https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7184
Summary: Wireshark Cannot Decode CAPWAP Payload
Product: Wireshark
Version: 1.6.7
Platform: x86
OS/Version: Windows 7
Status: NEW
Severity: Major
Priority: Low
Component: Wireshark
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: nbowden1963@xxxxxxxxx
Build Information:
Version 1.6.7 (SVN Rev 41973 from /trunk-1.6)
--
Wireshark appears to have a problem decoding the contents of CAPWAP frames. I
have attached a sample output.
CAPWAP frames are shown with a [Malformed Packet] designation, all of which are
identified as association requests.
Note that the attached capture opens fine in Omnipeek, so I am confident that
this is a valid capture.
I have tested this on all versions of Wireshark from 1.6.7 back to 1.4.0 (when
CAPWAP decodes seem to have introduced) and cannot find a version that works.
It looks like some of the decode works, as the attached file shows the ping
session (CAPWAP encapsulated) working correctly in one direction. But in the
other direction, all CAPWAP traffic appears to be shown as an Association
Request and is flagged as a malformed packet.
I have tested this by monitoring the CAPWAP traffic between a Cisco Access
Point and a Cisco Wireless Controller (on 2 different version of code:
7.0.116.0 & 7.0.220.0).
Can you have a look at this please? Thanks.
Let me know if you need any more captures or help with testing etc.
Nigel.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
