Wireshark mailing list archives
[BUG] Wireshark 1.6.1 improperly parsing 802.11 Beacon
From: Daniel Smith <viscous.liquid () gmail com>
Date: Tue, 23 Aug 2011 10:08:37 -0400
Greetings, Recently my group stumbled on an issue with Wireshark 1.6.1 marking beacons from one of our AP's as malformed. Upon inspection it was determine that when parsing the Country IE in the management frame wireshark would attempt to read the padding character as an additional entry. In the attached pcap there are two frames from two different AP's, CW-1a and CW-2a. The frame from CW-1a is the one that gets marked as malformed. While CW-2a was not flagged malformed, but you can see in the hex view that the last entry in the Country IE is using the first two bytes from the vendor tag that follows it. This has been tested on the following configurations: Windows XP, Wireshark 1.2.2 - OK Windows XP, Wireshark 1.6.1 - FAIL Ubuntu 10.04, Wireshark 1.2.7 - OK Ubuntu 10.04, Wireshark 1.6.1 - FAIL This is a non-blocking issue and we just wanted to notify the wireshark team of the issue we found. So we hope this helps! V/r, Daniel P. Smith
Attachment:
bad-packets.pcap
Description:
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- [BUG] Wireshark 1.6.1 improperly parsing 802.11 Beacon Daniel Smith (Aug 24)
- Re: [BUG] Wireshark 1.6.1 improperly parsing 802.11 Beacon Alexis La Goutte (Aug 24)
- Re: [Wireshark-dev] [BUG] Wireshark 1.6.1 improperly parsing 802.11 Beacon Chris Maynard (Aug 25)
- Re: [BUG] Wireshark 1.6.1 improperly parsing 802.11 Beacon Alexis La Goutte (Aug 24)