Data sent frames

TX USB packets

Let's take as an example :

00000000: 6c 07 02 00 bb 01 00 00 00 00 00 00 00 00 00 00
00000010: 10 40|81 01|08 e0 28 81|01 00 07 07|08 07 06 04
00000020: 11 11 10 10 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00|04|00 00 00 00 00 00 00
00000040: 00 00 02 7f 33 00 00 00|02 46|08 01 00 00 00 09
00000050: 5b c7 09 38 00 0c 41 de 30 96 ff ff ff ff ff ff
00000060: 00 00 aa aa 03 00 00 00 08 00 45 00 01 61 15 e0

(Some) fields and their meaning

Queue identifier (32 bits, offset 0x0)

6c 06 02 00, 6c 07 02 00, 6c 08 02 00, 6c 09 02 00

I've understood the logic, but i cannot relate to a hardware meaning (yet). There is a certain number of available slots, whose numbers are listed above (these are the observed values, maybe there are more). Those slots can be used mainly for two purposes : data communication (packet sending), eeprom communication (in the init sequence) and statistics collection (throughout the driver life).

When one is "in use" (to be defined later), you have to switch to another one. They seem to me rather equivalent, but i can be mistaken. A slot is in use as long as an "acknowledgement" packet (or a response packet, in the case of a stat request / eeprom readback) has not been delivered. For stat requests, this means the stats are not yet back. For a generic data packets, this means the status packet has not been received. (For a probe packet, this means that the packet in this slot is still the one in use. For a beacon packet, the same. For a data packet, this can mean that the packet still has to be acked)

Typical use scenario, master mode

Alloc a probe frame on slot 6c 06 02 00 for active scanning after one round of passive scan. Send those probes along the scan with a special freq change packet (look for 06 00 28 00).

Meanwhile, ask for statistics about received packets using slot 6c 07 02 00

Once you've found the channel, switch to it, in sending mode (look for 01 00 00 00 instead of 06 00 28 00 in frequency change). Then send your assoc requests using slot 6c 07 02 00 (typically the above stats request are replied to very fast, meaning the slot is always free).

Typical use scenario, ad-hoc mode

There you go up to the frequency setting, then you alloc your beacon frame on slot 6c 07 02 00 (instead of using the slot for assoc request), then data transmittion is carried out on slot 6c 08 02 00 (the other two are taken up).

Magic 1 (16 bits, offset 0x10)

Not well understood yet, i lack testing. 0x4010 : data frame. 0x4020 : beacon frame. 0x4000 : management frame.

Type of frame (byte, offset 0x38)

Frame offset (byte, offset 0x48)

just before the frame it indicates the offset at which the actual frame starts, and is the padded with meaningless values. Usually we find there 02 or 04. here we have 02 + 1 byte of padding.

(Maybe) Frame completion (32 bits, offset 0x18)

The device fills in automatically some fields : the FCS (!) the duration / ID field, the sequence control field. This seems controlled by the (of this i'm not sure, i now lack testing).

Some unknown fields

Take the following tx headers :

00000000: 6c 06 02 00 6c 00 00 00 00 00 00 00 00 00 00 00
00000010: 00 40 30 00 08 40 2f 81 00 00 01 01 00 00 00 00
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
00000040: 00 00 00 00 00 00 00 00 04 c7 09 38 40 00 00 00
00000000: 6c 07 02 00 a2 01 00 00 00 00 00 00 00 00 00 00
00000010: 10 40 68 01 08 e0 28 81 01 00 07 07 08 07 06 04
00000020: 11 11 10 10 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
00000040: 00 00 02 7f 33 00 00 00 02 46 08 01 00 00 00 09
00000000: 6c 07 02 00 5a 00 00 00 00 00 00 00 00 00 00 00
00000010: 00 40 1e 00 08 70 34 81 01 00 07 07 00 00 00 00
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
00000040: 00 00 02 7f 23 00 00 00 04 73 28 46 08 01 00 00
00000000: 6c 07 02 00 5a 00 00 00 00 00 00 00 00 00 00 00
00000010: 00 40 1e 00 80 14 ba 85 01 00 07 07 00 00 00 00
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00
00000040: 00 00 00 7f 23 00 00 00 04 d0 38 f6 b0 00 00 00

Usual suspects for those fields :

  1. device-dependent tx queue mechanism
  2. rate indications

2'. long/short preamble

2”. RTS/CTS management

  1. we know that in the middle of this can be inserted a WEP key
  2. indications of what fields the device must handle (offloading of certain operations, for instance sequence number, station ID, duration, FCS,...)

