Been doing some work using libpcap and 802.11 wireless and discovered what appears to be an interesting bug.
Testing environment: Linux 2.4.16 Cisco Aironet 350 card libpcap 2001 12 13 libpcap 2001 12 29 Ethereal 0.9.0 Custom software Summary: Capturing packets from a WEP-enabled 802.11 network for which a key is provided leads to truncated data packets. Details: Capturing data from non-wep networks works (protocols resolve correctly, packet lengths are appropriate, and so on). Capturing data from wep networks for which the key is not set may or may not work -- encrypted data is hard to tell. If a wep key is set so that the card correctly decodes the data stream, the returned packets are truncated by approximately 18 bytes. This is most obvious in an ARP packet, where the wep-deciphered version terminates immediately after the target protocol address, leading to a 60-byte capture instead of a non-wep 78 byte capture. The most obvious outcome of this truncating is that ethereal cannot display data packets on a WEP-enabled but decrypted network stream, but it doesn't appear to be correct behavior in any case, as it drops, among other things, the CRC and part of the LLC. I can provide dumpfiles if requested. I haven't had time to look into this seriously yet, but will test other cards as soon as possible and will begin examining the code. -m -- I like my coffee like I like my friends -- Dark, and bitter. - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
