Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RadioTap MCS is parsed wrong. PR #3963 seems to work for now. #4476

Open
gitchannel opened this issue Jul 27, 2024 · 2 comments
Open

RadioTap MCS is parsed wrong. PR #3963 seems to work for now. #4476

gitchannel opened this issue Jul 27, 2024 · 2 comments
Labels
needs additional info

Comments

@gitchannel
Copy link

gitchannel commented Jul 27, 2024
edited
Loading

Brief description

How i understand the problem:

  • In Wireshark i see "Known MCS information: 0x00" which results in all Fields (Bandwith, MCS index, Guard interval...) are Absent. maybe odd of Wireshark too, it highlights 3 Bytes but only 7 bits (the previous mentioned Fields) are shown to me.
  • dot11.py RadioTap is parsing to the Antenna signal correctly, but then everything is off by one byte. (Type, Subtype, MAC Address.....). I guess if known mcs information is 0x00 set everything to None or something.
  • RadioTap documentation i don't understand it.

Scapy version

2.5.0+git20240324.2858b51

Python version

3.12.4

Operating system

Linux 6.9.9

Additional environment information

No response

How to reproduce

could take some time and compare it with Wireshark.

def write_mcs(pkt):
    wrpcap(filename='/tmp/mcs_issue.pcap', pkt=pkt, append=True)
    print(f'{pkt} written.', flush=True)
    

sniff(
    iface=interface,
    store=False,
    count=100,
    prn=write_mcs,
    lfilter=lambda x: x.present.value & 0x80000,
    )

Actual result

No response

Expected result

No response

Related resources

I think maybe PR #3963 is the Solution. Yes, parsing works.
@gitchannel gitchannel changed the title RadioTap MCS is parsed wrong RadioTap MCS is parsed wrong. PR #3963 seems to work for now. Jul 27, 2024
@gitchannel gitchannel mentioned this issue Jul 27, 2024
Open
@gpotter2
Copy link
Member

Hi! Thanks for the report.
Could you please provide a pcap of this failing?

@gitchannel
Copy link
Author 

with open('test_issue_known_mcs_zero.pcap', 'wb+') as fp:
    pcap_content=b'\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\x00\x00\x7f\x00\x00\x00\xef"\xaaf\xf2k\x05\x00.\x00\x00\x00.\x00\x00\x00\x00\x00\x12\x00*\x00\x08\x00\x10\x00x\x14@\x01\xa0\x00\x00\x00\xe0\x00\x00\x00\xa1\xa1\xa1\xa1\xa1\xa1\xb2\xb2\xb2\xb2\xb2\xb2\xc3\xc3\xc3\xc3\xc3\xc3\xe06\x00\x00\x00\x00\xfa#\xaafM\xe2\x0b\x009\x00\x00\x009\x00\x00\x00\x00\x00\x1d\x00+H\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x9e\t\x80\x04\xbf\x00\x00\x00\x07\x00\x03\x88A,\x00\xa1\xa1\xa1\xa1\xa1\xa1\xb2\xb2\xb2\xb2\xb2\xb2\xc3\xc3\xc3\xc3\xc3\xc3PM\x9f0h\x1a'
    fp.write(pcap_content)

In this pcap are 2 packets to demonstrate one issue. the first packet is parsed wrong and the second seems ok. i cut and changed data (addr1 = a1:a1:a1:a1:a1:a1 addr2 = b2:b2:b2:b2:b2:b2 addr3 = c3:c3:c3:c3:c3:c3), but in comparison with wireshark the first packet as i mentioned the Address and everthing else is off...

and by the way i also think in dot11.py line 1550
class Dot11ReassoResp(Dot11AssoResp):
should be
class Dot11ReassoResp(_Dot11EltUtils):
like the others.

Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs additional info
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gitchannel @gpotter2