Wireshark-bugs: [Wireshark-bugs] [Bug 5281] New: 802.11 frames with FCSes in NetMon 3.4 trace fi
Date: Wed, 6 Oct 2010 10:50:16 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5281 Summary: 802.11 frames with FCSes in NetMon 3.4 trace files dissected incorrectly Product: Wireshark Version: SVN Platform: All OS/Version: All Status: NEW Severity: Normal Priority: Low Component: Wireshark AssignedTo: wireshark-bugs@xxxxxxxxxxxxx ReportedBy: tyson.key@xxxxxxxxx Build Information: Version 1.5.0-SVN-34381 (SVN Rev 34381 from /trunk) Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GTK+ 2.16.6, (64-bit) with GLib 2.22.4, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, without SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, without Kerberos, with GeoIP, with PortAudio V19-devel (built Oct 5 2010), with AirPcap. Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap. Built using Microsoft Visual C++ 9.0 build 30729 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- It appears that even after enabling the "Assume packets have FCS" preferences option, certain non-Data/Management frames (e.g. Beacons) that are considered to be valid according to Microsoft Network Monitor 3.4 are marked as being malformed, due to the presence of additional (FCS) data appended to the aforementioned types of frames. Ideally, Wireshark should either ignore this extraneous data, or attempt to parse it as an FCS - instead of as random garbage. For example, frame 7 in the attached trace file has an FCS value of 0x6475CC1B according to NetMon: Frame: Number = 7, Captured Frame Length = 201, MediaType = WiFi - WiFi: [ ManagementBeacon] ....... RSSI = -58 dBm, Rate = 1.0 Mbps, SSID = uobroamnet, Channel = 1 - MetaData: RSSI = -58 dBm, Rate = 1.0 Mbps Version: 2 (0x2) Length: 32 (0x20) - OpMode: Monitor Mode StationMode: (...............................0) Not Station Mode APMode: (..............................0.) Not AP Mode ExtensibleStationMode: (.............................0..) Not Extensible Station Mode Unused: (.0000000000000000000000000000...) MonitorMode: (1...............................) Monitor Mode Flags: 0 (0x0) PhyType: 802.11n Channel: Undefined channel with center frequency 2412, Center Frequency: 2412 MHz lRSSI: -58 dBm Rate: 1.0 Mbps TimeStamp: 10/05/2010, 08:57:18.935962 UTC - FrameControl: Version 0,Management, Beacon, .......(0x80) Version: (..............00) 0 Type: (............00..) Management SubType: (........1000....) Beacon DS: (......00........) Ad hoc network MoreFrag: (.....0..........) No Retry: (....0...........) No PowerMgt: (...0............) Active Mode MoreData: (..0.............) No ProtectedFrame: (.0..............) No Order: (0...............) Unordered Duration: 0 (0x0) DA: *BROADCAST SA: Cisco Systems BFBE61 BSSID: Cisco Systems BFBE61 - SequenceControl: Sequence Number = 1085 FragmentNumber: (............0000) 0 SequenceNumber: (010000111101....) 1085 - Beacon: Beacon with SSID [uobroamnet] TimeStamp: 3254703309230 microsecond(s) BeaconInterval: 100 ms - Capability: 0x2104 ESS: (...............1) Extended service set used IBSS: (..............0.) Independent basic service set Not used CF: (............00..) No PC at non-QoS AP Privacy: (...........0....) Not required ShortPreamble: (..........1.....) Allowed PBCCModulation: (.........0......) Not Allowed ChannelAgility: (........0.......) No SpectrumManagement: (.......0........) Not Required QoS: (......0.........) Not Implemented ShortSlotTime: (.....1..........) Enabled APSD: (....0...........) Not Implemented RadioMeasurement: (...0............) Disabled DSSSOFDM: (..0.............) Not Allowed DelayedBlockAck: (.0..............) Not Implemented ImmediateBlockAck: (0...............) Not Implemented - InformationElements: - ssid: uobroamnet ElementID: SSID Length: 10 (0xA) SSID: uobroamnet - rates: 1.0, 2.0, 5.5, 6.0, 9.0, 11.0, 12.0, 18.0 ElementID: Supported Rates Length: 8 (0x8) - Rate: Mandatory BitRate = 1.0 Mbps Rate: (.0000010) 1.0 Mbps Type: (1.......) Rate contained in the BSSBasicRateSet parameter - Rate: Optional BitRate = 2.0 Mbps Rate: (.0000100) 2.0 Mbps Type: (0.......) Rate NOT contained in the BSSBasicRateSet parameter - Rate: Optional BitRate = 5.5 Mbps Rate: (.0001011) 5.5 Mbps Type: (0.......) Rate NOT contained in the BSSBasicRateSet parameter - Rate: Optional BitRate = 6.0 Mbps Rate: (.0001100) 6.0 Mbps Type: (0.......) Rate NOT contained in the BSSBasicRateSet parameter - Rate: Optional BitRate = 9.0 Mbps Rate: (.0010010) 9.0 Mbps Type: (0.......) Rate NOT contained in the BSSBasicRateSet parameter - Rate: Optional BitRate = 11.0 Mbps Rate: (.0010110) 11.0 Mbps Type: (0.......) Rate NOT contained in the BSSBasicRateSet parameter - Rate: Optional BitRate = 12.0 Mbps Rate: (.0011000) 12.0 Mbps Type: (0.......) Rate NOT contained in the BSSBasicRateSet parameter - Rate: Optional BitRate = 18.0 Mbps Rate: (.0100100) 18.0 Mbps Type: (0.......) Rate NOT contained in the BSSBasicRateSet parameter - Channel: 1 ElementID: Channel Length: 1 (0x1) CurrentChannel: 1 (0x1) - TIM: DTIMCount = 0, DTIMPeriod = 2 ElementID: ATIM Length: 5 (0x5) DTIMCount: The current TIM is a DTIM DTIMPeriod: 2 - BitmapControl: 12 (0xC) TrafficIndicator: (.......0) None broadcast or multicast frames are buffered at the AP BitmapOffset: (0000110.) 6 - VirtualBitmap: VirtualBitmap: 16 (0x10) VirtualBitmap: 32 (0x20) - Country: GB ElementID: Country Length: 6 (0x6) CountryString: GB FirstChannelNumber: 1 (0x1) NumChannels: 13 (0xD) MaxTransmitPowerLevel: 17 dBm - ERP: No Non-802.11g STA present ElementID: ERP Length: 1 (0x1) - Flags: NonERPPresent: (.......0) There are no NonERP STAs associated with the BSS Protection: (......1.) Use Protection Preamble: (.....0..) Preamble type not advocated Reserved: (00000...) - ExtendedRates: 24.0, 36.0, 48.0, 54.0 ElementID: Extended supported rates Length: 4 (0x4) - Rate: Optional BitRate = 24.0 Mbps Rate: (.0110000) 24.0 Mbps Type: (0.......) Rate NOT contained in the BSSBasicRateSet parameter - Rate: Optional BitRate = 36.0 Mbps Rate: (.1001000) 36.0 Mbps Type: (0.......) Rate NOT contained in the BSSBasicRateSet parameter - Rate: Optional BitRate = 48.0 Mbps Rate: (.1100000) 48.0 Mbps Type: (0.......) Rate NOT contained in the BSSBasicRateSet parameter - Rate: Optional BitRate = 54.0 Mbps Rate: (.1101100) 54.0 Mbps Type: (0.......) Rate NOT contained in the BSSBasicRateSet parameter - UnknownIE: ElementID: Cisco proprietary Length: 30 (0x1E) Data: Binary Large Object (30 Bytes) - VendorSpecificInfo: OUI=Cisco Systems, Inc., FieldType=Unknown ElementID: Vendor Specific Information Length: 6 (0x6) OUI: 00-40-96(Cisco Systems, Inc.) Data: Binary Large Object (3 Bytes) - VendorSpecificInfo: OUI=Cisco Systems, Inc., FieldType=Unknown ElementID: Vendor Specific Information Length: 5 (0x5) OUI: 00-40-96(Cisco Systems, Inc.) Data: Binary Large Object (2 Bytes) - VendorSpecificInfo: OUI=Cisco Systems, Inc., FieldType=Unknown ElementID: Vendor Specific Information Length: 5 (0x5) OUI: 00-40-96(Cisco Systems, Inc.) Data: Binary Large Object (2 Bytes) - VendorSpecificInfo: OUI=MICROSOFT CORP., FieldType=WMM ElementID: Vendor Specific Information Length: 24 (0x18) OUI: 00-50-F2(MICROSOFT CORP.) - WMM: WMM Parameter Element OUIType: WMM OUISubType: WMM Parameter Element Version: 1 (0x1) - ACParam: - QosInfo: ACVO: (.......0) Disabled ACVI: (......1.) Enabled ACBK: (.....0..) Disabled ACBE: (....0...) Disabled QAck: (...0....) MIB attribute dot11QAckOptionImplemented is false MaxSPLength: (.00.....) Incorrect formatter specifier for type: %d MoreDataAck: (1.......) Can process Ack frames with the More Data bit set to 1 Reserved: 0 (0x0) - EDCAParameterAC: ACI = Best effort AIFSN: (....0011) 3 ACM: (...0....) Admission Control not required ACI: (.00.....) Best effort Reserved: (0.......) ECWmin: (....0100) 4 ECWmax: (1010....) 