Ethereal-users: [Ethereal-users] Potential IEEE 802.11 dissector bug
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: Lorand JAKAB <jlori@xxxxx>
Date: Sat, 10 Apr 2004 18:37:42 +0200
Hello again, it seems that some IEEE 802.11 packets are not correctly dissected. I captured a probe request packet in which one tagged parameters interpretation is a series of octal values. That would be OK in the graphical interface, but in tethereal's pdml output they act as control characters and break XML parsing programs (I'm using the XML::Parser Perl module, based on the expat library). I have attached a packet that reproduces the problem. If this error is caused by a malfomed packet I would suggest that instead the octal output, preceded by a slash, the parser would output hexa, without the leading '0x', so that the XML file doesn't contain invalid characters. A patch would be very welcomed... Thanks! Lori
Attachment:
example.pcap
Description: Binary data
<?xml version="1.0"?>
<pdml version="0" creator="ethereal/0.10.3">
<packet>
<proto name="geninfo" pos="0" showname="General information" size="212">
<field name="num" pos="0" show="1" showname="Number" value="1" size="212"/>
<field name="len" pos="0" show="212" showname="Packet Length" value="d4" size="212"/>
<field name="caplen" pos="0" show="212" showname="Captured Length" value="d4" size="212"/>
<field name="timestamp" pos="0" show="Apr 1, 2004 17:52:34.852949000" showname="Captured Time" value="1080834754.852949000" size="212"/>
</proto>
<proto name="frame" showname="Frame 1 (212 bytes on wire, 212 bytes captured)" size="212" pos="0">
<field name="frame.marked" showname="Frame is marked: False" size="0" pos="0" show="0"/>
<field name="frame.time" showname="Arrival Time: Apr 1, 2004 17:52:34.852949000" size="0" pos="0" show="Apr 1, 2004 17:52:34.852949000"/>
<field name="frame.time_delta" showname="Time delta from previous packet: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
<field name="frame.time_relative" showname="Time since reference or first frame: 0.000000000 seconds" size="0" pos="0" show="0.000000000"/>
<field name="frame.number" showname="Frame Number: 1" size="0" pos="0" show="1"/>
<field name="frame.pkt_len" showname="Packet Length: 212 bytes" size="0" pos="0" show="212"/>
<field name="frame.cap_len" showname="Capture Length: 212 bytes" size="0" pos="0" show="212"/>
</proto>
<proto name="prism" showname="Prism Monitoring Header" size="144" pos="0">
<field name="prism.msgcode" showname="Message Code: 1140850688" size="4" pos="0" show="0x44000000" value="44000000"/>
<field name="prism.msglen" showname="Message Length: -1879048192" size="4" pos="4" show="0x90000000" value="90000000"/>
<field show="Device: ath0" size="16" pos="8" value="61746830000000000000000000000000"/>
<field name="prism.hosttime.data" showname="Host Time: 0xd0d92a00 (DID 0x44000100, Status 0x0, Length 0x400)" size="12" pos="24" show="0xd0d92a00" value="4400010000000400d0d92a00"/>
<field name="prism.mactime.data" showname="MAC Time: 0x8b17430c (DID 0x44000200, Status 0x0, Length 0x400)" size="12" pos="36" show="0x8b17430c" value="44000200000004008b17430c"/>
<field name="prism.channel.data" showname="Channel: 0x4000000 (DID 0x44000300, Status 0x0, Length 0x400)" size="12" pos="48" show="0x04000000" value="440003000000040004000000"/>
<field name="prism.rssi.data" showname="RSSI: 0x0 (DID 0x44000400, Status 0x0, Length 0x400)" size="12" pos="60" show="0x00000000" value="440004000000040000000000"/>
<field name="prism.sq.data" showname="SQ: 0x0 (DID 0x0, Status 0x0, Length 0x0)" size="12" pos="72" show="0x00000000" value="000000000000000000000000"/>
<field name="prism.signal.data" showname="Signal: 0x8000000 (DID 0x44000600, Status 0x0, Length 0x400)" size="12" pos="84" show="0x08000000" value="440006000000040008000000"/>
<field name="prism.noise.data" showname="Noise: 0x0 (DID 0x0, Status 0x0, Length 0x0)" size="12" pos="96" show="0x00000000" value="000000000000000000000000"/>
<field name="prism.rate.data" showname="Rate: 0x2000000 (DID 0x44000800, Status 0x0, Length 0x400)" size="12" pos="108" show="0x02000000" value="440008000000040002000000"/>
<field name="prism.istx.data" showname="IsTX: 0x0 (DID 0x44000900, Status 0x0, Length 0x400)" size="12" pos="120" show="0x00000000" value="440009000000040000000000"/>
<field name="prism.frmlen.data" showname="Frame Length: 0x44000000 (DID 0x44000a00, Status 0x0, Length 0x400)" size="12" pos="132" show="0x44000000" value="44000a000000040044000000"/>
</proto>
<proto name="wlan" showname="IEEE 802.11" size="24" pos="144">
<field name="wlan.fc.type_subtype" showname="Type/Subtype: Probe Request (4)" size="1" pos="144" show="4" value="40"/>
