Wireshark mailing list archives
Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows
From: Yang Luo <hsluoyb () gmail com>
Date: Tue, 12 Apr 2016 15:06:27 +0800
Hi Guy, Thanks a lot! I must admit that your help has greatly saved my efforts. As you have said in a previous post: *provide a radiotap Flags field with 0x10 set if the frame includes the FCS (you'll probably have to experiment a bit to see whether you get the FCS or not - the answer might differ for data and management frames, based on Network Monitor's behavior) and with 0x40 set if DOT11_RECV_FLAG_RAW_PACKET_FCS_FAILURE is set in uReceiveFlags;* So the question is how to determine if the 802.11 packet has FCS or not? In that capture file, I found that only Beacon (like Frame 40) and Reassociation Response (like Frame 47) packets have the "Malformed Packet" error ( I guest Reassociation Response is the same error?). But I don't think determination based on whether the packet is Beacon or Reassociation Response is good. Because maybe for another wireless adapter, this behavior might change. And it's inappropriate for Npcap to parse the contents of a packet so deep. Cheers, Yang On Tue, Apr 12, 2016 at 2:18 PM, Guy Harris <guy () alum mit edu> wrote:
On Apr 11, 2016, at 10:53 PM, Yang Luo <hsluoyb () gmail com> wrote:I'm not an expert of 802.11 protocols, so can anyone point out what'swrong here? Frame 40 has an FCS, but the "FCS at end" flag in the Flags field of the radiotap header is 0, and Wireshark thus doesn't think it has an FCS at the end, and thinks it has an extra 4 bytes of payload. Try, by default, turning that flag *on*, and then see if any packets that don't have a valid FCS don't have an FCS at all, rather than having an invalid FCS. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 11)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Guy Harris (Apr 11)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Guy Harris (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Guy Harris (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Guy Harris (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Guy Harris (Apr 13)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 13)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 12)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Guy Harris (Apr 11)
- Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows Yang Luo (Apr 12)