10 TXOPLimit: 0 microsecond(s) - EDCAParameterAC: ACI = Background AIFSN: (....0111) 7 ACM: (...0....) Admission Control not required ACI: (.01.....) Background Reserved: (0.......) ECWmin: (....0100) 4 ECWmax: (1010....) 10 TXOPLimit: 0 microsecond(s) - EDCAParameterAC: ACI = Video AIFSN: (....0010) 2 ACM: (...0....) Admission Control not required ACI: (.10.....) Video Reserved: (0.......) ECWmin: (....0011) 3 ECWmax: (0100....) 4 TXOPLimit: 3008 microsecond(s) - EDCAParameterAC: ACI = Voice AIFSN: (....0010) 2 ACM: (...0....) Admission Control not required ACI: (.11.....) Voice Reserved: (0.......) ECWmin: (....0010) 2 ECWmax: (0011....) 3 TXOPLimit: 1504 microsecond(s) FCS: 0x6475CC1B Ignoring differences in output styles and support for individual tag types, Wireshark incorrectly decodes frame 7's FCS as a tag of a "reserved" type: No. Time Source Destination Protocol Info 7 -0.445368 Cisco_bf:be:61 Broadcast IEEE 802.11 Beacon frame, SN=1085, FN=0, Flags=........C, BI=100, SSID="uobroamnet", Name="rbap01" Frame 7: 201 bytes on wire (1608 bits), 201 bytes captured (1608 bits) Arrival Time: Oct 5, 2010 09:57:18.935792000 GMT Daylight Time Epoch Time: 1286269038.935792000 seconds [Time delta from previous captured frame: -0.216229000 seconds] [Time delta from previous displayed frame: -0.216229000 seconds] [Time since reference or first frame: -0.445368000 seconds] Frame Number: 7 Frame Length: 201 bytes (1608 bits) Capture Length: 201 bytes (1608 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: netmon_802_11:wlan] NetMon 802.11 capture header Header revision: 2 Header length: 32 Operation mode: 0x80000000 .... .... .... .... .... .... .... ...0 = Station mode: 0x00000000 .... .... .... .... .... .... .... ..0. = AP mode: 0x00000000 .... .... .... .... .... .... .... .0.. = Extensible station mode: 0x00000000 1... .... .... .... .... .... .... .... = Monitor mode: 0x00000001 PHY type: 802.11n (7) Center frequency: 2412 Mhz RSSI: -58 dBm Data rate: 1.000000 Mb/s Timestamp: 129307426389359624 IEEE 802.11 Beacon frame, Flags: ........C Type/Subtype: Beacon frame (0x08) Frame Control: 0x0080 (Normal) Version: 0 Type: Management frame (0) Subtype: 8 Flags: 0x0 .... ..00 = DS status: Not leaving DS or network is operating in AD-HOC mode (To DS: 0 From DS: 0) (0x00) .... .0.. = More Fragments: This is the last fragment .... 0... = Retry: Frame is not being retransmitted ...0 .... = PWR MGT: STA will stay up ..0. .... = More Data: No data buffered .0.. .... = Protected flag: Data is not protected 0... .... = Order flag: Not strictly ordered Duration: 0 Destination address: Broadcast (ff:ff:ff:ff:ff:ff) Source address: Cisco_bf:be:61 (00:11:21:bf:be:61) BSS Id: Cisco_bf:be:61 (00:11:21:bf:be:61) Fragment number: 0 Sequence number: 1085 Frame check sequence: 0x6475cc1b [correct] [Good: True] [Bad: False] IEEE 802.11 wireless LAN management frame Fixed parameters (12 bytes) Timestamp: 0x000002F5CB6F41AE Beacon Interval: 0.102400 [Seconds] Capability Information: 0x0421 .... .... .... ...1 = ESS capabilities: Transmitter is an AP .... .... .... ..0. = IBSS status: Transmitter belongs to a BSS .... ..0. .... 00.. = CFP participation capabilities: No point coordinator at AP (0x0000) .... .... ...0 .... = Privacy: AP/STA cannot support WEP .... .... ..1. .... = Short Preamble: Short preamble allowed .... .... .0.. .... = PBCC: PBCC modulation not allowed .... .... 