Wireshark · Wireshark-users: Re: [Wireshark-users] Fake Ethernet II header with 802.11 protocol

Wireshark-users: Re: [Wireshark-users] Fake Ethernet II header with 802.11 protocol

From: Sebastien Tandel <sebastien@xxxxxxxxx>

Date: Thu, 14 Dec 2006 18:09:27 +0100

tcpreplay should send the packet as-is ... if wireshark can decode the
packet before sending it with tcpreplay and is unable after you play
with tcpreplay. You can guess that it's tcpreplay fault ... or limitation.

Did you already ask to the tcpreplay maintainers if it can handle your
configuration?


P.S. : You can also send the two traces here to try to see what happened.

Regards,
Sebastien Tandel
Cruz, Petagay wrote:
> tcpreplay seems to actually send the packet ok.  When I capture with
> Wireshark the packet display in bytes (bottom screen in Wireshark) shows
> the exact bytes sent via tcpreplay.  Wireshark is dissecting them wrong
> saying they are those 'Fake Ethernet' packets.  
>
> I could run wireshark under debug and trace the dissection ... I was
> hoping someone ran across this before though. 
> Thanks
> Maria   
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx
> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sebastien
> Tandel
> Sent: Thursday, December 14, 2006 11:49 AM
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] Fake Ethernet II header with 802.11
> protocol
>
>
> I have a IPW2100 on my laptop and now (sic :-/) I remember that when I
> was playing with aireplay I put an old pcmcia card to overcome this
> problem.
>
> Are you sure that tcpreplay can overcome these limitations???
>
> Regards,
> Sebastien Tandel
>
> Cruz, Petagay wrote:
>   
>> Thanks, but the aireplay website says:
>> http://www.aircrack-ng.org/doku.php?id=install_drivers
>> As of now, Aireplay-ng only supports injection on Prism2, PrismGT 
>> (FullMAC), Atheros, RTL8180 and Ralink. Injection on Centrino, Hermes,
>>     
>
>   
>> ACX1xx, Aironet, ZyDAS, Marvell and Broadcom is not supported because 
>> of firmware and/or driver limitations.
>>
>> Do you think aireplay would work with IPW2200 (Centrino)drivers?  
>> maria
>>
>> -----Original Message-----
>> From: wireshark-users-bounces@xxxxxxxxxxxxx
>> [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sebastien 
>> Tandel
>> Sent: Thursday, December 14, 2006 10:14 AM
>> To: Community support list for Wireshark
>> Subject: Re: [Wireshark-users] Fake Ethernet II header with 802.11 
>> protocol
>>
>> Hi,
>>
>>
>> you should use aireplay from the package aircrack.
>>
>> Sebastien Tandel
>> Cruz, Petagay wrote:
>>   
>>     
>>> hi, I ran Wireshark 0.99.4 and captured 802.11 management traffic to
>>>       
> a
>   
>>> file.   In wireshark and can see it dissected fine.  I then used
>>> tcpreplay and replayed the pcap file on the same interface and 
>>> captured that.  The new capture file shows 802.11 management messages
>>>       
>
>   
>>> as 'Ethernet II" or 'Ethernet Encapsulated'.  The Protocol column has
>>>       
>
>   
>>> various 'hex' numbers.
>>>  
>>> I am using Wireshark 0.99.4,  Compiled with GTK+ 2.6.10, with GLib 
>>> 2.6.6, with libpcap 0.9.4,
>>>  
>>> Linux RHEL4 OS, IPW2200 driver v1.1.2 Firmware version:  fw-3.0,
>>> IEEE802.11 stack version:  1.1.13
>>>  
>>> tcpreplay is also built with libpcap 0.9.4 and libnet 1.1.3. 
>>>  
>>> what am i doing wrong...
>>>  
>>> Maria Cruz
>>> Associate
>>> Booz Allen Hamilton
>>> 151 Industrial Way East
>>> Eatontown, NJ 07724
>>> 732-935-5393
>>> cruz_petagay <blocked::mailto:cruz_petagay@xxxxxxx>@bah.com
>>> <blocked::mailto:cruz_petagay@xxxxxxx>
>>>  
>>>  
>>>  
>>> ---------------------------------------------------------------------
>>> -
>>> --
>>>
>>> _______________________________________________
>>> Wireshark-users mailing list
>>> Wireshark-users@xxxxxxxxxxxxx
>>> http://www.wireshark.org/mailman/listinfo/wireshark-users
>>>   
>>>     
>>>       
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>> http://www.wireshark.org/mailman/listinfo/wireshark-users
>> _______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>> http://www.wireshark.org/mailman/listinfo/wireshark-users
>>   
>>     
>
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
> _______________________________________________
> Wireshark-users mailing list
> Wireshark-users@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-users
>

Follow-Ups:
- Re: [Wireshark-users] Fake Ethernet II header with 802.11 protocol
  - From: Cruz, Petagay

References:
- Re: [Wireshark-users] Fake Ethernet II header with 802.11 protocol
  - From: Cruz, Petagay

Prev by Date: Re: [Wireshark-users] Fake Ethernet II header with 802.11 protocol
Next by Date: Re: [Wireshark-users] wireshark on Fedora Core 5
Previous by thread: Re: [Wireshark-users] Fake Ethernet II header with 802.11 protocol
Next by thread: Re: [Wireshark-users] Fake Ethernet II header with 802.11 protocol
Index(es):
- Date
- Thread