using wrpcap shows malformed packets in wireshark

[idoadiv]

Hi,

When I try to use wrpcap to write the packets I received, all packets are displayed as malformed in wireshark.

I traced the problem to scapy_layers_dot11_RadioTap_extract_padding, it seems that wireshark and scapy (after importing scapy_ex.py) read the packet differently because of the padding location.

If I change the function to (not moving the padding anymore): ''' def scapy_layers_dot11_RadioTap_extract_padding(self, s): """Ignore any unparsed conditionally present fields If all fields have been parsed, the payload length should have decreased RadioTap_len bytes If it has not, there are unparsed fields which should be treated as padding """ padding = len(s) - (self.pre_dissect_len - self.RadioTap_len) if padding: #return s[padding:], s[:padding] return s, None else: return s, None ''' wrpcap writes a valid wireshark pcap, but then scapy is not parsing the packet anymore.

[ElLeopard]

Is the Ext field present in the RadioTap header? If that's the case, I think it is because they aren't parse correctly. See section "Extended presence masks" http://www.radiotap.org/

[stryngs]

The issue revolves around scapy_ex.py. This module chops and moves bytes around, making any calls to wireshark() impossible. Check out the PR for a somewhat detailed description of the "why". In the PR I removed all instantiations for scapy_ex.