<field name="wlan.fc" showname="Frame Control: 0x0040 (Normal)" size="2" pos="144" show="0x0040" value="4000">
<field name="wlan.fc.version" showname="Version: 0" size="1" pos="144" show="0" value="40"/>
<field name="wlan.fc.type" showname="Type: Management frame (0)" size="1" pos="144" show="0" value="40"/>
<field name="wlan.fc.subtype" showname="Subtype: 4" size="1" pos="144" show="4" value="40"/>
<field name="wlan.flags" showname="Flags: 0x0" size="1" pos="145" show="0x00" value="00">
<field name="wlan.fc.ds" showname="DS status: Not leaving DS or network is operating in AD-HOC mode (To DS: 0 From DS: 0) (0x00)" size="1" pos="145" show="0x00" value="00"/>
<field name="wlan.fc.tods" showname=".... ...0 = To DS: Frame is not entering DS" size="1" pos="145" show="0" value="00"/>
<field name="wlan.fc.fromds" showname=".... ..0. = From DS: Frame is not exiting DS" size="1" pos="145" show="0" value="00"/>
<field name="wlan.fc.frag" showname=".... .0.. = More Fragments: This is the last fragment" size="1" pos="145" show="0" value="00"/>
<field name="wlan.fc.retry" showname=".... 0... = Retry: Frame is not being retransmitted" size="1" pos="145" show="0" value="00"/>
<field name="wlan.fc.pwrmgt" showname="...0 .... = PWR MGT: STA will stay up" size="1" pos="145" show="0" value="00"/>
<field name="wlan.fc.moredata" showname="..0. .... = More Data: No data buffered" size="1" pos="145" show="0" value="00"/>
<field name="wlan.fc.wep" showname=".0.. .... = WEP flag: WEP is disabled" size="1" pos="145" show="0" value="00"/>
<field name="wlan.fc.order" showname="0... .... = Order flag: Not strictly ordered" size="1" pos="145" show="0" value="00"/>
</field>
</field>
<field name="wlan.duration" showname="Duration: 0" size="2" pos="146" show="0" value="0000"/>
<field name="wlan.da" showname="Destination address: ff:ff:ff:ff:ff:ff (Broadcast)" size="6" pos="148" show="ff:ff:ff:ff:ff:ff" value="ffffffffffff"/>
<field name="wlan.sa" showname="Source address: 00:04:23:90:96:63 (Intel_90:96:63)" size="6" pos="154" show="00:04:23:90:96:63" value="000423909663"/>
<field name="wlan.addr" showname="Source or Destination address: ff:ff:ff:ff:ff:ff (Broadcast)" size="6" pos="148" show="ff:ff:ff:ff:ff:ff" value="ffffffffffff"/>
<field name="wlan.addr" showname="Source or Destination address: 00:04:23:90:96:63 (Intel_90:96:63)" size="6" pos="154" show="00:04:23:90:96:63" value="000423909663"/>
<field name="wlan.bssid" showname="BSS Id: ff:ff:ff:ff:ff:ff (Broadcast)" size="6" pos="160" show="ff:ff:ff:ff:ff:ff" value="ffffffffffff"/>
<field name="wlan.frag" showname="Fragment number: 0" size="2" pos="166" show="0" value="2089"/>
<field name="wlan.seq" showname="Sequence number: 2194" size="2" pos="166" show="2194" value="2089"/>
<field name="wlan.fcs" showname="Frame check sequence: 0x9c7748f2 (correct)" size="4" pos="208" show="0x9c7748f2" value="9c7748f2"/>
</proto>
<proto name="wlan_mgt" showname="IEEE 802.11 wireless LAN management frame" size="40" pos="168">
<field name="wlan_mgt.tagged.all" showname="Tagged parameters (40 bytes)" size="40" pos="168" show="40" value="00200e0b1c1a070a1f0d1a0f120a051907060c14031e08141916091b011e0a0c0e10010482848b96">
<field name="wlan_mgt.tag.number" showname="Tag Number: 0 (SSID parameter set)" size="1" pos="168" show="0" value="00"/>
<field name="wlan_mgt.tag.length" showname="Tag length: 32" size="1" pos="169" show="32" value="20"/>
<field name="wlan_mgt.tag.interpretation" showname="Tag interpretation: \016\v\034\032\a\n\037\r\032\017\022\n\005\031\a\006\f\024\003\036\b\024\031\026\t\033\001\036\n\f\016\020" size="32" pos="170" show="
" value="0e0b1c1a070a1f0d1a0f120a051907060c14031e08141916091b011e0a0c0e10"/>
<field name="wlan_mgt.tag.number" showname="Tag Number: 1 (Supported Rates)" size="1" pos="202" show="1" value="01"/>
<field name="wlan_mgt.tag.length" showname="Tag length: 4" size="1" pos="203" show="4" value="04"/>
<field name="wlan_mgt.tag.interpretation" showname="Tag interpretation: Supported rates: 1.0(B) 2.0(B) 5.5(B) 11.0(B) [Mbit/sec]" size="4" pos="204" show="Supported rates: 1.0(B) 2.0(B) 5.5(B) 11.0(B) [Mbit/sec]" value="82848b96"/>
</field>
</proto>
</packet>
</pdml>
- Follow-Ups:
- Re: [Ethereal-users] Potential IEEE 802.11 dissector bug
- From: Lorand JAKAB
- Re: [Ethereal-users] Potential IEEE 802.11 dissector bug
- Prev by Date: AW: [Ethereal-users] How do I search for 'POST' text in the INFO field
- Next by Date: Re: [Ethereal-users] Potential IEEE 802.11 dissector bug
- Previous by thread: Re: [Ethereal-users] 3GPP2 A10
- Next by thread: Re: [Ethereal-users] Potential IEEE 802.11 dissector bug
- Index(es):
