Kismet Wireless

Kismet Forums

 

Posted by:dragorn
Subject:std::bad_alloc
Date:22:28:36 04/06/2009

> Ah, thanks, the SVN stopped the crashes and gives "ERROR: Pcap Radiotap converter got corrupted radiotap frame, not long enough for radiotap header plus indicated FCS", problem now is that it finds the same network multiple times, but with different BSSID, encryption and sometimes a slightly corrupt name.
>
> tcpdump cap file here-
> http://rapidshare.com/files/240898960/foo.cap.html

Thanks.

So... The crash was exactly what I guessed - weird short frames... Open that cap and wireshark and look at packet 44-51, they're all... radiotap with no data. So that's fixed, thanks.

As far as the duped networks and such... It looks like your drivers are broken. If you look again w/ wireshark around packet 66 you can see that the drivers are reporting bunk packets with subtle corruption (probably they're not filtering broken FCS and you're getting invalid frames that way).

Fortunately for you, it ALSO looks like they include a usable FCS on the packet, so you can filter that way, so add 'validatefcs=true' to your source line:

ncsource=wlan0:validatefcs=true

or -c wlan0:validatefcs=true

in addition to whatever other source options you use.

That *should* clean up most of that for you, doing so on your example file cleans up the behavior in my tests.

-m


Reply to this message