In order to understand this, we'll need to try and emit with different parameters, sniff the packets, and see the difference in the emited packets. See TestCases for what tests i did (leading up to the current driver) and TaskList for what i think should be tested, and how, to make sense of the fields above.

status response USB packets

General meaning of these packets

Those packets are actually a status report about a particular memory slot in the device's memory. This status may indicate that the memory slot is free OR NOT. We have to understand which flags tells us this, but i can generate cases where the slot is known not to be free, so this should be not great problem.

for data packets

00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 80 08 00| magic1 + packet length
                      08 70 34 81| address of the buffer, repeated
                                  08 00 07 07| means the frame was sent ok (repeat of the above magic1' field)
                                              00 01 83 00 : means the data was acknowledged, and the ack had strength 83 00 (16 bits le).
00000020: 80 00 10 10
10 10 is the duration / ID filled in by the device, but i'm *really* not sure
80 00 is the sequence control field filled in by the device

for beacons / probe frames

Same schmilblik, but with less info : no duration/ID set, no ack. The status packet is returned

  1. upon request ( fill in there )
  2. upon the loading of another packet on the same slot ( there's one slot for beacon, one slot for probe)
    00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 08 00 
                          08 e0 28 81 
                                      08 00 01 01 
                                                  01 01 00 00 data sent, but no ack (not needed)
    00000020: 00 00 00 00 

I think that the 08 00 part means the slot is free.

I think that 01 01 part are some counters that are decremented with each tx retry.

The sequence control is 16-bits, meaningfull, and filled with the seq number of the last sent packet (i think, i dont know what happens when sending a real packet interim -- check this !). But the second 16-bit field is always zero

free packet TX USB packets

General meaning of these packets

Those packets are status inquiries about a particular memory slot in the device's memory. Some of these requests may have the side effect of freeing a slot, but this is not sure (see how it behaves on beacon frames, for instance. I don't think it actually frees the beacon, but the rx/tx filter does change the beacon slot's status).

Useful usage

So, you've allocated a beacon / probe / data packets and you don't want it any more or it has never been acknowledge'd and you want to get the slot back ? You're lucky, the fine prism people have thought about this case. Such a packet :

00000000: 00 02 02 00 10 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 80 04 00 00 00 00 00 07 00 00 00 6C 06 02 00

Will ask for the status of the slot 6C 06 02 00 (you'll get the above status packet to be sent).

You don't have to worry about locking. The device in known to be in the state it reports it's in... And if you expect this to change, then you have to ask again.

Illustration / test cases

Known working sequences for sending data

Here are the TestCases that i wrote and sent in emacs to do the testing / protocol decoding. Have fun with them. They are self-explanatory, i think, and really give the minimal amount of information you need to send in order to get to some specific action. Let me know what you think of them, and send any remarks.

examples from usbsnoopver1

00000000: 6c 07 02 00 a2 01 00 00 00 00 00 00 00 00 00 00
00000010: 10 40 68 01 08 e0 28 81|01 00 07 07 08 07 06 04
00000020: 11 11 10 10 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
00000040: 00 00 02 7f 33 00 00 00 02 46|08 01 00 00 00 09
00000050: 5b c7 09 38 00 0c 41 de 30 96 ff ff ff ff ff ff
00000060: 00 00 aa aa 03 00 00 00 08 00 45 00 01 48 15 df
00000070: 00 00 80 11 23 c7 00 00 00 00 ff ff ff ff 00 44
00000080: 00 43 01 34 71 0b 01 01 06 00 22 4e 55 15 00 00
00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000a0: 00 00 00 0c 41 de 30 96 00 00 00 00 00 00 00 00
000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000170: 00 00 63 82 53 63 35 01 01 fb 01 01 3d 07 01 00
00000180: 0c 41 de 30 96 0c 0f 6a 65 61 6e 2d 33 36 32 30
00000190: 38 31 66 31 32 37 3c 08 4d 53 46 54 20 35 2e 30
000001a0: 37 0a 01 0f 03 06 2c 2e 2f 1f 21 2b ff 00 00 00
000001b0: 00 00 00 00
00000000: 6c 07 02 00 bb 01 00 00 00 00 00 00 00 00 00 00
00000010: 10 40|81 01|08 e0 28 81|01 00 07 07|08 07 06 04
00000020: 11 11 10 10|00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
00000040: 00 00 02 7f 33 00 00 00 02 46|08 01 00 00 00 09
00000050: 5b c7 09 38 00 0c 41 de 30 96 ff ff ff ff ff ff
00000060: 00 00 aa aa 03 00 00 00 08 00 45 00 01 61 15 e0
00000070: 00 00 80 11 23 ad 00 00 00 00 ff ff ff ff 00 44
00000080: 00 43 01 4d aa aa 01 01 06 00 22 4e 55 15 00 00
00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000a0: 00 00 00 0c 41 de 30 96 00 00 00 00 00 00 00 00
000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000170: 00 00 63 82 53 63 35 01 03 3d 07 01 00 0c 41 de
00000180: 30 96 32 04 c0 a8 14 e2 36 04 c0 a8 14 0d 0c 0f
00000190: 6a 65 61 6e 2d 33 36 32 30 38 31 66 31 32 37 51
000001a0: 13 00 00 00 6a 65 61 6e 2d 33 36 32 30 38 31 66
000001b0: 31 32 37 2e 3c 08 4d 53 46 54 20 35 2e 30 37 0a
000001c0: 01 0f 03 06 2c 2e 2f 1f 21 2b ff 00

