This really is a breeze. Look in the code, revisions >= patch17 contain the logic. Will make a more complete page later.
Harder than i thought. The magic number here is 0x0055, different from the more often observed 0x004d. As noted in the ancient page, this is a difference of packet type. I don't know 802.11 well enough to know for now, if someone wanna do the tedious work ;-)
TODO : check if this magic number is device dependent.
NOTE : There must be somewhere a SPEED (b/g, which speed, modulation...) indication. Where ?
00000000: 80 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000010: 55 00 6c 01 9e 09 00 03 8a 00 00 b5 19 50 72 00 00000020: 00 00 00 00 08 02 00 00 ff ff ff ff ff ff 00 09 00000030: 5b c7 09 38 00 0c 41 de 30 96 10 3e aa aa 03 00 00000040: 00 00 08 00 45 00 01 48 15 df 00 00 80 11 23 c7 00000050: 00 00 00 00 ff ff ff ff 00 44 00 43 01 34 71 0b 00000060: 01 01 06 00 22 4e 55 15 00 00 00 00 00 00 00 00 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 0c 41 de 00000080: 30 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000140: 00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63 00000150: 35 01 01 fb 01 01 3d 07 01 00 0c 41 de 30 96 0c 00000160: 0f 6a 65 61 6e 2d 33 36 32 30 38 31 66 31 32 37 00000170: 3c 08 4d 53 46 54 20 35 2e 30 37 0a 01 0f 03 06 00000180: 2c 2e 2f 1f 21 2b ff 00 00 00 00 00 52 41 5f ac
Another 55
00000000: 66 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000010: 55 00 52 00 9e 09 00 03 8a 00 00 8c 0e 14 74 00 00000020: 00 00 00 00 08 02 00 00 ff ff ff ff ff ff 00 09 00000030: 5b c7 09 38 00 09 5b c7 09 38 30 3e aa aa 03 00 00000040: 00 00 08 06 00 01 08 00 06 04 00 01 00 09 5b c7 00000050: 09 38 c0 a8 14 0d 00 00 00 00 00 00 c0 a8 14 e2 00000060: 00 00 83 00 1b 00 86 00 06 00 3d 00 04 00 19 00 00000070: 60 02 b0 d4 f0 bc 6e 6c
Another one, with good magic number, from the same snoop.
00000000: 5b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000010: 4d 00 47 00 9e 09 00 00 1f 00 00 d2 79 67 72 00
00000020: 00 00 00 00 80 00 00 00 ff ff ff ff ff ff 00 90
00000030: 4b 62 20 1e 00 90 4b 62 20 1e 60 16 94 51 ac fe
00000040: 03 01 00 00 64 00 11 00 00 0e 44 57 2d 42 2d 32
00000050: 30 30 2d 31 34 62 33 33 01 04 82 84 0b 16 03 01
00000060: 0b 05 04 01 03 00 00 d5 19 00 62 45
<example>
Another one, received after a control sequence
Ctrl sequence :
<example>
00000000: 0f 08 00 00 00 40 40 00 00 00
PipeHandle = 812c1760 [endpoint 0x00000001]
00000000: 00 02 02 00 14 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 80 08 00 00 00 00 00 0d 00 00 00 03 00 01 00
00000020: 01 00 00 00
00000000: 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000010: 5d 00 4c 00 9e 09 00 00 8a 00 00 79 0f db 73 00 00000020: 00 00 00 00 80 00 00 00 ff ff ff ff ff ff 00 09 00000030: 5b c7 09 38 00 09 5b c7 09 38 20 3e dd d1 1f fe 00000040: 20 00 00 00 64 00 21 04 00 06 63 6f 75 63 6f 75 00000050: 01 04 82 84 8b 96 03 01 0b 2a 01 00 32 08 0c 12 00000060: 18 24 30 48 60 6c 05 04 00 01 00 00 76 ed c0 0a
A 0x0053 now ! where will it end ?
00000000: 84 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000010: 53 00 70 01 9e 09 00 08 83 00 00 84 ad e4 7e 00 00000020: 00 00 00 00 08 02 2c 00 00 0c 41 de 30 96 00 09 00000030: 5b c7 09 38 00 09 5b c7 09 38 b0 3e aa aa 03 00 00000040: 00 00 08 00 45 10 01 4c 00 00 00 00 40 11 cf 51 00000050: c0 a8 14 0d c0 a8 14 e2 00 43 00 44 01 38 48 39 00000060: 02 01 06 00 22 4e 55 15 00 00 00 00 00 00 00 00 00000070: c0 a8 14 e2 c0 a8 14 0d 00 00 00 00 00 0c 41 de 00000080: 30 96 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000140: 00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63 00000150: 35 01 02 36 04 c0 a8 14 0d 33 04 00 00 17 70 01 00000160: 04 ff ff ff 00 0f 1c 6c 6f 63 61 6c 2e 67 78 61 00000170: 61 66 6f 6f 74 2e 68 6f 6d 65 6c 69 6e 75 78 2e 00000180: 6f 72 67 03 04 c0 a8 14 0d 06 04 c0 a8 12 0d ff 00000190: 0d 79 6d 7f
00000000: 68 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000010: 53 00 54 00 9e 09 00 08 83 00 00 00 f4 c7 81 00 00000020: 00 00 00 00 08 02 2c 00 00 0c 41 de 30 96 00 09 00000030: 5b c7 09 38 00 09 5b c7 09 38 00 3f aa aa 03 00 00000040: 00 00 08 00 45 00 00 30 00 01 40 00 40 01 90 8c 00000050: c0 a8 14 0d c0 a8 14 e2 08 00 3f e3 b8 1c 00 00 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00000070: 00 00 00 00 19 38 46 71
Acknowledgement of sent data ?
First one sent : (1) receives nada ?
00000000: 00 02 02 00 14 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 80 08 00 00 00 00 00 0d 00 00 00 03 00 00 00
00000020: 00 00 00 00
| Bit mask ? 3 = 2 | 1 |
00000000: 00 02 02 00 14 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 80 08 00 00 00 00 00 0d 00 00 00 03 00 03 00
00000020: 03 00 00 00
15 ms later, sends this : (3) enables mgmt receiving ?
00000000: 00 02 02 00 14 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 80 08 00 00 00 00 00 0d 00 00 00 03 00 01 00
00000020: 01 00 00 00
Much used during scan on uli's device. (4)
00000000: 00 02 02 00 14 00 00 00 00 00 00 00 00 00 00 00 00000010: 01 80 08 00 00 00 00 00 0d 00 00 00 03 00 01 00 00000020: 00 00 f4 01
usbsnoop ver1 first alternates between (4) and (1), then goes between (2) and (3). (2) followed quickly by (3), then wait, then again...