Re: [Wireshark-dev] wireshark seems to not correctly follow WPA2 rekeying
Hi Avery, On Sat, Oct 11, 2014 at 1:01 PM, Avery Pennarun apenw...@gmail.com wrote: Tested with wireshark 1.10.6 and 1.12.1. See attached pcap, which I've trimmed down to a minimally reproducible test case. I created this by setting up hostapd to rekey very frequently: wep_rekey_period=10 wpa_group_rekey=10 wpa_strict_rekey=1 wpa_gmk_rekey=9 wpa_ptk_rekey=10 And then attached a station to it, generating some traffic. For this test data, the SSID:password is TestSSID and 01234567. Here's what we see: - Packet #10-28: initial EAPOL exchange - Packet #29-164: some successfully decoded traffic - Packet #165-1308: group key rotation (probably not relevant, but just in case...) - Packet #1308-1430: more successfully decoded traffic - Packet #1431-1439: session key rotation - Packet #1442-end: traffic does *not* decode successfully. I would have expected that since the rekeying was captured correctly, wireshark would be able to continue decoding after the rekeying is completed. I captured this traffic on a Macbook Air (not participating in this interaction) with 'tcpdump -I. For wireshark to decode the first part, I had to set Ignore the protection bit to Yes - with IV in Edit | Preferences | Protocols | IEEE 802.11. Note: I've confirmed that the station and AP were able to communicate during the entire session. In case it matters, the client is a Linux box with ath9k and wpa_supplicant and the AP is a Linux box with ath10k and hostapd. It is possible to create a new bug on bugtracker ? (with pcap sample...) http://bugs.wireshark.org Does anyone have any suggestions for what I might be doing wrong, or if there is a bug in wireshark? I'd be surprised if it simply can't handle rekeying and nobody has noticed. Do you have try oldest release ? (like 1.8 ?) I no sure if the rekeying is supported by Wireshark actually... Thanks! Avery ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] RoCE and CM dissector fixes
On 10/10/2014 4:43 PM, Tim (Thanh) Nguyen wrote: Hi Alexis, Sorry, I'm not familiar with Gerrit, and right now my normal work doesn't leave me any cycles to learn it for this purpose. If someone else would like to take this patch and properly submit it ,then feel free. Tim. See: https://code.wireshark.org/review/#/c/4614/ ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
Re: [Wireshark-dev] FW: [Wireshark-commits] master 5330875: GTK+: Revert back to 2.24.14-1.1 on Win64.
2014-10-08 18:58 GMT+02:00 Alexis La Goutte alexis.lagou...@gmail.com: On Tue, Oct 7, 2014 at 10:38 PM, Pascal Quantin pascal.quan...@gmail.com wrote: 2014-09-30 23:32 GMT+02:00 Gerald Combs ger...@wireshark.org: On 9/30/14 12:30 PM, Anders Broman wrote: Den 30 sep 2014 21:27 skrev Gerald Combs ger...@wireshark.org mailto:ger...@wireshark.org: On 9/30/14 5:00 AM, Anders Broman wrote: Switching to the OBS GTK+ 3.14 package. It looks like a lot of our GTK+ code is deprecated, including GtkAction and GtkAttachOptions. Would using 3.14 work if we remove on or more of these flags from config.nmake? -DGDK_DISABLE_DEPRECATED \ -DGDK_PIXBUF_DISABLE_DEPRECATED \ -DGTK_DISABLE_DEPRECATED \ -DGTK_DISABLE_SINGLE_INCLUDES \ -DGSEAL_ENABLE Possibly. If someone wants to experiment with this I can create GTK+ 3.14 bundles and check them in to the win32-libs and win64-libs trunks. I think that could be useful. Done. Hi all, Alexis spotted a new Win64 GTK2 crash (when scrolling fast in the packet window) seen exclusively on Win8.1 and not on Win7 (yes this also happens with the old 2.24.14 package). So I gave a try to the GTK 3.14 package. You will find attached the patch allowing to generate the win32|64 installers. The good news is that it does not crash anymore on Win8.1. And yes Balint, it does look better on Windows :) But there are still things that are not displayed properly (at least on Windows, my Ubuntu machine is still on 3.10.8). What I spotted on my quick test: - half of the icons are missing in the toolbar - no arrows in the scroll bars - no arrows / cross in the packet panes or in the menus (like TCP StreamGraph sub menu) - probably other things I did not discover yet I know basically nothing about GTK coding, so I'm not sure whether this is a lot of work to fix those items or not. If good soul is willing to take the challenge, Win8.1 users would be happy (until Qt is finished of course !). Cheers, Pascal. Thanks Pascal for the help, The issue is on Win 8.* (i have no yet upgrade to 8.1..) PS: looks like the win32 build crashes in libpixman-1-0.dll. I did not investigate it yet as I'm not sure it's worth the trouble if we do not care moving to GTK3. Even better news: I updated our GTK/Glib bundle to 2.24.23/2.42 (the latest version found on OBS) and my win64 build on Windows 8.1 does not crash anymore at startup or when using Alexis' capture. I will upload the package tomorrow. Regards, Pascal. ___ Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe