[Bug] Conversion of packets stored in pcap file from IEEE802_11_RADIO to EN10MB format using tcprewrite

[hamzajawed95]

I dumped a bunch of wifi packets to a pcap file using tcpdump through my laptop's builtin wifi card after converting it into monitoring mode when the laptop was not connected to any network. In monitoring mode, the only supported data-link header type is "IEEE802_11_RADIO", so each captured packet stored in pacp file has its data-link header in terms of IEEE802_11_RADIO type. Now I converted my wifi card back into the managed mode and I want to replay the stored wifi packets back out again on the wireless environment through my wifi card using tcpreplay. The replay of the packets should be done in the wifi managed mode and the problem is that, in managed mode the captured packets need to have "DLT_EN10MB (Ethernet)" data-link header type. But my captured packets have IEEE802_11_RADIO header type so the managed mode doesn't process them.

So I need a translation of each packet's data-link header from IEEE802_11_RADIO to DLT_EN10MB type in order to replay each wifi packet in managed mode. I searched the methods to rewrite packets stored in pcap file in terms of DLT_EN10MB header type and found a tool i.e. tcprewrite. I used the following command to rewrite the packets stored in pcap file:

sudo tcprewrite --dlt=enet --infile=input.pcap --outfile=output.pcap

and received the following error:

tcprewrite: plugins/dlt_ieee80211/ieee80211.c:241: dlt_ieee80211_proto: Assertion `packet' failed.
Aborted (core dumped)

I also tried to convert a single packet's header by providing it's source and destination mac addresses using the following command:

sudo tcprewrite --dlt=enet --enet-dmac=ff:ff:ff:ff:ff:ff --enet-smac=4a:ba:4e:c8:b1:b4 --infile=input.pcap --outfile=output.pcap

which also has the same error:

tcprewrite: plugins/dlt_ieee80211/ieee80211.c:241: dlt_ieee80211_proto: Assertion `packet' failed.
Aborted (core dumped)

I really need to overcome this error so that I will have the packets rewritten in terms of DLT_EN10MB header so that I will be able to replay them back out through my wifi card using tcpreplay.

System:

• OS: Ubuntu 18.04
• Tcpreplay Version: 4.3.3 (build git:v4.3.3)

[fklassen]

I was unable to recreate with this pcap.

The assertion at plugins/dlt_ieee80211/ieee80211.c line 241 is very fundamental. It checks that the pcap contains something whenever a pcap is read. The pcap file you are using is most likely corrupt, possibly because the capture was stopped mid packet.

If you want, you can attach the pcap (tar.gz format) and I can have a look.

[fklassen]

Closing as "cannot reproduce"