Some 802.11 drivers don't appear to provide an FCS, but Npcap sets the IEEE80211_RADIOTAP_F_FCS flag anyway

[guyharris]

See Wireshark bug 15010 for details. It appears that a Netgear A6210 adapter, with Netgear driver v1.0.0.39, doesn't supply an FCS at the end of the packet for raw 802.11 packets.

In UN*X, drivers generally supply the radiotap header themselves, so the driver can set the IEEE80211_RADIOTAP_F_FCS flag if and only if the FCS is present.

Unfortunately, the Windows interface for 802.11 adapters may not allow Npcap to determine this, so this might require a quirks list in Npcap.

[dmiller-nmap]

Npcap currently assumes that every frame has a FCS, though some hardware strips it off. I think a reasonable way forward would be to follow this procedure:

1. Filter module is initialized with "FCS included" set to "unknown."
2. Frame arrives. If uReceiveFlags has DOT11_RECV_FLAG_RAW_PACKET set and not DOT11_RECV_FLAG_RAW_PACKET_FCS_FAILURE, calculate the FCS of the frame and compare it with the last 4 bytes.
3. If the FCS is correct, set "FCS included" field to "true," otherwise set to "false."
4. For every subsequent frame, set the Radiotap FCS flag if DOT11_RECV_FLAG_RAW_PACKET is set and "FCS included" is "true."

I will be linking a couple other FCS-related issues to this one to consolidate discussion.