This is the "ack" of the frame sent before.

    00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 08 00|08 e0 28 81|08 00 07 07|00 01|83 00
    00000020:|60 00|10 10
00000000: 6c 07 02 00 76 00 00 00 00 00 00 00 00 00 00 00
00000010: 10 40 3c 00 08 e0 28 81 01 00 07 07 08 07 06 04
00000020: 11 11 10 10 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
00000040: 00 00 02 7f 33 00 00 00 02 de|08 01 00 00 00 09
00000050: 5b c7 09 38 00 0c 41 de 30 96 ff ff ff ff ff ff
00000060: 00 00 aa aa 03 00 00 00 08 06 00 01 08 00 06 04
00000070: 00 01 00 0c 41 de 30 96 c0 a8 14 e2 00 00 00 00
00000080: 00 00 c0 a8 14 e2 01 01

Followed by a response :

00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 80 08 00|08 e0 28 81|08 00 07 07|00 01 83 00
00000020: 70 00 10 10

00000000: 6c 07 02 00 76 00 00 00 00 00 00 00 00 00 00 00
00000010: 10 40 3c 00|08 70 34 81|01 00 07 07 08 07 06 04
00000020: 11 11 10 10 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
00000040: 00 00 02 7f 33 00 00 00 02 96|08 01 00 00 00 09
00000050: 5b c7 09 38 00 0c 41 de 30 96 ff ff ff ff ff ff
00000060: 00 00 aa aa 03 00 00 00 08 06 00 01 08 00 06 04
00000070: 00 01 00 0c 41 de 30 96 c0 a8 14 e2 00 00 00 00
00000080: 00 00 c0 a8 14 0d 01 01

response
00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 80 08 00|08 70 34 81|08 00 07 07 00 01 83 00
00000020: 80 00 10 10

examples from dabe's device

I'll have to read the thingy to see what kinda frame this is.

probe request

00000000: 6c 06 02 00|86 00|00 00 00 00 00 00 00 00 00 00
00000010: 00 40 4a 00 80 14 ba 85 00 00 01 01 00 00 00 00
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
00000040: 00 00 00 00 00 00 00 00 04 00 00 00|40 00 00 00
00000050: ff ff ff ff ff ff 00 0a e9 0c bc 7f ff ff ff ff
00000060: ff ff 00 00 00 20 18 08 02 16 18 1c 10 13 1c 01
00000070: 01 05 09 16 0a 1a 02 1b 10 09 05 14 1c 0f 03 1a
00000080: 02 10 01 0c 1b 1a 01 04 02 04 0b 16 32 08 0c 12
00000090: 18 24 30 48 60 6c 00 00
00000000: 6c 07 02 00 86 00 00 00 00 00 00 00 00 00 00 00
00000010: 00 40 4a 00 98 08 a7 85 00 00 01 01 00 00 00 00
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
00000040: 00 00 00 00 00 00 00 00 04 00 00 00|40 00 00 00
00000050: ff ff ff ff ff ff 00 0a e9 0c bc 7f ff ff ff ff
00000060: ff ff 00 00 00 20 12 01 16 1d 14 1a 08 0c 1b 0b
00000070: 1c 04 1d 1d 08 09 16 16 17 19 1f 0a 1f 0e 0a 0c
00000080: 02 1a 07 1b 0d 0d 01 04 02 04 0b 16 32 08 0c 12
00000090: 18 24 30 48 60 6c 00 00
00000000: 6c 06 02 00 6d 00 00 00 00 00 00 00 00 00 00 00
00000010: 00 40 31 00 08 80 a9 85 00 00 01 01 00 00 00 00
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
00000040: 00 00 00 00 00 00 00 00 04 d0 38 f6|40 00 00 00
00000050: ff ff ff ff ff ff 00 0a e9 0c bc 7f ff ff ff ff
00000060: ff ff 00 00 00 07 6c 69 6e 6b 73 79 73 01 04 02
00000070: 04 0b 16 32 08 0c 12 18 24 30 48 60 6c 8f 00 00
00000000: 6c 07 02 00 5a 00 00 00 00 00 00 00 00 00 00 00
00000010: 00 40 1e 00 80 14 ba 85 01 00 07 07 00 00 00 00
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00
00000040: 00 00 00 7f 23 00 00 00 04 d0 38 f6 b0 00 00 00
00000050: 00 0c 41 d0 38 f6 00 0a e9 0c bc 7f 00 0c 41 d0
00000060: 38 f6 00 00 00 00 01 00 00 00 45 00

