Wireless Access

New Contributor

How to decode ARUBA RTLS packets



Sorry for disturbing, we want build our own location system from RTLS packets collected from ARUBA AP, but found there is little information about this from internet and it's diffcult to decode the information in RTLS packets. Now we could only decode the packets header. Do you have experience in this and could shed some light on this:


For example, below information is the whole packet contents:



We could decode the packet header:

bytes[0-1]   00:14                      Message type: AR_COMPOUND_MESSAGE_REPORT

bytes[2-3]   fc:c5                               Message id:  fc:c5

bytes[3-4]   01:00                      Major vision: 01 Minor Vision :00

bytes[5-6]   00:5c                      Data Length

bytes[7-12]  9c:1c:12:ce:8f:06            AP MAC address

bytes[13-14] 00:00                             Padding


But from offset 14bytes we couldn't found any clue to decode it:




Re: How to decode ARUBA RTLS packets

I suspect Aruba will consider the contents to be somewhat proprietary.


I've been looking at the API for data from the Aruba ALE server - the ALE server collects the Aruba proprietary data from iAP, Controller and Airwave, interprets it and transmits it in a well defined format.


Now that I type this, I'm thinking that studying the ALE API document, you might be able to interpret the raw RTLS data, but might be easier to use ALE to translate.


if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
New Contributor

Re: How to decode ARUBA RTLS packets

Have you solved the problem? Can I get your solution?Or you can give me an example about the AR_ACK packet??  Thank you.

New Contributor

Re: How to decode ARUBA RTLS packets

AR_ACK is easy. 

1) You will recieve AR_AP_NOTIFICATION, it is 36 byte. First 16 bytes are Header and last 20 bytes are "checksum". There is no payload.

2) You have to get this header, change first 2 bytes from 0x0015 to 0x0010.

3) Create new checksum of new header (HMAC sha1).

4) Send new header with new checksum (no payload) - 36 bytes back to controller.

It is all

Search Airheads
Showing results for 
Search instead for 
Did you mean: