Wireshark · Ethereal-users: Re: [Ethereal-users] wrong data when sniffing 80211 with WEP

Ethereal-users: Re: [Ethereal-users] wrong data when sniffing 80211 with WEP

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Joe Tomasone <joe@xxxxxxxx>

Date: Wed, 19 Dec 2001 11:41:35 -0500

In my experience, none of the 802.11 vendors properly follow the spec.

The spec calls for all WEP-encrypted packets to have the privacy bit set inthe header of each data frame. They do not. You can verify this whilelooking at any WEP-encrypted frame. The AP will have it's privacy bit setin the beacon frames, but the data packets look like normal. I suppose theAP's/STA's simply assume it's WEP if the AP supports it and go on that.


        - Joe



At 07:47 AM 12/12/2001, you wrote:

Hi
After I have managed to get Ethereal to work with Aironet in rfmon mode, Idid some sniffing of my own WLAN.
I noticed that the data starting from WEP[ie.e IVs and the Key ID] is wrong.
I have got Airopeek running concurrently and compared the capture from thetwo proggies.
I am using Ethereal 0.8.20, and Libpcap CVS in RH 7.2.



Anyone got similar experiences?



darren


----------
This message has been 'sanitized'. This means that potentially dangerouscontent has been rewritten or removed. The following log describes whichactions were taken.
Sanitizer (start="1008161143"):
  Part (pos="1071"):
    SanitizeFile (filename="unnamed.txt", mimetype="text/plain"):
      Match (rule="2"):
        Enforced policy: accept

  Part (pos="1579"):
    SanitizeFile (filename="unnamed.html", mimetype="text/html"):
      Match (rule="default"):
        Enforced policy: accept
Rewrote HTML tag: >>_META HTTP-EQUIV="Content-Type"CONTENT="text/html; charset=us-ascii"_<<as: >>_MANGLED_ON_PURPOSE_METAHTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii"_<<
    Rewrote HTML tag: >>_meta name=ProgId content=Word.Document_<<
as: >>_MANGLED_ON_PURPOSE_meta name=ProgIdcontent=Word.Document_<<
    Rewrote HTML tag: >>_meta name=Generator content="Microsoft Word 10"_<<
as: >>_MANGLED_ON_PURPOSE_meta name=Generatorcontent="Microsoft Word 10"_<<
    Rewrote HTML tag: >>_meta name=Originator content="Microsoft Word 10"_<<
as: >>_MANGLED_ON_PURPOSE_meta name=Originatorcontent="Microsoft Word 10"_<<Rewrote HTML tag: >>_link rel=File-Listhref="cid:[email protected]"_<<as: >>_MANGLED_ON_PURPOSE_link rel=File-Listhref="MANGLED_ON_PURPOSE_cid:[email protected]"_<<
    Rewrote HTML tag: >>_style_<<
                  as: >>_MANGLED_ON_PURPOSE_style_<<
    Rewrote HTML tag: >>_style_<<
                  as: >>_MANGLED_ON_PURPOSE_style_<<
Rewrote HTML tag: >>_body lang=EN-US link=blue vlink=purplestyle='tab-interval:.5in'_<<as: >>_body lang=EN-US link=blue vlink=purpleMANGLED_ON_PURPOSE_style='tab-interval:.5in'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Rewrote HTML tag: >>_span style='font-size:10.0pt; font-family:Arial'_<<
as: >>_span MANGLED_ON_PURPOSE_style='font-size:10.0pt;font-family:Arial'_<<
    Total modifications so far: 21
Anomy 0.0.0 : Sanitizer.pm $Id: Sanitizer.pm,v 1.32 2001/10/11 19:27:15bre Exp $

References:
- [Ethereal-users] wrong data when sniffing 80211 with WEP
  - From: darren

Prev by Date: [Ethereal-users] Using Ethereal To Capture Non-Network Traffic
Next by Date: Re: [Ethereal-users] ethereal and PrismDump packets
Previous by thread: [Ethereal-users] wrong data when sniffing 80211 with WEP
Next by thread: [Ethereal-users] get out of mailinglists...
Index(es):
- Date
- Thread