search

fekriomar / pyrit

Automatically exported from code.google.com/p/pyrit
0 stars 0 forks source link

struct.error unpack requires a string argument of length 6 #347

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1.opening .cap file for analysis.

What is the expected output? What do you see instead?
root@bt:~# pyrit -r /media/storage/AirCaps/School/secure-lab/-01.cap analyze
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file '/media/storage/AirCaps/School/secure-lab/-01.cap' (1/1)...
Traceback (most recent call last):
  File "/usr/local/bin/pyrit", line 6, in <module>
    pyrit_cli.Pyrit_CLI().initFromArgv()
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 117, in initFromArgv
    func(self, **options)
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 165, in new_f
    f(*args, **kwds)
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 449, in analyze
    parser = self._getParser(capturefile)
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 181, in _getParser
    parser.parse_pcapdevice(dev)
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 696, in parse_pcapdevice
    for pckt in reader:
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 589, in next
    pckt = self.read()
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 580, in read
    pckt = self.datalink_handler(pckt_string)
  File "/usr/local/lib/python2.6/dist-packages/scapy/base_classes.py", line 198, in __call__
    i.__init__(*args, **kargs)
  File "/usr/local/lib/python2.6/dist-packages/scapy/packet.py", line 80, in __init__
    self.dissect(_pkt)
  File "/usr/local/lib/python2.6/dist-packages/scapy/packet.py", line 575, in dissect
    s = self.do_dissect(s)
  File "/usr/local/lib/python2.6/dist-packages/scapy/packet.py", line 549, in do_dissect
    s,fval = f.getfield(self, s)
  File "/usr/local/lib/python2.6/dist-packages/scapy/layers/dot11.py", line 36, in getfield
    return MACField.getfield(self, pkt, s)
  File "/usr/local/lib/python2.6/dist-packages/scapy/fields.py", line 73, in getfield
    return  s[self.sz:], self.m2i(pkt, struct.unpack(self.fmt, s[:self.sz])[0])
struct.error: unpack requires a string argument of length 6

What version of the product are you using? On what operating system?
Pyrit 0.4.1-dev on BackTrack5 R1

Please provide any additional information below.

Original issue reported on code.google.com by niom...@gmail.com on 5 Sep 2011 at 5:14

GoogleCodeExporter commented 9 years ago 
The cap-file is truncated at the end. Run it through wireshark, save as a new 
file and work on that new file. You can also try Pyrit's "stripLive".

Original comment by lukas.l...@gmail.com on 5 Sep 2011 at 7:52

GoogleCodeExporter commented 9 years ago 
stripLive does not work

root@bt:/media/storage/AirCaps/School/secure-lab# pyrit -r -01.cap -o test.cap 
stripLive
Pyrit 0.4.1-dev (svn r308) (C) 2008-2011 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing packets from '-01.cap'...
0/1: New Station c4:17:fe:1e:4b:2b (AP 02:22:6b:7b:a3:34)
0/2: New Station 44:2a:60:5e:c7:46 (AP 02:22:6b:7b:a3:34)
1/3: New AccessPoint 02:22:6b:7b:a3:34 ('NyaSQUARED')
1/4: New Station 00:16:ea:8d:9e:7e (AP 02:22:6b:7b:a3:34)
<cut>
1/14915: New Station 00:00:00:00:00:00 (AP 2d:a6:ef:bb:a4:eb)
1/14941: New Station 00:00:00:00:00:00 (AP 1c:fd:c9:5d:eb:77)
1/14951: New Station 00:00:00:00:00:00 (AP 00:8b:55:cd:b6:e2)
1/14955: New Station 00:00:00:00:00:00 (AP d4:5a:47:fc:83:c5)
1/15009: New Station 00:1c:c6:e0:e3:ca (AP 02:22:6b:7b:a3:34)
1/15057: New Station 00:00:00:00:00:00 (AP 0d:81:27:10:8e:80)
1/15064: New Station 00:00:00:00:00:00 (AP dd:79:02:3f:35:b2)
1/15065: New Station 00:00:00:00:00:00 (AP d0:e9:0b:22:4f:c9)
1/15100: New Station 56:53:06:37:b2:50 (AP e1:10:86:44:0f:54)
1/15177: New Station 00:00:00:00:00:00 (AP a8:9a:15:04:cb:c2)
Traceback (most recent call last):
  File "/usr/local/bin/pyrit", line 6, in <module>
    pyrit_cli.Pyrit_CLI().initFromArgv()
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 117, in initFromArgv
    func(self, **options)
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 165, in new_f
    f(*args, **kwds)
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 582, in stripLive
    parser.parse_pcapdevice(pckt_rdr)
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 696, in parse_pcapdevice
    for pckt in reader:
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 589, in next
    pckt = self.read()
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 580, in read
    pckt = self.datalink_handler(pckt_string)
  File "/usr/local/lib/python2.6/dist-packages/scapy/base_classes.py", line 198, in __call__
    i.__init__(*args, **kargs)
  File "/usr/local/lib/python2.6/dist-packages/scapy/packet.py", line 80, in __init__
    self.dissect(_pkt)
  File "/usr/local/lib/python2.6/dist-packages/scapy/packet.py", line 575, in dissect
    s = self.do_dissect(s)
  File "/usr/local/lib/python2.6/dist-packages/scapy/packet.py", line 549, in do_dissect
    s,fval = f.getfield(self, s)
  File "/usr/local/lib/python2.6/dist-packages/scapy/layers/dot11.py", line 36, in getfield
    return MACField.getfield(self, pkt, s)
  File "/usr/local/lib/python2.6/dist-packages/scapy/fields.py", line 73, in getfield
    return  s[self.sz:], self.m2i(pkt, struct.unpack(self.fmt, s[:self.sz])[0])
struct.error: unpack requires a string argument of length 6

Original comment by niom...@gmail.com on 6 Sep 2011 at 3:35

GoogleCodeExporter commented 9 years ago 
stripLive will crash when it encounters the truncated packet (it uses the same 
codebase) but the resulting file should be ok. Use wireshark otherwise.

Original comment by lukas.l...@gmail.com on 6 Sep 2011 at 2:19

GoogleCodeExporter commented 9 years ago 
I had the same issue stripping a huge pcap file merged with 'mergecap'. I run 
it through wireshark (release 1.2.15), I saved it as a new file and worked on 
that new file, but the problem still is there. Any suggestions? Thanks!

Original comment by inteldev...@gmail.com on 3 Mar 2013 at 10:46

GoogleCodeExporter commented 9 years ago 
Assuming there is nothing bad in skipping broken packets:
heres a small patch for this issue

Original comment by artem.sa...@gmail.com on 31 Aug 2013 at 7:02

Attachments:

GoogleCodeExporter commented 9 years ago 
how Do i use this patch?

Original comment by bash...@gmail.com on 20 Jun 2015 at 10:37