Dot11Elt Layer IndexError

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Any analysis (analyze, strip, stripLive) on dumps from airodump-ng or
Kismet. Also live analysis straight from device.

What is the expected output? What do you see instead?

Completed analysis of dump file is expected. Here is what I see instead
(last two portions of backtrace):

File "/usr/lib/python2.5/site-packages/cpyrit/pckttools.py", line 91, in
iterSubPackets
    elt = elt[cls:2]

File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 758, in
__getitem__
    raise IndexError("Layer [%s] not found" % lname)
IndexError: Layer [Dot11Elt] not found

What version of the product are you using? On what operating system?

Newest SVN (241), 0.3.0, and previous versions. Gentoo Linux x86-64, and
also on Backtrack 4 Final.

Please provide any additional information below.

It makes it part of the way through a dump-file and then dies. I'm pretty
sure it's from some corrupt or unexpected packets being processed by Scapy.
I'm not skilled enough with Python Debugging to find out exactly where. I
think maybe if the IndexError exception were handled in the relevant
portion of pckttools.py it may fix it. Again, I don't know Python, and I
don't fully understand the code. Otherwise I would do it myself.

Original issue reported on code.google.com by quik...@gmail.com on 2 Apr 2010 at 7:05

[GoogleCodeExporter]

Can you post or email the dump?

Please post the result of

python -c "import scapy.config; print scapy.config.conf.version"

Original comment by lukas.l...@gmail.com on 2 Apr 2010 at 7:45

[GoogleCodeExporter]

I can e-mail the dump to you, I need an e-mail address though. 

Results of the 'python -c' command are: 2.1.0. I think that's the most current
version. This is consistent between my Gentoo machine and the BT machine.

Original comment by quik...@gmail.com on 2 Apr 2010 at 7:55

[GoogleCodeExporter]

lukas.lueg@gmail.com

Original comment by lukas.l...@gmail.com on 2 Apr 2010 at 7:57

[GoogleCodeExporter]

Uncut trace, as requested:

Pyrit 0.3.1-dev (svn r240) (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com
This code is distributed under the GNU General Public License v3+

Parsing file 'test-04.cap' (1/1)...
Traceback (most recent call last):
  File "/usr/bin/pyrit", line 6, in <module>
    pyrit_cli.Pyrit_CLI().initFromArgv()
  File "/usr/lib64/python2.6/site-packages/pyrit_cli.py", line 110, in initFromArgv
    func(self, **options)
  File "/usr/lib64/python2.6/site-packages/pyrit_cli.py", line 148, in new_f
    f(*args, **kwds)
  File "/usr/lib64/python2.6/site-packages/pyrit_cli.py", line 334, in analyze
    parser = self._getParser(capturefile)
  File "/usr/lib64/python2.6/site-packages/pyrit_cli.py", line 164, in _getParser
    parser.parse_pcapdevice(dev)
  File "/usr/lib64/python2.6/site-packages/cpyrit/pckttools.py", line 597, in
parse_pcapdevice
    self.parse_packet(pckt)
  File "/usr/lib64/python2.6/site-packages/cpyrit/pckttools.py", line 615, in
parse_packet
    self._add_ap(dot11_pckt.addr2, dot11_pckt)
  File "/usr/lib64/python2.6/site-packages/cpyrit/pckttools.py", line 540, in _add_ap
    essid = self._find_ssid(pckt)
  File "/usr/lib64/python2.6/site-packages/cpyrit/pckttools.py", line 531, in _find_ssid
    for elt_pckt in pckt.iterSubPackets(scapy.layers.dot11.Dot11Elt):
  File "/usr/lib64/python2.6/site-packages/cpyrit/pckttools.py", line 91, in
iterSubPackets
    elt = elt[cls:2]
  File "/usr/lib64/python2.6/site-packages/scapy/packet.py", line 758, in __getitem__
    raise IndexError("Layer [%s] not found" % lname)
IndexError: Layer [Dot11Elt] not found

Original comment by quik...@gmail.com on 2 Apr 2010 at 8:23

[GoogleCodeExporter]

please try rev 242

Original comment by lukas.l...@gmail.com on 2 Apr 2010 at 8:35

[GoogleCodeExporter]

Solid. Completes with the test-dump I sent you and some others that had the same
error. Thank you!

Original comment by quik...@gmail.com on 2 Apr 2010 at 8:40

[GoogleCodeExporter]

fixed

Original comment by lukas.l...@gmail.com on 2 Apr 2010 at 9:11

• Changed state: Fixed

[GoogleCodeExporter]

Issue 150 has been merged into this issue.

Original comment by lukas.l...@gmail.com on 24 Apr 2010 at 6:57

[GoogleCodeExporter]

I have same problem with 0.3.0 version. I've been try with latest rev (280) and 
i get this problem: 

Parsing file '1285791250.0-01.cap' (1/1)...
Traceback (most recent call last):
  File "/usr/local/bin/pyrit", line 6, in <module>
    pyrit_cli.Pyrit_CLI().initFromArgv()
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 116, in initFromArgv
    func(self, **options)
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 164, in new_f
    f(*args, **kwds)
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 448, in analyze
    parser = self._getParser(capturefile)
  File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 180, in _getParser
    parser.parse_pcapdevice(dev)
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 599, in parse_pcapdevice
    for pckt in reader:
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 499, in next
    pckt = self.read()
  File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 487, in read
    r = _cpyrit_cpu.PcapDevice.read(self)
IOError: libpcap-error while reading: truncated dump file; tried to read 16 
header bytes, only got 6
Instead with aircrack-ng i can read the file.

$ python -c "import scapy.config; print scapy.config.conf.version"
2.1.0

Original comment by NachE.NachE on 30 Sep 2010 at 3:19

[GoogleCodeExporter]

It looks like a different problem (truncated/incomplete dump). Did you check 
the file with wireshark for containing EAPOL-packets?

Original comment by kopierschnitte@googlemail.com on 30 Sep 2010 at 5:41

[GoogleCodeExporter]

the problem is already resolved in issue 192

Original comment by lukas.l...@gmail.com on 30 Sep 2010 at 6:31