Forum

  • Hello Everybody,
    Curious to get a close look at the 802.11 frames, I downloaded the Demo version of Airopeek (v 2.0.5). Under the 802.11 tab I choose to scan on all the 11 channels. I am using an Orinoco wireless card. Everything looked pretty normal except for a few of CF-End Frames that appeared in the scan. Please correct me if I am wrong, but as I understand the CF-End frames are transmitted only when the AP is in PCF mode and I have not heard of any product currently in market that supports this mode.

    Here are the details from one of the packets
    802.11 MAC Header:
    Version: 3 (I think there is one version only)
    Type: Control
    Sub-type: Contention Free ?¡é?€?¡° End
    Frame Control Flags: 00110000
    Duration: 5385microsecs
    Receiver: 2F:83:91:BC:07:60
    BSSID: 70:AC:5F:3F:D4:5A

    The MAC addresses seem to be garbage values.

    The only AP?¡é?€??s I know of in the area were a couple of Linux boxes running the hostap driver with a Senao radio. I did a scan with ethereal (Linux) using a Senao wireless card and it did not show any of the CF-End frames.

    Apart from the CF-End frames there we other Probe Response and 802.11 frag frames that were associated with garbage MAC addresses. The MAC addresses of all the packets were quite different.

    I am not well versed with 802.11 frames and its detail operation so I do not know if I am missing something. But any comments would be highly appreciated. I do have a few screenshots that I would not mind emailing if anyone wants to have a look.

    Thank you

  • Hi Essem:

    These are almost certainly corrupted frames that just happen to have the bit pattern that matches CF-End and other miscellaneous frame types.

    Filter for non corrupt frames and these will disappear.

    And learn to distrust protocol analyzers.

    I hope this helps. Can you add your city to your forum location? Thanks. /criss

  • Hey Criss_Hyde
    Thank you for that prompt response. It makes a lot of sense now. They surely could be corrupted frames. A quick glance at Airopeek did not show them as corrupted but with a couple of AP?¡é?€??s and a ton of associated clients that could definitely be the case.

    Thank you.

  • [quote="essem_9"]Hey Criss_Hyde
    Thank you for that prompt response. It makes a lot of sense now. They surely could be corrupted frames. A quick glance at Airopeek did not show them as corrupted but with a couple of AP?¡é?€??s and a ton of associated clients that could definitely be the case.
    quote]

    Make sure you've got the "flags" or "status" (don't remember what AiroPeek calls it) column turned on. It will show a "C", I believe, for corrupted frames.

  • Hey Joshua,
    I did look for the flags column and all those frames showed up as corrupted packets. Thank you for the information on the same. I was looking at the wrong location initially and apologies to everyone for posting a reply in haste.
    [/quote]

  • You may also obtain information about CRC errors in the Packet Info section of the decode (right under "Packet Flags")

Page 1 of 1
  • 1