Wireshark-bugs: [Wireshark-bugs] [Bug 9391] New: Can't decode 802.11 icmp qos packet
Bug ID |
9391
|
Summary |
Can't decode 802.11 icmp qos packet
|
Classification |
Unclassified
|
Product |
Wireshark
|
Version |
1.10.3
|
Hardware |
x86
|
OS |
Windows 7
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Wireshark
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
dbdiep@yahoo.com
|
Build Information:
Version 1.10.3 (SVN Rev 53022 from /trunk-1.10)
Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Nov 1 2013), with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz, with 6046MB of physical
memory.
Built using Microsoft Visual C++ 10.0 build 40219
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
I have posted a question on WS forum about this issue:
(http://ask.wireshark.org/questions/26703/cant-decode-80211-ping-reply)
It seemed that WS doesn't decode a 802.11 QoS Data packet correctly. After the
QoS header, there is WEP (?)which I think it should be LLC header. and WS
could not decode the rest. Please check out attached file for example of
packet.
No. Time Source Destination Protocol
Length Info
67 5.907692000 192.168.75.115 206.190.36.45 ICMP 124
Echo (ping) request id=0x0001, seq=1/256, ttl=128
Frame 67: 124 bytes on wire (992 bits), 124 bytes captured (992 bits)
NetMon 802.11 capture header
IEEE 802.11 Data, Flags: .......T
Type/Subtype: Data (0x20)
Frame Control Field: 0x0801
Duration/ID: 32768
Receiver address: Cisco_ec:cb:8c (1c:aa:07:ec:cb:8c)
BSS Id: Cisco_ec:cb:8c (1c:aa:07:ec:cb:8c)
Transmitter address: IntelCor_07:c7:45 (c4:85:08:07:c7:45)
Source address: IntelCor_07:c7:45 (c4:85:08:07:c7:45)
Destination address: Cisco_ec:cb:83 (1c:aa:07:ec:cb:83)
Fragment number: 0
Sequence number: 0
Logical-Link Control
Internet Protocol Version 4, Src: 192.168.75.115 (192.168.75.115), Dst:
206.190.36.45 (206.190.36.45)
Internet Control Message Protocol
0000 02 20 00 04 00 00 00 ff ff ff ff 00 00 00 00 00 . ..............
0010 00 00 00 00 00 00 00 00 94 0e d7 8d 4c db ce 01 ............L...
0020 08 01 00 80 1c aa 07 ec cb 8c c4 85 08 07 c7 45 ...............E
0030 1c aa 07 ec cb 83 00 00 aa aa 03 00 00 00 08 00 ................
0040 45 00 00 3c 1f 75 00 00 80 01 1c 45 c0 a8 4b 73 E..<.u.....E..Ks
0050 ce be 24 2d 08 00 4d 5a 00 01 00 01 61 62 63 64 ..$-..MZ....abcd
0060 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 73 74 efghijklmnopqrst
0070 75 76 77 61 62 63 64 65 66 67 68 69 uvwabcdefghi
No. Time Source Destination Protocol
Length Info
69 5.979880000 Cisco_ec:cb:83 IntelCor_07:c7:45 802.11 126
QoS Data, SN=863, FN=0, Flags=.p....F.
Frame 69: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits)
NetMon 802.11 capture header
IEEE 802.11 QoS Data, Flags: .p....F.
Type/Subtype: QoS Data (0x28)
Frame Control Field: 0x8842
.000 0000 0010 0100 = Duration: 36 microseconds
Receiver address: IntelCor_07:c7:45 (c4:85:08:07:c7:45)
Destination address: IntelCor_07:c7:45 (c4:85:08:07:c7:45)
Transmitter address: Cisco_ec:cb:8c (1c:aa:07:ec:cb:8c)
BSS Id: Cisco_ec:cb:8c (1c:aa:07:ec:cb:8c)
Source address: Cisco_ec:cb:83 (1c:aa:07:ec:cb:83)
Fragment number: 0
Sequence number: 863
Qos Control: 0x0000
WEP parameters <<<<<
Data (60 bytes)
0000 02 20 00 04 00 00 00 00 00 00 00 00 00 00 00 76 . .............v
0010 09 00 00 bf ff ff ff 60 67 12 e2 8d 4c db ce 01 .......`g...L...
0020 88 42 24 00 c4 85 08 07 c7 45 1c aa 07 ec cb 8c .B$......E......
0030 1c aa 07 ec cb 83 f0 35 00 00 aa aa 03 00 00 00 .......5........
^^^^^^^^^^^
0040 08 00 45 00 00 3c 4d 79 00 00 30 01 3e 41 ce be ..E..<My..0.>A..
0050 24 2d c0 a8 4b 73 00 00 55 5a 00 01 00 01 61 62 $-..Ks..UZ....ab
0060 63 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f 70 71 72 cdefghijklmnopqr
0070 73 74 75 76 77 61 62 63 64 65 66 67 68 69 stuvwabcdefghi
You are receiving this mail because:
- You are watching all bug changes.