[51625 ms]  <<<  URB 1894 coming back  <<< 
00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 80 08 00 80 14 ba 85 08 00 07 07 00 01 49 00
00000020: 00 01 00 00

Then (we're progressing !)

[51626 ms]  >>>  URB 1908 going down  >>> 
00000000: 6c 07 02 00 71 00 00 00 00 00 00 00 00 00 00 00
00000010: 00 40 35 00 80 14 ba 85 01 00 07 07 00 00 00 00
00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00
00000040: 00 00 00 7f 23 00 00 00 04 d0 38 f6 00 00 00 00
00000050: 00 0c 41 d0 38 f6 00 0a e9 0c bc 7f 00 0c 41 d0
00000060: 38 f6 00 00 21 05 01 00 00 07 6c 69 6e 6b 73 79
00000070: 73 01 04 02 04 0b 16 32 08 0c 12 18 24 30 48 60
00000080: 6c 00 00 00

00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 80 08 00 80 14 ba 85 08 00 07 07 00 01 4a 00
00000020: 10 01 00 00
00000000: 6c 07 02 00 a2 01 00 00 00 00 00 00 00 00 00 00
00000010: 00 40 68 01 08 b0 ee 85 01 00 07 07 08 07 06 04
00000020: 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
00000040: 00 00 00 7f 23 00 00 00 02 a9|08 01 00 00 00 0c
00000050: 41 d0 38 f6 00 0a e9 0c bc 7f ff ff ff ff ff ff
00000060: 00 00 aa aa 03 00 00 00 08 00 45 00 01 48 08 65
00000070: 00 00 80 11 31 41 00 00 00 00 ff ff ff ff 00 44
00000080: 00 43 01 34 1d 41 01 01 06 00 5c 7f b9 1f 00 00
00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000a0: 00 00 00 0a e9 0c bc 7f 00 00 00 00 00 00 00 00
000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000170: 00 00 63 82 53 63 35 01 01 74 01 01 3d 07 01 00
00000180: 0a e9 0c bc 7f 0c 0d 62 72 6f 61 64 2d 73 68 75
00000190: 74 74 6c 65 3c 08 4d 53 46 54 20 35 2e 30 37 0b
000001a0: 01 0f 03 06 2c 2e 2f 1f 21 f9 2b ff 00 00 00 00
000001b0: 00 00 00 00

