Wireshark-bugs: [Wireshark-bugs] [Bug 11205] New: iEEE 802.11 dissector
Date: Mon, 18 May 2015 18:43:15 +0000
Bug ID 11205
Summary iEEE 802.11 dissector
Product Wireshark
Version 1.12.5
Hardware x86
OS Windows 8.1
Status UNCONFIRMED
Severity Enhancement
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter doug.wussler@fsu.edu

Build Information:
Version 1.12.5 (v1.12.5-0-g5819e5b from master-1.12)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built May 12 2015),
with
AirPcap.

Running on 64-bit Windows 8.1, build 9600, with WinPcap version 4.1.3
(packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, with 8097MB of physical memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I would like to see a checkbox for disabling FCS validation in the dissector
for IEEE 802.11 frames.  This would be analogous to the checkbox for disabling
checksum validation in IP, TCP and UDP.

Specific case need is packet capture by Aruba Access Points (AP).  An AP that
is capturing packets cannot actually capture its own transmitted frames, it has
to fork off a copy of the frame on its way down the protocol stack for
transmission.  At the time the copy is made some of the fields are not filled
in, including the FCS.  Aruba could compute an FCS for the copy but that would
eat up CPU cycles and it wouldn't represent what was transmitted anyway.  So
they pad four null bytes to occupy the FCS space.  Of course Wireshark then
sees this as a "malformed packet" because the FCS is incorrect.

A checkbox for disabling FCS validation seems like a good solution and
consistent with the approach taken for other protocols.


You are receiving this mail because:
  • You are watching all bug changes.