Wireshark-bugs: [Wireshark-bugs] [Bug 9391] New: Can't decode 802.11 icmp qos packet

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 07 Nov 2013 06:47:27 +0000
Bug ID 9391
Summary Can't decode 802.11 icmp qos packet
Classification Unclassified
Product Wireshark
Version 1.10.3
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Major
Priority Low
Component Wireshark
Assignee [email protected]
Reporter [email protected] 

Build Information:
Version 1.10.3 (SVN Rev 53022 from /trunk-1.10)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Nov  1 2013), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
      Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz, with 6046MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I have posted a question on WS forum about this issue:
(http://ask.wireshark.org/questions/26703/cant-decode-80211-ping-reply)

It seemed that WS doesn't decode a 802.11 QoS Data packet correctly. After the
QoS header, there is  WEP (?)which I think it should be LLC header. and WS
could not decode the rest. Please check out attached file for example of
packet.



No.     Time           Source                Destination           Protocol
Length Info
     67 5.907692000    192.168.75.115        206.190.36.45         ICMP     124
   Echo (ping) request  id=0x0001, seq=1/256, ttl=128

Frame 67: 124 bytes on wire (992 bits), 124 bytes captured (992 bits)
NetMon 802.11 capture header
IEEE 802.11 Data, Flags: .......T
    Type/Subtype: Data (0x20)
    Frame Control Field: 0x0801
    Duration/ID: 32768
    Receiver address: Cisco_ec:cb:8c (1c:aa:07:ec:cb:8c)
    BSS Id: Cisco_ec:cb:8c (1c:aa:07:ec:cb:8c)
    Transmitter address: IntelCor_07:c7:45 (c4:85:08:07:c7:45)
    Source address: IntelCor_07:c7:45 (c4:85:08:07:c7:45)
    Destination address: Cisco_ec:cb:83 (1c:aa:07:ec:cb:83)
    Fragment number: 0
    Sequence number: 0
Logical-Link Control
Internet Protocol Version 4, Src: 192.168.75.115 (192.168.75.115), Dst:
206.190.36.45 (206.190.36.45)
Internet Control Message Protocol

0000  02 20 00 04 00 00 00 ff ff ff ff 00 00 00 00 00   . ..............
0010  00 00 00 00 00 00 00 00 94 0e d7 8d 4c db ce 01   ............L...
0020  08 01 00 80 1c aa 07 ec cb 8c c4 85 08 07 c7 45   ...............E
0030  1c aa 07 ec cb 83 00 00 aa aa 03 00 00 00 08 00   ................
0040  45 00 00 3c 1f 75 00 00 80 01 1c 45 c0 a8 4b 73   E..<.u.....E..Ks
0050  ce be 24 2d 08 00 4d 5a 00 01 00 01 61 62 63 64   ..$-..MZ....abcd
0060  65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74   efghijklmnopqrst
0070  75 76 77 61 62 63 64 65 66 67 68 69               uvwabcdefghi

No.     Time           Source                Destination           Protocol
Length Info
     69 5.979880000    Cisco_ec:cb:83        IntelCor_07:c7:45     802.11   126
   QoS Data, SN=863, FN=0, Flags=.p....F.

Frame 69: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits)
NetMon 802.11 capture header
IEEE 802.11 QoS Data, Flags: .p....F.
    Type/Subtype: QoS Data (0x28)
    Frame Control Field: 0x8842
    .000 0000 0010 0100 = Duration: 36 microseconds
    Receiver address: IntelCor_07:c7:45 (c4:85:08:07:c7:45)
    Destination address: IntelCor_07:c7:45 (c4:85:08:07:c7:45)
    Transmitter address: Cisco_ec:cb:8c (1c:aa:07:ec:cb:8c)
    BSS Id: Cisco_ec:cb:8c (1c:aa:07:ec:cb:8c)
    Source address: Cisco_ec:cb:83 (1c:aa:07:ec:cb:83)
    Fragment number: 0
    Sequence number: 863
    Qos Control: 0x0000
    WEP parameters          <<<<<
Data (60 bytes)

0000  02 20 00 04 00 00 00 00 00 00 00 00 00 00 00 76   . .............v
0010  09 00 00 bf ff ff ff 60 67 12 e2 8d 4c db ce 01   .......`g...L...
0020  88 42 24 00 c4 85 08 07 c7 45 1c aa 07 ec cb 8c   .B$......E......
0030  1c aa 07 ec cb 83 f0 35 00 00 aa aa 03 00 00 00   .......5........
                                    ^^^^^^^^^^^
0040  08 00 45 00 00 3c 4d 79 00 00 30 01 3e 41 ce be   ..E..<My..0.>A..
0050  24 2d c0 a8 4b 73 00 00 55 5a 00 01 00 01 61 62   $-..Ks..UZ....ab
0060  63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72   cdefghijklmnopqr
0070  73 74 75 76 77 61 62 63 64 65 66 67 68 69         stuvwabcdefghi

You are receiving this mail because:
  • You are watching all bug changes.