29 September 2021

a strange (if not wrong) use of STANAG-5066

29 Septembere 2021, update

I was WRONG!
Starting from RF-6710W Wireless Messaging Terminal (WMT) v5.0, Harris added new adaptive data rate support for existing HF modem waveforms so that customers can leverage their hardware investments with their new radio purchases. These waveforms include the widely used Parallel tone (39-tone) and STANAG 4285 Coded waveforms. Looking at the 39-tone demodulated stream, it could be that a crypto device is in the path, ie between a pc running STANAG-5066  and the modem

thus the STANAG-5066 PDUs are not in clear text and then no more visible.

24 Septembere 2021
These days I am monitoring some signals on 5120 KHz (from Serbian-Mil) that will be the subject of a next post, and I noticed a strangeness in the use of STANAG-5066 in relation to the "way" the data are sent. The waveforms are shown in the waterfall of figure 1.

Fig. 1 - the waveforms into play

As known from the "operation" of STANAG-5066, before the Data Transfer Sublayer (DTS) forwards the data, the Channel Access Sublayer (CAS) provides the functions necessary to access the physical channel (figure 2), ie the radio spectrum, assuming that the selection of the frequency (physical link setup) is handled by an external process such as ALE, in this case 188-141A. Then, a soft-link session (1) will be started immediately when there is data available for transmission to a remote STANAG-5066 node (2).

Fig. 2 - Physical Link Request PDUs related to the S5066 of figure 1

The strangeness is that, in that sample, data are not sent by STANAG-5066 DTS & 188-110 but rather using M-39 (188-110 App.B), ie outside STANAG-5066 (remember that STANAG-5066 is a data-link protocol, NOT a waveform).

 (1) To explain the difference between a physical channel and a session: when a client wishes to send an email to a remote client a physical link is established by the CAS; then a soft-link session is set up over this physical link. The soft-link session is between the local and remote client while the physical link is between the local and remote node. 
 
(2) A correct sequence of operations is shown in figures 3,4 (physical link request/accept, data forward, ACKs, physical link break): all managed by the STANAG-5066 sublayers that is carried by the same underlaying HF wavefrom. Notice the switch of the node address.
 
Fig. 3

 
Fig. 4

Frames captured thanks my STANAG-5066 off-line dissector.

No comments:

Post a Comment