Ticket #109 (new defect)

Opened 2 years ago

Last modified 2 years ago

Incorrect parsing of 802.11 frame with radiotap and FCS

Reported by: no.hopeatgmail.com Owned by: pbi
Priority: minor Milestone:
Component: Scapy Version:
Keywords: Cc:

Description

Attached is a pcap dump file with a frame that is incorrectly parsed.

The frame consists of a radiotap header, 802.11 beacon data, followed by 802.11 FCS.

Radiotap layer from #30 correctly parses the radiotap fields, but puts the rest of the frame into the "padding" field.

I am on x86_64.

Attachments

frame.pcap (240 bytes) - added by no.hopeatgmail.com 2 years ago.
incorrectly parsed 802.11 frame

Change History

Changed 2 years ago by no.hopeatgmail.com

incorrectly parsed 802.11 frame

Changed 2 years ago by pbi

  • priority changed from major to minor

Almost works for me with 2.0.0.7 and probably many other befores. Only the FCS is not correctly decoded but interpreted as a Dot11Elt. 

>>> a[0].show()
###[ RadioTap dummy ]###
  version= 0
  pad= 0
  len= 26
  present= TSFT+Flags+Rate+Channel+dBm_AntSignal+dBm_AntNoise+Antenna+dB_AntSignal
  notdecoded= '\xc1y\xec"\x00\x00\x00\x00\x12\x02\x85\t\x80\x04\xcb\xa0\x02+'
###[ 802.11 ]###
     subtype= 8L
     type= Management
     proto= 0L
     FCfield= 
     ID= 0
     addr1= ff:ff:ff:ff:ff:ff
     addr2= 00:13:1a:30:6a:91
     addr3= 00:13:1a:30:6a:91
     SC= 21824
     addr4= None
###[ 802.11 Beacon ]###
        timestamp= 1690512386322L
        beacon_interval= 100
        cap= ESS+short-preamble
###[ 802.11 Information Element ]###
           ID= SSID
           len= 7
           info= 'tsunami'
###[ 802.11 Information Element ]###
              ID= Rates
              len= 8
              info= '\x82\x04\x0b\x0c\x12\x16\x18$'
###[ 802.11 Information Element ]###
                 ID= DSset
                 len= 1
                 info= '\x06'
###[ 802.11 Information Element ]###
                    ID= TIM
                    len= 4
                    info= '\x00\x02\x00\x00'
###[ 802.11 Information Element ]###
                       ID= ERPinfo
                       len= 1
                       info= '\x03'
###[ 802.11 Information Element ]###
                          ID= ESRates
                          len= 4
                          info= '0H`l'
###[ 802.11 Information Element ]###
                             ID= 133
                             len= 30
                             info= '\x00\x00\x84\x00\x0f\x00\xff\x03\x19\x00aironet-7e\x00\x00\x00\x00\x00\x00\x07\x00\x00%'
###[ 802.11 Information Element ]###
                                ID= vendor
                                len= 6
                                info= '\x00@\x96\x01\x01\x01'
###[ 802.11 Information Element ]###
                                   ID= vendor
                                   len= 5
                                   info= '\x00@\x96\x03\x03'
###[ 802.11 Information Element ]###
                                      ID= vendor
                                      len= 22
                                      info= '\x00@\x96\x04\x00\x0c\x07\xa4\x00\x00#\xa4\x00\x00BC\x00\x00b2\x00\x00'
###[ 802.11 Information Element ]###
                                         ID= vendor
                                         len= 24
                                         info= "\x00P\xf2\x02\x01\x01\x0c\x00\x03\xa4\x00\x00'\xa4\x00\x00BC^\x00b2/\x00"
###[ 802.11 Information Element ]###
                                            ID= 177
                                            len= 143
                                            info= '\xc6\xe8'

Add/Change #109 (Incorrect parsing of 802.11 frame with radiotap and FCS)

Author


E-mail address and user name can be saved in the Preferences.


Change Properties
<Author field>
Action
as new
as The resolution will be set. Next status will be 'closed'
to The owner will change from pbi. Next status will be 'new'
The owner will change from pbi to anonymous. Next status will be 'assigned'
 
Note: See TracTickets for help on using tickets.