00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000010: 01 80 08 00 08 b0 ee 85 08 00 07 07 00 01 45 00
00000020: 20 01 00 00
    00000000: 6c 07 02 00 b8 01 00 00 00 00 00 00 00 00 00 00
    00000010: 00 40 7e 01 08 e0 a8 85 01 00 07 07 08 07 06 04
    00000020: 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000030: 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00
    00000040: 00 00 00 7f 23 00 00 00 02 ff 08 01 00 00 00 0c
    00000050: 41 d0 38 f6 00 0a e9 0c bc 7f ff ff ff ff ff ff
    00000060: 00 00 aa aa 03 00 00 00 08 00 45 00 01 5e 08 66
    00000070: 00 00 80 11 31 2a 00 00 00 00 ff ff ff ff 00 44
    00000080: 00 43 01 4a a2 7d 01 01 06 00 5c 7f b9 1f 00 00
    00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    000000a0: 00 00 00 0a e9 0c bc 7f 00 00 00 00 00 00 00 00
    000000b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    000000c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    000000d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    000000e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    000000f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000130: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000140: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000150: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000160: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000170: 00 00 63 82 53 63 35 01 03 3d 07 01 00 0a e9 0c
    00000180: bc 7f 32 04 c0 a8 01 6c 36 04 c0 a8 01 01 0c 0d
    00000190: 62 72 6f 61 64 2d 73 68 75 74 74 6c 65 51 11 00
    000001a0: 00 00 62 72 6f 61 64 2d 73 68 75 74 74 6c 65 2e
    000001b0: 3c 08 4d 53 46 54 20 35 2e 30 37 0b 01 0f 03 06
    000001c0: 2c 2e 2f 1f 21 f9 2b ff

    00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 08 00 08 e0 a8 85 08 00 07 07 00 01 45 00
    00000020: 30 01 00 00

from usbsnoopver3

Association with an AP ?

    00000000: 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000010: 4d 00 4c 00 a8 09 00 00 80 00 00 a0 36 43 23 00
    00000020: 00 00 00 00 80 00 00 00 ff ff ff ff ff ff 00 09
    00000030: 5b c7 09 38 00 09 5b c7 09 38 70 c9 dc b1 b9 49
    00000040: 47 00 00 00 64 00 21 04 00 06 63 6f 75 63 6f 75
    00000050: 01 04 82 84 8b 96 03 01 0b 2a 01 02 32 08 0c 12
    00000060: 18 24 30 48 60 6c 05 04 00 01 00 00 58 9a cd 23

    00000000: 00 02 02 00 34 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 28 00 00 00 00 00 00 00 00 00 01 00 00 0c
    00000020: 41 de 30 96 00 09 5b c7 09 38 02 bd 5f 01 00 00
    00000030: 03 03 01 00 00 00 00 00 0c 48 02 00 10 06 03 00
    00000040: f4 01 00 00

    00000000: 00 02 02 00 14 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 08 00 00 00 00 00 0d 00 00 00 03 00 00 00
    00000020: 00 00 00 00

Authentication
[6862 ms]  >>>  URB 877 going down  >>> 

    00000000: 6c 07 02 00 5a 00 00 00 00 00 00 00 00 00 00 00
    00000010: 00 40 1e 00 88 c8 30 81 01 00 07 07 00 00 00 00
    00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000030: 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00
    00000040: 00 00 02 7f 23 00 00 00 04 c7 09 38|b0 00 00 00
    00000050: 00 09 5b c7 09 38 00 0c 41 de 30 96 00 09 5b c7
    00000060: 09 38 00 00 00 00 01 00 00 00 30 00

    00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 08 00 88 c8 30 81 08 00 07 07 00 01 88 00
    00000020: 10 00 00 00

    00000000: 36 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000010: 53 00 22 00 9e 09 00 00 89 00 00 61 50 a7 24 00
    00000020: 00 00 00 00 b0 00 40 01 00 0c 41 de 30 96 00 09
    00000030: 5b c7 09 38 00 09 5b c7 09 38 80 c9 00 00 02 00
    00000040: 00 00 b1 22 40 ba d0 3a


[6868 ms]  >>>  URB 881 going down  >>> 
    00000000: 6c 07 02 00 70 00 00 00 00 00 00 00 00 00 00 00
    00000010: 00 40 34 00 88 c8 30 81 01 00 07 07 00 00 00 00
    00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000030: 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00
    00000040: 00 00 02 7f 23 00 00 00 04 c7 09 38 00 00 00 00
    00000050: 00 09 5b c7 09 38 00 0c 41 de 30 96 00 09 5b c7
    00000060: 09 38 00 00 21 05 01 00 00 06 63 6f 75 63 6f 75
    00000070: 01 04 02 04 0b 16 32 08 0c 12 18 24 30 48 60 6c

    00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 08 00 88 c8 30 81 08 00 07 07 00 01 88 00
    00000020: 20 00 00 00

    00000000: 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000010: 53 00 32 00 9e 09 00 00 89 00 00 b6 1f e2 24 00
    00000020: 00 00 00 00 10 00 40 01 00 0c 41 de 30 96 00 09
    00000030: 5b c7 09 38 00 09 5b c7 09 38 a0 c9 21 04 00 00
    00000040: 04 c0 01 04 82 84 8b 96 32 08 0c 12 18 24 30 48
    00000050: 60 6c 27 96 37 ec 27 0e


