Re: Get "Malformed Packet" for 802.11 Beacon frames on Windows

[Guy Harris <guy () alum mit edu>]

On Apr 14, 2016, at 8:22 AM, Gianluca Varenni <Gianluca.Varenni () riverbed com> wrote:

> Yes, but it’s rooted pretty deep in some of the libpcap sources. That code was actually working at some point on 
> linux and there was some idea to include it in libpcap vs. being a patch for WinPcap. I don’t know what happened to 
> that plan.

One of the many projects on my list is a re-implementation of that, to be used with pcap_create() and pcap_activate(), 
to support multiple URI schemes, including but not necessarily limited to rpcap.  Right now, that particular process is 
not getting much CPU; hopefully the scheduler can boost its process soon. :-)

> AFAIK, there were also some security concerns about the protocol used for transferring the packets (I don’t know the 
> details),

I seem to remember Michael Richardson using the term "attack surface" in his comment, so I suspect the concern was just 
that it would potentially provide a way for a malicious server to attack a program using libpcap/WinPcap, if the client 
code wasn't very careful about vetting its input.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe