I have taken the example from this blog.
Below was the code I tried to run:
from scapy.all import Dot11,Dot11Beacon,Dot11Elt,RadioTap,sendp,hexdump
netSSID = 'testLockedSSID' #Network name here
iface = '(wifidevice)' #Interface name here
dot11 = Dot11(type=0, subtype=8, addr1='ff:ff:ff:ff:ff:ff',
addr2='22:22:22:22:22:22', addr3='33:33:33:33:33:33')
beacon = Dot11Beacon(cap='ESS+privacy')
essid = Dot11Elt(ID='SSID',info=netSSID, len=len(netSSID))
rsn = Dot11Elt(ID='RSN', info=("\x01\x00\x00\x0f\xac\x02\x02\x00\x00\x0f\xac\x04\x00\x0f\xAC\x02\x01\x00\x00\x0f\xAC\x02\x00\x00"))
frame = RadioTap()/dot11/beacon/essid/rsn
frame.show()
print("\nHexdump of frame:")
hexdump(frame)
input("\nPress enter to start\n")
sendp(frame, iface=iface, inter=0.100, loop=1)
Actual result
Here is the frame.show() of the packet showing the added \xc2 (between each \x0f and \xac) in the RSN info field.
###[ RadioTap ]###
version = 0
pad = 0
len = None
present = None
notdecoded= b''
###[ 802.11 ]###
subtype = Beacon
type = Management
proto = 0
FCfield =
ID = 0
addr1 = ff:ff:ff:ff:ff:ff (RA=DA)
addr2 = 22:22:22:22:22:22 (TA=SA)
addr3 = 33:33:33:33:33:33 (BSSID/STA)
SC = 0
###[ 802.11 Beacon ]###
timestamp = 0
beacon_interval= 100
cap = ESS+privacy
###[ 802.11 Information Element ]###
ID = SSID
len = 14
info = b'testLockedSSID'
###[ 802.11 Information Element ]###
ID = RSN
len = None
info = b'\x01\x00\x00\x0f\xc2\xac\x02\x02\x00\x00\x0f\xc2\xac\x04\x00\x0f\xc2\xac\x02\x01\x00\x00\x0f\xc2\xac\x02\x00\x00'
Expected result
The RSN info bytes have added '\xc2' after every '\x0f' byte. The RSN info field should actually look like:
###[ 802.11 Information Element ]###
ID = RSN
len = None
info = b'\x01\x00\x00\x0f\xac\x02\x02\x00\x00\x0f\xac\x04\x00\x0f\xac\x02\x01\x00\x00\x0f\xac\x02\x00\x00'
Related resources
In addition, when trying to scan for SSIDs using iw dev wlo1 scan I get the following bogus tail data for the beacon I put out, which includes the \xc2 bytes in the RSN info:
BSS 33:33:33:33:33:33(on wlo1)
last seen: 4925421.232s [boottime]
TSF: 0 usec (0d, 00:00:00)
freq: 2417
beacon interval: 100 TUs
capability: ESS Privacy (0x0011)
signal: -17.00 dBm
last seen: 25456 ms ago
SSID: testLockedSSID
RSN: * Version: 1
* Group cipher: 00-0f-c2:172
* bogus tail data (22): 02 02 00 00 0f c2 ac 04 00 0f c2 ac 02 01 00 00 0f c2 ac 02 00 00
Brief description
I am attempting to send out a WiFi beacon packet, but bytes (
\xc2
) are being added into the "RSN info" field.Scapy version
2.6.0rc1.dev20
Python version
3.8.10
Operating system
Ubuntu 20.04
Additional environment information
Version: 2.6.0rc1.dev20 Adapter: Ralink RT5370 OS: Ubuntu 20.04
How to reproduce
I have taken the example from this blog. Below was the code I tried to run:
Actual result
Here is the
frame.show()
of the packet showing the added\xc2
(between each\x0f
and\xac
) in the RSN info field.Expected result
The RSN info bytes have added '\xc2' after every '\x0f' byte. The RSN info field should actually look like:
Related resources
In addition, when trying to scan for SSIDs using
iw dev wlo1 scan
I get the followingbogus tail data
for the beacon I put out, which includes the\xc2
bytes in the RSN info: