Wireshark mailing list archives
Re: [BUG] Wireshark 1.6.1 improperly parsing 802.11 Beacon
From: Alexis La Goutte <alexis.lagoutte () gmail com>
Date: Wed, 24 Aug 2011 19:40:04 +0200
On Tue, Aug 23, 2011 at 4:08 PM, Daniel Smith <viscous.liquid () gmail com>wrote:
Greetings, Recently my group stumbled on an issue with Wireshark 1.6.1 marking beacons from one of our AP's as malformed. Upon inspection it was determine that when parsing the Country IE in the management frame wireshark would attempt to read the padding character as an additional entry. In the attached pcap there are two frames from two different AP's, CW-1a and CW-2a. The frame from CW-1a is the one that gets marked as malformed. While CW-2a was not flagged malformed, but you can see in the hex view that the last entry in the Country IE is using the first two bytes from the vendor tag that follows it. This has been tested on the following configurations: Windows XP, Wireshark 1.2.2 - OK Windows XP, Wireshark 1.6.1 - FAIL Ubuntu 10.04, Wireshark 1.2.7 - OK Ubuntu 10.04, Wireshark 1.6.1 - FAIL This is a non-blocking issue and we just wanted to notify the wireshark team of the issue we found. So we hope this helps! V/r, Daniel P. Smith
Hi Daniel, Please open a bug in Bug Tracker ( https://bugs.wireshark.org/bugzilla/ ) with your sample. There is big change between Wireshark 1.2.x and 1.6.x in 802.11 dissector Regards,
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- [BUG] Wireshark 1.6.1 improperly parsing 802.11 Beacon Daniel Smith (Aug 24)
- Re: [BUG] Wireshark 1.6.1 improperly parsing 802.11 Beacon Alexis La Goutte (Aug 24)
- Re: [Wireshark-dev] [BUG] Wireshark 1.6.1 improperly parsing 802.11 Beacon Chris Maynard (Aug 25)
- Re: [BUG] Wireshark 1.6.1 improperly parsing 802.11 Beacon Alexis La Goutte (Aug 24)