What steps will reproduce the problem? 1. Any analysis (analyze, strip, stripLive) on dumps from airodump-ng or Kismet. Also live analysis straight from device.

What is the expected output? What do you see instead?

Completed analysis of dump file is expected. Here is what I see instead (last two portions of backtrace):

File "/usr/lib/python2.5/site-packages/cpyrit/pckttools.py", line 91, in iterSubPackets elt = elt[cls:2]

File "/usr/lib/python2.5/site-packages/scapy/packet.py", line 758, in getitem raise IndexError("Layer [%s] not found" % lname) IndexError: Layer [Dot11Elt] not found

What version of the product are you using? On what operating system?

Newest SVN (241), 0.3.0, and previous versions. Gentoo Linux x86-64, and also on Backtrack 4 Final.

Please provide any additional information below.

It makes it part of the way through a dump-file and then dies. I'm pretty sure it's from some corrupt or unexpected packets being processed by Scapy. I'm not skilled enough with Python Debugging to find out exactly where. I think maybe if the IndexError exception were handled in the relevant portion of pckttools.py it may fix it. Again, I don't know Python, and I don't fully understand the code. Otherwise I would do it myself.

Can you post or email the dump?

Please post the result of

python -c "import scapy.config; print scapy.config.conf.version"

I can e-mail the dump to you, I need an e-mail address though.

Results of the 'python -c' command are: 2.1.0. I think that's the most current version. This is consistent between my Gentoo machine and the BT machine.

lukas.lueg@gmail.com

Uncut trace, as requested:

Pyrit 0.3.1-dev (svn r240) (C) 2008-2010 Lukas Lueg http://pyrit.googlecode.com This code is distributed under the GNU General Public License v3+

Parsing file 'test-04.cap' (1/1)... Traceback (most recent call last): File "/usr/bin/pyrit", line 6, in pyrit_cli.Pyrit_CLI().initFromArgv() File "/usr/lib64/python2.6/site-packages/pyrit_cli.py", line 110, in initFromArgv func(self, **options) File "/usr/lib64/python2.6/site-packages/pyrit_cli.py", line 148, in new_f f(*args, **kwds) File "/usr/lib64/python2.6/site-packages/pyrit_cli.py", line 334, in analyze parser = self._getParser(capturefile) File "/usr/lib64/python2.6/site-packages/pyrit_cli.py", line 164, in _getParser parser.parse_pcapdevice(dev) File "/usr/lib64/python2.6/site-packages/cpyrit/pckttools.py", line 597, in parse_pcapdevice self.parse_packet(pckt) File "/usr/lib64/python2.6/site-packages/cpyrit/pckttools.py", line 615, in parse_packet self._add_ap(dot11_pckt.addr2, dot11_pckt) File "/usr/lib64/python2.6/site-packages/cpyrit/pckttools.py", line 540, in _add_ap essid = self._find_ssid(pckt) File "/usr/lib64/python2.6/site-packages/cpyrit/pckttools.py", line 531, in _find_ssid for elt_pckt in pckt.iterSubPackets(scapy.layers.dot11.Dot11Elt): File "/usr/lib64/python2.6/site-packages/cpyrit/pckttools.py", line 91, in iterSubPackets elt = elt[cls:2] File "/usr/lib64/python2.6/site-packages/scapy/packet.py", line 758, in getitem raise IndexError("Layer [%s] not found" % lname) IndexError: Layer [Dot11Elt] not found

please try rev 242

Solid. Completes with the test-dump I sent you and some others that had the same error. Thank you!

fixed

Issue 150 has been merged into this issue.

I have same problem with 0.3.0 version. I've been try with latest rev (280) and i get this problem:

Parsing file '1285791250.0-01.cap' (1/1)... Traceback (most recent call last): File "/usr/local/bin/pyrit", line 6, in pyrit_cli.Pyrit_CLI().initFromArgv() File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 116, in initFromArgv func(self, **options) File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 164, in new_f f(*args, **kwds) File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 448, in analyze parser = self._getParser(capturefile) File "/usr/local/lib/python2.6/dist-packages/pyrit_cli.py", line 180, in _getParser parser.parse_pcapdevice(dev) File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 599, in parse_pcapdevice for pckt in reader: File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 499, in next pckt = self.read() File "/usr/local/lib/python2.6/dist-packages/cpyrit/pckttools.py", line 487, in read r = _cpyrit_cpu.PcapDevice.read(self) IOError: libpcap-error while reading: truncated dump file; tried to read 16 header bytes, only got 6 Instead with aircrack-ng i can read the file.

$ python -c "import scapy.config; print scapy.config.conf.version" 2.1.0

It looks like a different problem (truncated/incomplete dump). Did you check the file with wireshark for containing EAPOL-packets?

the problem is already resolved in issue 192