Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dot11 duration field wrong endianness #4624

Open
redfast00 opened this issue Jan 2, 2025 · 0 comments · May be fixed by #4629
Open

Dot11 duration field wrong endianness #4624

redfast00 opened this issue Jan 2, 2025 · 0 comments · May be fixed by #4629

Comments

@redfast00
Copy link

Brief description

It appears that the ID/duration field in Dot11 is encoded and decoded with the wrong endianness. Minimal reproducer:

from scapy.all import *

scapy_cap = rdpcap('/home/user/Projects/esp32-open-mac/wpa/example.pcap')
for packet in scapy_cap:
    print(packet)
    print(packet.ID)
    print(hex(packet.ID))

Output:

802.11 Data Data 50:30:f1:84:44:08 (TA=SA) > 0f:d2:e1:28:a5:7c (RA=DA) / LLC / Raw
49964
0xc32c
802.11 Data Data 50:30:f1:84:44:08 (TA=SA) > 0f:d2:e1:28:a5:7c (RA=DA) / Dot11CCMP
49964
0xc32c

Actual duration as shown in wireshark: 11459 (about 0x2c3c, but we're off by 135 because of ACK and SIFS time)

example.pcap.zip

Scapy version

2.6.1

Python version

3.13.1

Operating system

Linux 6.12.6

Additional environment information

No response

How to reproduce

See above

Actual result

No response

Expected result

No response

Related resources

No response
@satveerbrar satveerbrar linked a pull request Jan 3, 2025 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Change ID field to use little-endian byte order satveerbrar/scapy
1 participant
@redfast00