search

secdev / scapy

Scapy: the Python-based interactive packet manipulation program & library.
https://scapy.net
GNU General Public License v2.0
10.67k stars 2.02k forks source link

2.4.4 signal strength unpack issue #2974

Closed shineyear closed 3 years ago

shineyear commented 3 years ago

Brief description

scapy version 2.4.4 os version ubuntu 18.04 python version 3.8.6

when i parse some pcap file which dump from tcpdump in wifi monitor mode , i got the signal strength section with a wrong number , like "-197", "-199".... (please find the pcap file from attachment), but open the same file with wireshark, the signal strength could be display correctly as "57", "58" (just no "-" because from IEEE standard it could be a + or -)

so i reviewed the source code of

v2.4.4/scapy/layers/dot11.py line 307

i found when scapy parse the signal strength section its using

ScalingField("dBm_AntSignal", 0, offset=-256, unit="dBm", fmt="B"),

and this is wrong ,

  1. signal strength is a single signed byte , should use "b" to unpack not "B"
  2. "ScalingField" should not use for a single signed byte parse , should use "SignedByteField"

after i did this change in my local scapy , i run some test with some different pcap files , it can be fixed

1605660687.pcap.zip

p-l- commented 3 years ago

Hi @shineyear, thanks for this report.

Since you come with a patch, maybe you could submit a pull request? If you do so, please mention fixes #2974, so that your pull request gets linked to this issue.

shineyear commented 3 years ago

just create a new pull request https://github.com/secdev/scapy/pull/2975