    00000000: 00 02 02 00 34 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 28 00 00 00 00 00 00 00 00 00 01 00 00 0c
    00000020: 41 de 30 96 00 09 5b c7 09 38 02 bd 5f 01 00 00
    00000030: 03 03 01 00 00 00 00 00 0c 48 02 00 10 06 03 00
    00000040: f4 01 00 00

    00000000: 00 02 02 00 56 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 4a 00 00 00 00 00 03 00 00 00 00 09 10 00
    00000020: 02 00 0f 00 ff 03 00 00 00 00 0f 00 ff 03 00 00
    00000030: 00 00 0f 00 ff 03 00 00 00 00 0f 00 ff 03 00 00
    00000040: 00 00 0f 00 ff 03 00 00 00 00 0f 00 ff 03 00 00
    00000050: 00 00 0f 00 ff 03 00 00 00 00 0f 00 ff 03 00 00
    00000060: 00 00 00 00 78 05 00 0c

    00000000: 00 02 02 00 14 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 08 00 00 00 00 00 0d 00 00 00 03 00 03 00
    00000020: 03 00 00 00


usbsnoopver4

    00000000: 6c 07 02 00 70 00 00 00 00 00 00 00 00 00 00 00
    00000010: 00 40 34 00 88 c8 30 81 01 00 07 07 00 00 00 00
    00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000030: 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00
    00000040: 00 00 02 7f 23 00 00 00 04 c7 09 38 00 00 00 00
    00000050: 00 09 5b c7 09 38 00 0c 41 de 30 96 00 09 5b c7
    00000060: 09 38 00 00 21 05 01 00 00 06 63 6f 75 63 6f 75
    00000070: 01 04 02 04 0b 16 32 08 0c 12 18 24 30 48 60 6c

00000000: 6c 07 02 00 a2 01 00 00 00 00 00 00 00 00 00 00
00000010: 10 40|68 01|08 e0 28 81|01 00 07 07|08 07 06 04|
00000020: 11 11 10 10|00 00 00 00 00 00 00 00 00 00 00 00
00000030: 00 00 00 00 00 00 00 00|04 00 00 00 00 00 00 00
00000040: 00 00 02 7f|33 00 00 00|02 46|08 01 00 00 00 09
00000050: 5b c7 09 38 00 0c 41 de 30 96 ff ff ff ff ff ff
00000060: 00 00 aa aa 03 00 00 00 08 00 45 00 01 48 15 df
00000070: 00 00 80 11 23 c7 00 00 00 00 ff ff ff ff 00 44
00000080: 00 43 01 34 71 0b 01 01 06 00 22 4e 55 15 00 00
00000090: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000000a0: 00 00 00 0c 41 de 30 96 00 00 00 00 00 00 00 00


// !!! Look as the allowed rate set !

    00000000: 6c 07 02 00 54 00 00 00 00 00 00 00 00 00 00 00
    00000010: 10 40|18 00|08 a0 21 81|01 00 07 07|28 27 26 24
    00000020: 11 11 10 10 00 00 00 00 00 00 00 00 00 00 00 00
    00000030: 00 00 00 00 00 00 00 00|02 00 00 00 00 00 00 00|
    00000040: 00 00 02 7f 33 00 00 00 04 c7 09 38|48 10 00 00
    00000050: 00 09 5b c7 09 38|00 0c 41 de 30 96 00 09 5b c7
    00000060: 09 38 00 00

// response is strange, too !
    00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 08 00 08 a0 21 81 08 00 07 07 02 01 99 00
    00000020: 60 02 10 10

usbsnoopver1

    00000000: 6c 06 02 00 6c 00 00 00 00 00 00 00 00 00 00 00
    00000010: 00 40 30 00 08 e0 28 81 00 00 01 01 00 00 00 00
    00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000030: 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
    00000040: 00 00 00 00 00 00 00 00 04 c7 09 38 40 00 00 00
    00000050: ff ff ff ff ff ff 00 0c 41 de 30 96 ff ff ff ff
    00000060: ff ff 00 00 00 06 63 6f 75 63 6f 75 01 04 02 04
    00000070: 0b 16 32 08 0c 12 18 24 30 48 60 6c


    00000000: 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
    00000010: 01 80 08 00 08 e0 28 81 08 00 01 01 01 01 00 00
    00000020: 00 00 00 00