0... .... = Channel Agility: Channel agility not in use .... ...0 .... .... = Spectrum Management: dot11SpectrumManagementRequired FALSE .... .1.. .... .... = Short Slot Time: Short slot time in use .... 0... .... .... = Automatic Power Save Delivery: apsd not implemented ..0. .... .... .... = DSSS-OFDM: DSSS-OFDM modulation not allowed .0.. .... .... .... = Delayed Block Ack: delayed block ack not implemented 0... .... .... .... = Immediate Block Ack: immediate block ack not implemented Tagged parameters (129 bytes) SSID parameter set Tag Number: 0 (SSID parameter set) Tag length: 10 Tag interpretation: uobroamnet: "uobroamnet" Supported Rates: 1.0(B) 2.0 5.5 6.0 9.0 11.0 12.0 18.0 Tag Number: 1 (Supported Rates) Tag length: 8 Tag interpretation: Supported rates: 1.0(B) 2.0 5.5 6.0 9.0 11.0 12.0 18.0 [Mbit/sec] DS Parameter set: Current Channel: 1 Tag Number: 3 (DS Parameter set) Tag length: 1 Tag interpretation: Current Channel: 1 Current Channel: 1 Traffic Indication Map (TIM): DTIM 0 of 2 bitmap 100 109 Tag Number: 5 (Traffic Indication Map (TIM)) TIM length: 5 DTIM count: 0 DTIM period: 2 Bitmap Control: 0x0C (mcast:0, bitmap offset 6) Bitmap: traffic for AID's: 100 109 Country Information: Country Code: GB, Any Environment Tag Number: 7 (Country Information) Tag length: 6 Tag interpretation: Country Code: GB, Any Environment Start Channel: 1, Channels: 13, Max TX Power: 17 dBm ERP Information: no Non-ERP STAs, use protection, short or long preambles Tag Number: 42 (ERP Information) Tag length: 1 Tag interpretation: ERP info: 0x2 (no Non-ERP STAs, use protection, short or long preambles) Extended Supported Rates: 24.0 36.0 48.0 54.0 Tag Number: 50 (Extended Supported Rates) Tag length: 4 Tag interpretation: Supported rates: 24.0 36.0 48.0 54.0 [Mbit/sec] Cisco CCX1 CKIP + Device Name Tag Number: 133 (Cisco CCX1 CKIP + Device Name) Tag length: 30 Tag interpretation: Unknown + Name: rbap01 #Clients: 8 Vendor Specific: Aironet: Aironet Unknown Tag Number: 221 (Vendor Specific) Tag length: 6 Vendor: Aironet Aironet IE type: Unknown (1) Aironet IE data: 0101 Vendor Specific: Aironet: Aironet CCX version = 4 Tag Number: 221 (Vendor Specific) Tag length: 5 Vendor: Aironet Aironet IE type: CCX version (3) Aironet IE CCX version?: 4 Vendor Specific: Aironet: Aironet Unknown Tag Number: 221 (Vendor Specific) Tag length: 5 Vendor: Aironet Aironet IE type: Unknown (11) Aironet IE data: 01 Vendor Specific: Microsof: WME Tag Number: 221 (Vendor Specific) Tag length: 24 Vendor: Microsof Tag interpretation: WME PE: type 2, subtype 1, version 1, parameter set 130 Tag interpretation: WME AC Parameters: ACI 0 (Best Effort), Admission Control not Mandatory, AIFSN 3, ECWmin 4, ECWmax 10, TXOP 0 Tag interpretation: WME AC Parameters: ACI 1 (Background), Admission Control not Mandatory, AIFSN 7, ECWmin 4, ECWmax 10, TXOP 0 Tag interpretation: WME AC Parameters: ACI 2 (Video), Admission Control not Mandatory, AIFSN 2, ECWmin 3, ECWmax 4, TXOP 94 Tag interpretation: WME AC Parameters: ACI 3 (Voice), Admission Control not Mandatory, AIFSN 2, ECWmin 2, ECWmax 3, TXOP 47 Thanks in advance. -- Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
- Prev by Date: [Wireshark-bugs] [Bug 5227] Bootp dissector needs updating to handle D3.0 Cablelabs option 125 and expanded option 60 tlv
- Next by Date: [Wireshark-bugs] [Bug 5279] Replace "Mark All Displayed Packets (toggle)" with "Invert All Displayed Marked/Unmarked Packets"
- Previous by thread: [Wireshark-bugs] [Bug 5280] radiotap data rate wrong for some rates
- Next by thread: [Wireshark-bugs] [Bug 5282] New: UMTS FP dissector: Call next layer dissector also when no proto-tree is present
- Index(es):