Forum

  • Well, WMM is here. I've been pushing it off for a while, and today it bit me squarely in the tush. I was analyzing a bridge link between two Cisco 1300 bridges with CommView for WiFi when I realized that none of the traffic made a bit of sense. The data frames were showing up 802.2 instead of 802.11 Data. I tried AiroPeek NX - same result, except the analyzer was saying SNAP then Null something or other. I tried AirMagnet - which said unknown frame type. After speaking with Michael Berg at Tamosoft, reading some of the 802.11e standard, reading the Cisco code's release notes, digging through the bridges' GUI managment interface, and analyzing some of the analyzer traces I had taken, I came to the conclusion that we were seeing 802.11e QoS Data (Subtype 1000) frame types, which the analyzers could not decode. After we had nailed down what was happening, Michael said he would immediately begin updating CommView for WiFi for decoding these frames.

    I reset the bridges to their manufacturer's default setting, and use of WMM was default. I'm using 12.3(2)JA code (the latest available). There's a simple check box for disabling it. After reading the Wi-Fi Alliance's document on WMM, it was apparent (for obvious reasons) that WMM-enabled devices use WMM when possible and do not when they speak with non-WMM-capable devices. So, my two bridges were both capable and automatically kicked into using Subtype 1000 data frames.

    Just thought I'd throw you CWAPs and CWAPs-2b a little help before you got nailed by the same little issue.

  • By (Deleted User)

    Good info Devin. Have you spoken to Charles at Network Instruments to see when they'll be updating Observer?

    It's interesting that those packets were totally misanalyzed -- seems like "unknown" would be better than a misdiagnosis.

    Joel

  • joelb Escribió:

    Good info Devin. Have you spoken to Charles at Network Instruments to see when they'll be updating Observer?

    It's interesting that those packets were totally misanalyzed -- seems like "unknown" would be better than a misdiagnosis.

    Joel


    I examined the decode of these packets in AiroPeek, and in my opinion, the decodes were incomplete, but not in any way incorrect. The information that the analyzer was giving could certainly be misleading, unexpected, and difficult to interpret, but I wouldn't call it a "misanalysis".

    For example, the WMM packets that I saw had a SAP header with SSAP and DSAP 0x00 ("Null SAP") and Command field 03, "Unnumbered information". The "Null SAP" is not associated with any particular layer 3 protocol, so AiroPeek isn't able to decode any further, and labels the packets as "Null SAP" in the packet list tab. From my examination of the hexadecimal dump of the frame, I believe that this decode is correct.

  • Made Charles aware of the problem via email, but no response yet. Stuff like this keeps analysts on their toes. ;)

    Devinator

  • By (Deleted User)

    If anyone sees WMM decoder issues with AiroPeek and our beta WMM decoder, please let us know! Feedback is greatly appreciated...thanks!

    -Eric Thomas
    Technical Support, WildPackets Inc.

  • Hi Eric,

    I used AiroPeek NX v2.05 when I was analyzing this link, and it didn't recognize anything 802.11e/WMM related. I was just looking at the Wildpackets website regarding the AiroPeek NX product. It still shows v2.02 instead of 2.05 which has been out for quite some time. Additionally, the product page, found at:
    http://www.wildpackets.com/products/airopeek_nx/new
    doesn't show support for WMM/802.11e frame types.

    Can you give me some feedback on what the scoop is on v2.02 vs 2.05, when WMM decodes will be supported, etc?

    thanks!

    Devin

  • By (Deleted User)

    Ok, I created a login now, so I should see replies to threads...

    2.0.5 is the latest version.

    Our site is undergoing a face-lift, so sorry about the misinformation on that link...our site is in need of some attention ;-) The new site goes live soon...

    Our WMM decoder is in beta, so it is not available in the release version.

    You can get the beta decoder here:
    http://www.wildpackets.com/support/decoders

    Please send us feedback at support and we will pass your findings along to our decoder developers.

    http://www.wildpackets.com/support/contact

    We hope to release a new rev of AiroPeek very soon...version 3.0. I'd hate to spout off release dates and set expectations, but we've definitely added some nice enhancements. Omni with Wireless shows a glimpse of where our wireless analyzer is at.

    -Eric

  • ...I thought I signed in anyway...

    -E

  • Thanks for the update! I hope to see the WMM decoder update to Draft-12 soon.

Page 1 of 1
  • 1