Ethereal-dev: [Ethereal-dev] Problem detecting 802.11b frames with CRC errors
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: "Jim Young" <sysjhy@xxxxxxxxxxxxxxx>
Date: Fri, 14 Jan 2005 01:07:19 -0500
Hello, Problem: Only a subset of 802.11b frames captured by and flagged as having "Bad CRC" by NAI's Sniffer Portable v4.70.530 are flagged as being "[Malformed Packet]" by Ethereal v0.10.8 (and by the later buildbot created version v0.10.8-SVN-13011). Hopefully somebody can make some sense of the following, or perhaps point out something obvious that I may be overlooking. I've attached several trace files that I believe will help illustrate the problem. All of these traces files are derived from the same primary trace file: frame01-99.cap The primary trace file, frame01-99.cap, contains data sent by a Cisco Access Point. The Sniffer reports that frames 32, 49, 50, 51 and 52 as having "Bad CRC", but when this trace is opened in Ethereal only frames 49 and 50 are flagged with "[Malformed Packet]". The second trace file, crc-errors.cap, includes just the five "Bad CRC" frames from the first trace file. When this file is initially opened in Ethereal, three frames are reported as "Malformed": these include frame 1 (original 32), frame 2 (original 49) and frame 3 (original 50). But here's the weird part, if I enter some type of display filter (i.e. "tcp") and then clear the filter, frame 1 will no longer be flagged as "Malformed".?! The other trace files each contain only a single specific frame from the primary trace file. Their names are hopefully obvious. The trace file frame32-badcrc.cap when initially opened will be flagged as "Malformed" but setting and clearing a display filter (i.e "tcp") will cause the "Malformed" flag to disappear. FWIW: I've also included frame01-goodcrc.cap simply to show what was expected to be seen in frame32-badcrc.cap. It was while reviewing the Beacon frames in Ethereal that I first noticed that the text for the set of secondary SSIDs in Frame 32 was corrupted. Note: These SSIDs are the last of three "Vendor Specific" #221 tags seen in the Beacon frames. These 221 tags appear to be a recent enhancement added by Cisco in their latest AP IOS release. I've also included two text (.txt) files created by printing from the Sniffer the details of frames 1 and 32 to illustrate how the Sniffer's reports the "Bad CRC" for frame 32. I hope someone finds the above useful. If necessary I can generate other 802.11b trace files. Best regards, Jim Young
Attachment:
frame01-99.cap.gz
Description: GNU Zip compressed data
Attachment:
crc-errors.cap.gz
Description: GNU Zip compressed data
Attachment:
frame01-goodcrc.cap.gz
Description: GNU Zip compressed data
Attachment:
frame32-badcrc.cap.gz
Description: GNU Zip compressed data
Attachment:
frame49-badcrc.cap.gz
Description: GNU Zip compressed data
Attachment:
frame50-badcrc.cap.gz
Description: GNU Zip compressed data
Attachment:
frame51-badcrc.cap.gz
Description: GNU Zip compressed data
Attachment:
frame52-badcrc.cap.gz
Description: GNU Zip compressed data
- - - - - - - - - - - - - - - - - - - - Frame 1 - - - - - - - - - - - - - - - - - -
DLC: ----- DLC Header -----
DLC:
DLC: Frame 1 arrived at 16:35:03.1604; frame size is 183 (00B7 hex) bytes.
DLC: Signal level = 100%
DLC: Channel = 6
DLC: Data rate = 2 ( 1.0 Megabits per second)
DLC:
DLC: Frame Control Field #1 = 80
DLC: .... ..00 = 0x0 Protocol Version
DLC: .... 00.. = 0x0 Management Frame
DLC: 1000 .... = 0x8 Beacon (Subtype)
DLC: Frame Control Field #2 = 00
DLC: .... ...0 = Not to Distribution System
DLC: .... ..0. = Not from Distribution System
DLC: .... .0.. = Last fragment
DLC: .... 0... = Not retry
