 RTP
Payload type=ITU-T G.711 PCMU, SSRC=1391439426, Seq=64020, Time=2720
Frame 9238 (378 bytes on wire, 378 bytes captured)
Prism Monitoring Header
IEEE 802.11
Type/Subtype: QoS Data (40)
Frame Control: 0x0988 (Normal)
Duration: 44
BSS Id: SmcNetwo_57:69:38 (00:13:f7:57:69:38) (DUT)
Source address: NokiaDan_41:5c:74 (00:13:fd:41:5c:74) (STA)
Destination address: 3Com_ed:91:0e (00:04:75:ed:91:0e) (Asterisk
computer)
Fragment number: 0
Sequence number: 410
QoS parameters
Priority: 5 (Video) (Video)
TXOP Limit Requested: 0
Ack Policy: Normal Ack (0x0000)
Logical-Link Control
Internet Protocol, Src: 172.16.0.23 (172.16.0.23), Dst: 172.16.0.83
(172.16.0.83)
User Datagram Protocol, Src Port: 16384 (16384), Dst Port: 10220 (10220)
Real-Time Transport Protocol
=====================================
|Frame sent by the station to the AP|
=====================================
No. Time Source Destination Protocol
Info
9249 41.500530 172.16.0.83 172.16.0.23 RTP
Payload type=ITU-T G.711 PCMU, SSRC=574060427, Seq=10951, Time=800
Frame 9249 (378 bytes on wire, 378 bytes captured)
Prism Monitoring Header
IEEE 802.11
Type/Subtype: QoS Data (40)
Frame Control: 0x0288 (Normal)
Duration: 44
Destination address: NokiaDan_41:5c:74 (00:13:fd:41:5c:74) (STA)
BSS Id: SmcNetwo_57:69:38 (00:13:f7:57:69:38) (DUT)
Source address: 3Com_ed:91:0e (00:04:75:ed:91:0e) (Asterisk
computer)
Fragment number: 0
Sequence number: 2222
QoS parameters
Priority: 0 (Best Effort) (Best Effort)
.... 0... = EOSP: Service period
QAP PS Buffer State: 0x0
Ack Policy: Normal Ack (0x0000)
Logical-Link Control
Internet Protocol, Src: 172.16.0.83 (172.16.0.83), Dst: 172.16.0.23
(172.16.0.23)
User Datagram Protocol, Src Port: 10220 (10220), Dst Port: 16384 (16384)
Real-Time Transport Protocol
But in the WMM specifications, the "meaning" of the QoS Control field is
independent from the transmission direction.
Do you have an explanation?
Thank you for your help
Best regards
Mathieu Renault
- Prev by Date: Re: [Wireshark-users] Filtering a very large capture file
- Next by Date: [Wireshark-users] [ANNOUNCE] WinPcap 4.0 has been released
- Previous by thread: Re: [Wireshark-users] Question on new U3P format of Wireshark
- Next by thread: [Wireshark-users] [ANNOUNCE] WinPcap 4.0 has been released
- Index(es):