Scapy Sends Malformed Packets

Question

I'm sending out probe requests using scapy. It works perfectly fine on my desktop but when I send it out from scapy, using the exact same code, the packets arrive malformed. I'm watching them in wireshark.

The malformed one has a Logical-Link Control layer and the bits are all just out of order. I don't really know how else to put it. The source and destination mac addresses are both offset by a few bits. The packet is twice as large, I'm just really baffled.

For example in scapy, my destination address is "aa:bb:cc:dd:ee:ff"

In the packet capture, the destination is "00:00:00:aa:bb:cc"

EDIT: The packets show up fine on my laptop in wireshark, but in wireshark on my desktop is where there is an issue.

sendp(Dot11(addr1=dest, 
            addr2=source, 
            addr3=source)/
      Dot11ProbeReq()/
      Dot11Elt(ID="SSID",info='test')/
      Dot11Elt(ID="Rates", info='\x02\x04\x0b\x16\x0c\x12\x18$')/
      Dot11Elt(ID="ESRates", info='0H`l')/
      Dot11Elt(ID="DSset", info='\x06'), 
      iface='wlan0', count=3)

EDIT: I believe the issue is because scapy is sending the wrong type/subtype. The packet should have

Type/subtype: Probe Request (0x04)

but the packet in wireshark displays

Type/subtype: Data (0x20)

Post code and a picture or copy paste of the wireshark payload please? — RyPeck
I just noticed that my laptop is using wireless-b, but it is a g interface, I'm going to try fixing that first. will post code/pic shortly — spun
I can't post images right now, but here is the link to them s1188.photobucket.com/user/5hibby/library/comp — spun
Can you use a different, cleaner image website, such as imgur? — RyPeck

spun spun · Accepted Answer · 2014-03-21T01:42:25

Monitor mode was not initiated correctly. The packets became malformed when not sent over a monitor interface.

Scapy Sends Malformed Packets

2 Answers