Wireshark · Wireshark-dev: [Wireshark-dev] Fwd: Malformed packet 802.11 A-MSDU subframe length

Wireshark-dev: [Wireshark-dev] Fwd: Malformed packet 802.11 A-MSDU subframe length

From: Levente Mészáros <levente.meszaros@xxxxxxxxx>

Date: Wed, 26 Apr 2017 15:50:08 +0200

Dear Members,

I'm sorry to write here, but http://bugs.wireshark.org seems to be down.

I have a PCAP file which contains a fragmented 802.11 A-MSDU. At the last frame where reassembly happens, Wireshark tells me: Malformed Packet (Exception occured). After analyzing the issue carefully, I came to the conclusion that there might be a bug in Wireshark.

The reason being is that if I change the simulator to write the MSDU subframe header length field in little endian byte order, then the packet validation error goes away. In this case, I can see all MSDUs properly in the reassembled A-MSDU.

Unfortunately, at the same time a new error appears due to incorrect MSDU length during dissecting. I think the error is caused by the fact that the packet validator assumes little endian byte order, while the dissecting code *correctly* assumes big endian byte order as required by the standard.

I found this to be related to the following bug report: https://www.wireshark.org/lists/wireshark-bugs/201302/msg00166.html

I am using Wireshark 2.0.2. Could somebody give me some hints whether I'm right or wrong?

Best regards,

Levente Meszaros

Attachment: amsdu.pcap
Description: application/vnd.tcpdump.pcap

Follow-Ups:
- Re: [Wireshark-dev] Fwd: Malformed packet 802.11 A-MSDU subframe length
  - From: Jaap Keuter
- Re: [Wireshark-dev] Malformed packet 802.11 A-MSDU subframe length
  - From: Guy Harris

Prev by Date: [Wireshark-dev] Bugzilla is unreachable
Next by Date: Re: [Wireshark-dev] Bugzilla is unreachable
Previous by thread: Re: [Wireshark-dev] Bugzilla is unreachable
Next by thread: Re: [Wireshark-dev] Fwd: Malformed packet 802.11 A-MSDU subframe length
Index(es):
- Date
- Thread