glennzw · June 4, 2019 14:09 · maximcherny · Jul 14, 2014
diff --git a/fcs.txt b/fcs.txt
 I'm capturing 802.11 frames - probe requests to be exact. I'm noticing occasional garbled data, so would to incorporate the Frame Check Sequence (FCS) to ensure frame integrity. I'd expect the card to dump failed checksum frames, but maybe this doesn't happen in promisc mode. We can see the FCS in action with tshark like so:

 # tshark -i mon0 -R 'wlan.fcs' -T fields -e wlan.fcs_good -e wlan.fcs
 1       0x5c1eecd5
 0       0x8d425ccf
 1       0xb28bb592
 1       0xd2cb1bf6

 ...where wlan.fcs is the calculated checksum, and wlan.fcs_good is the boolean of the result.

 Does anyone know how to implement this with scapy? Scapy uses BPF, so a tcpdump filter should work too. The FCS seems to consistently be the last four bytes, but is not always present - do you see it when you run the above command? See http://www.wireshark.org/faq.html#q7.10 for more info on why you may not.

 If scapy is not able to trivially calculate these, I may have to re-engineer how *shark calculates the checksum:

 http://ask.wireshark.org/questions/9883/80211-fcs-calculation

 But I'd rather not start re-implementing if someone's already done it.

 ethtool -K mon0 rx on #Turn on RX checksuming, doesn't work.

 Perhaps this is the answer?:
 https://github.com/somaproject/crc-hw


 Comments from #wireshark:
 fcs_good is a pseudo element in wireshark/tshark
 we calculate the checksum ourselves, then compare to the received fcs
 (IIRC this is turned off by default to save cpu)


 Update:
 Digging through wireshark source code, this seems to be how the FCS CRC is calculated:
 https://gist.github.com/glennzw/6365693
	I'm capturing 802.11 frames - probe requests to be exact. I'm noticing occasional garbled data, so would to incorporate the Frame Check Sequence (FCS) to ensure frame integrity. I'd expect the card to dump failed checksum frames, but maybe this doesn't happen in promisc mode. We can see the FCS in action with tshark like so:

	# tshark -i mon0 -R 'wlan.fcs' -T fields -e wlan.fcs_good -e wlan.fcs
	1 0x5c1eecd5
	0 0x8d425ccf
	1 0xb28bb592
	1 0xd2cb1bf6

	...where wlan.fcs is the calculated checksum, and wlan.fcs_good is the boolean of the result.

	Does anyone know how to implement this with scapy? Scapy uses BPF, so a tcpdump filter should work too. The FCS seems to consistently be the last four bytes, but is not always present - do you see it when you run the above command? See http://www.wireshark.org/faq.html#q7.10 for more info on why you may not.

	If scapy is not able to trivially calculate these, I may have to re-engineer how *shark calculates the checksum:

	http://ask.wireshark.org/questions/9883/80211-fcs-calculation

	But I'd rather not start re-implementing if someone's already done it.

	ethtool -K mon0 rx on #Turn on RX checksuming, doesn't work.

	Perhaps this is the answer?:
	https://github.com/somaproject/crc-hw


	Comments from #wireshark:
	fcs_good is a pseudo element in wireshark/tshark
	we calculate the checksum ourselves, then compare to the received fcs
	(IIRC this is turned off by default to save cpu)


	Update:
	Digging through wireshark source code, this seems to be how the FCS CRC is calculated:
	https://gist.github.com/glennzw/6365693