DLC: ...0 .... = Active Mode
DLC: ..0. .... = No more data
DLC: .0.. .... = Wired Equivalent Privacy is off
DLC: 0... .... = Not ordered
DLC: Duration = 0 (in microseconds)
DLC: Destination Address = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source Address = Station 000E83ED938C
DLC: Basic Service Set ID = 000E83ED938C
DLC: Sequence Control = 0xAAE0
DLC: ...Sequence Number = 0xAAE (2734)
DLC: ...Fragment Number = 0x0 (0)
DLC: Timestamp = 493875609 (in microseconds)
DLC: Beacon Interval = 100
DLC: Capability information field #1 = 21
DLC: .... ...1 = Extended Service Set is on
DLC: .... ..0. = Independent Basic Service Set is off
DLC: .... 00.. = No point coordinator at Access Point
DLC: ...0 .... = No privacy
DLC: ..1. .... = Short Preamble option is allowed
DLC: .0.. .... = Packet Binary Convolutional Coding Modu
DLC: 0... .... = Channel agility is not in use
DLC: Capability information field #2 = 00
DLC: 0000 0000 = Reserved
DLC:
DLC: Element ID = 0 (Service Set Identifier)
DLC: ...Length = 5 octet(s)
DLC: ...Service Set Identity = "GUEST"
DLC:
DLC: Element ID = 1 (Supported Rates)
DLC: ...Length = 4 octet(s)
DLC: ...Supported Rates information field = 82
DLC: 1... .... = Basic Service Set Basic Rate
DLC: .000 0010 = 1.0 Megabits per second
DLC: ...Supported Rates information field = 84
DLC: 1... .... = Basic Service Set Basic Rate
DLC: .000 0100 = 2.0 Megabits per second
DLC: ...Supported Rates information field = 8B
DLC: 1... .... = Basic Service Set Basic Rate
DLC: .000 1011 = 5.5 Megabits per second
DLC: ...Supported Rates information field = 96
DLC: 1... .... = Basic Service Set Basic Rate
DLC: .001 0110 = 11.0 Megabits per second
DLC:
DLC: Element ID = 3 (Direct Sequence Parameter set)
DLC: ...Length = 1 octet(s)
DLC: ...dot11CurrentChannelNumber = 5
DLC:
DLC: Element ID = 5 (Traffic Indication Map)
DLC: ...Length = 4 octet(s)
DLC: ...Delivery Traffic Indication Message Count = 1
DLC: ...Delivery Traffic Indication Message Period = 2
DLC: ...Bitmap control field = 00
DLC: .... ...0 = Traffic Indicator bit
DLC: 0000 000. = 0 Bitmap offset
DLC: ...Partial Virtual Bitmap = 00
DLC:
DLC: Element ID = 221 (Unknown Information Field)
DLC: ...Length = 24 octet(s)
DLC: ...[24 byte(s) of Unknown Information Field]
DLC:
DLC: Element ID = 221 (Unknown Information Field)
DLC: ...Length = 22 octet(s)
DLC: ...[22 byte(s) of Unknown Information Field]
DLC:
DLC: Element ID = 221 (Unknown Information Field)
DLC: ...Length = 5 octet(s)
DLC: ...[5 byte(s) of Unknown Information Field]
DLC:
DLC: Element ID = 221 (Unknown Information Field)
DLC: ...Length = 66 octet(s)
DLC: ...[66 byte(s) of Unknown Information Field]
DLC:
ADDR HEX ASCII
0000: 80 00 00 00 ff ff ff ff ff ff 00 0e 83 ed 93 8c | �...������..�í
0010: 00 0e 83 ed 93 8c e0 aa 99 f1 6f 1d 00 00 00 00 | ..�íàªï¿½o.....
0020: 64 00 21 00 00 05 47 55 45 53 54 01 04 82 84 8b | d.!...GUEST..���
0030: 96 03 01 05 05 04 01 02 00 00 dd 18 00 50 f2 02 | �.........�..P�.
0040: 01 01 03 00 03 a5 00 00 27 a5 00 00 42 54 bc 00 | .....�..'�..BT�.
0050: 62 43 66 00 dd 16 00 40 96 04 00 03 07 a5 00 00 | bCf.�..@�....�..
0060: 23 a5 00 00 42 54 00 00 62 43 00 00 dd 05 00 40 | #�..BT..bC..�..@
0070: 96 03 02 dd 42 00 50 f2 05 00 04 00 00 00 00 10 | �..�B.P�........
0080: 0d 46 41 53 54 50 41 53 53 5f 54 45 53 54 00 00 | .FASTPASS_TEST..
0090: 00 00 10 08 74 65 63 68 66 65 65 31 02 00 00 00 | ....techfee1....
00a0: 10 07 74 73 75 6e 61 6d 69 00 00 00 00 10 08 74 | ..tsunami......t
00b0: 73 75 6e 61 6d 69 31 | sunami1
- - - - - - - - - - - - - - - - - - - - Frame 32 - - - - - - - - - - - - - - - - - -
DLC: ----- DLC Header -----
DLC:
DLC: Frame 32 arrived at 16:35:06.6418; frame size is 183 (00B7 hex) bytes.
DLC: FRAME ERROR = Bad CRC
DLC: Signal level = 100%
DLC: Channel = 6
DLC: Data rate = 2 ( 1.0 Megabits per second)
DLC: Short Preamble
DLC:
DLC: Frame Control Field #1 = 80
DLC: .... ..00 = 0x0 Protocol Version
DLC: .... 00.. = 0x0 Management Frame
DLC: 1000 .... = 0x8 Beacon (Subtype)
DLC: Frame Control Field #2 = 00
DLC: .... ...0 = Not to Distribution System
DLC: .... ..0. = Not from Distribution System
DLC: .... .0.. = Last fragment
DLC: .... 0... = Not retry
DLC: ...0 .... = Active Mode
DLC: ..0. .... = No more data
DLC: .0.. .... = Wired Equivalent Privacy is off
DLC: 0... .... = Not ordered
DLC: Duration = 0 (in microseconds)
DLC: Destination Address = BROADCAST FFFFFFFFFFFF, Broadcast
DLC: Source Address = Station 000E83ED938C
DLC: Basic Service Set ID = 000E83ED938C
DLC: Sequence Control = 0xAD00
DLC: ...Sequence Number = 0xAD0 (2768)
DLC: ...Fragment Number = 0x0 (0)
DLC: Timestamp = 497357209 (in microseconds)
DLC: Beacon Interval = 100
DLC: Capability information field #1 = 21
DLC: .... ...1 = Extended Service Set is on
DLC: .... ..0. = Independent Basic Service Set is off
DLC: .... 00.. = No point coordinator at Access Point
DLC: ...0 .... = No privacy
DLC: ..1. .... = Short Preamble option is allowed
DLC: .0.. .... = Packet Binary Convolutional Coding Modu
DLC: 0... .... = Channel agility is not in use
DLC: Capability information field #2 = 00
DLC: 0000 0000 = Reserved
DLC:
DLC: Element ID = 0 (Service Set Identifier)
DLC: ...Length = 5 octet(s)
DLC: ...Service Set Identity = "GUEST"
DLC:
DLC: Element ID = 1 (Supported Rates)
DLC: ...Length = 4 octet(s)
DLC: ...Supported Rates information field = 82
DLC: 1... .... = Basic Service Set Basic Rate
DLC: .000 0010 = 1.0 Megabits per second
DLC: ...Supported Rates information field = 84
DLC: 1... .... = Basic Service Set Basic Rate
DLC: .000 0100 = 2.0 Megabits per second
DLC: ...Supported Rates information field = 8B
DLC: 1... .... = Basic Service Set Basic Rate
DLC: .000 1011 = 5.5 Megabits per second
DLC: ...Supported Rates information field = 96
DLC: 1... .... = Basic Service Set Basic Rate
DLC: .001 0110 = 11.0 Megabits per second
DLC:
DLC: Element ID = 3 (Direct Sequence Parameter set)
DLC: ...Length = 1 octet(s)
DLC: ...dot11CurrentChannelNumber = 5
DLC:
DLC: Element ID = 5 (Traffic Indication Map)
DLC: ...Length = 4 octet(s)
DLC: ...Delivery Traffic Indication Message Count = 1
DLC: ...Delivery Traffic Indication Message Period = 2
DLC: ...Bitmap control field = 00
DLC: .... ...0 = Traffic Indicator bit
DLC: 0000 000. = 0 Bitmap offset
DLC: ...Partial Virtual Bitmap = 00
DLC:
DLC: Element ID = 221 (Unknown Information Field)
DLC: ...Length = 24 octet(s)
DLC: ...[24 byte(s) of Unknown Information Field]
DLC:
DLC: Element ID = 221 (Unknown Information Field)
DLC: ...Length = 22 octet(s)
DLC: ...[22 byte(s) of Unknown Information Field]
DLC:
DLC: Element ID = 221 (Unknown Information Field)
DLC: ...Length = 5 octet(s)
DLC: ...[5 byte(s) of Unknown Information Field]
DLC:
DLC: Element ID = 221 (Unknown Information Field)
DLC: ...Length = 66 octet(s)
DLC: ...[66 byte(s) of Unknown Information Field]
DLC:
ADDR HEX ASCII
0000: 80 00 00 00 ff ff ff ff ff ff 00 0e 83 ed 93 8c | �...������..�í
0010: 00 0e 83 ed 93 8c 00 ad 99 11 a5 1d 00 00 00 00 | ..�í.��.�.....
0020: 64 00 21 00 00 05 47 55 45 53 54 01 04 82 84 8b | d.!...GUEST..���
0030: 96 03 01 05 05 04 01 02 00 00 dd 18 00 50 f2 02 | �.........�..P�.
0040: 01 01 03 00 03 a5 00 00 27 a5 00 00 42 54 bc 00 | .....�..'�..BT�.
0050: 62 43 66 00 dd 16 00 40 96 04 00 03 07 a5 00 00 | bCf.�..@�....�..
0060: 23 a5 00 00 42 54 00 00 62 43 00 00 dd 05 00 40 | #�..BT..bC..�..@
0070: 96 03 02 dd 42 00 50 f2 05 00 04 00 00 00 00 10 | �..�B.P�........
0080: 0d 46 41 53 54 50 41 53 53 5f 54 45 33 a5 18 00 | .FASTPASS_TE3�..
0090: 00 00 10 08 74 65 63 68 66 65 65 31 02 00 00 00 | ....techfee1....
00a0: 10 07 74 73 75 6e 61 6d 69 00 00 00 00 10 08 74 | ..tsunami......t
00b0: bf 73 6e 61 dd 3a 31 | �sna�:1
- Follow-Ups:
- Re: [Ethereal-dev] Problem detecting 802.11b frames with CRC errors
- From: Guy Harris
- Re: [Ethereal-dev] Problem detecting 802.11b frames with CRC errors
- Prev by Date: Re: [Ethereal-dev] format
- Next by Date: [Ethereal-dev] question about "data link type" of one protocol
- Previous by thread: [Ethereal-dev] H.450 dissector
- Next by thread: Re: [Ethereal-dev] Problem detecting 802.11b frames with CRC errors
- Index(es):