Wireshark · Ethereal-dev: [Ethereal-dev] Parsing error for ISAKMP QM proposals

Ethereal-dev: [Ethereal-dev] Parsing error for ISAKMP QM proposals

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Ghislaine Labouret <Ghislaine.Labouret@xxxxxx>

Date: Thu, 25 Oct 2001 11:41:49 +0200

Hello,

A small bug report: Ethereal skips the second proposal payload when
parsing the attached packet (tcpdump shows it correctly).


Sincerely,

-- Ghislaine Labouret

Attachment: QM_proposals.pcap
Description: Binary data

18:57:53.355921 openbsd.ipsec2001.hsc.fr.isakmp > pix.ipsec2001.hsc.fr.isakmp:  [udp sum ok] isakmp v1.0 exchange QUICK_MODE
	cookie: d52e131d5f9b76f9->2eb316965f3c20ec msgid: 4755b931 len: 188
	payload: HASH len: 24
	payload: SA len: 84 DOI: 1(IPSEC) situation: IDENTITY_ONLY 
	    payload: PROPOSAL len: 36 proposal: 1 proto: IPSEC_ESP spisz: 4 xforms: 1 SPI: 0x5ef2ffef
	        payload: TRANSFORM len: 24
	            transform: 1 ID: AES
	                attribute LIFE_TYPE = SECONDS
	                attribute LIFE_DURATION = 1800
	                attribute ENCAPSULATION_MODE = TUNNEL
	                attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
	    payload: PROPOSAL len: 36 proposal: 2 proto: IPSEC_ESP spisz: 4 xforms: 1 SPI: 0x8f03ed24
	        payload: TRANSFORM len: 24
	            transform: 1 ID: 3DES
	                attribute LIFE_TYPE = SECONDS
	                attribute LIFE_DURATION = 1800
	                attribute ENCAPSULATION_MODE = TUNNEL
	                attribute AUTHENTICATION_ALGORITHM = HMAC_SHA
	payload: NONCE len: 20
	payload: ID len: 16 type: IPV4_ADDR_SUBNET = 10.200.0.0/255.255.0.0
	payload: ID len: 16 type: IPV4_ADDR_SUBNET = 10.198.0.0/255.255.0.0 [ttl 0] (id 1)

Frame 1 (220 on wire, 220 captured)
Null/Loopback
Internet Protocol, Src Addr: 192.70.106.200 (192.70.106.200), Dst Addr: 192.70.106.198 (192.70.106.198)
User Datagram Protocol, Src Port: 500 (500), Dst Port: 500 (500)
Internet Security Association and Key Management Protocol
    Initiator cookie
    Responder cookie
    Next payload: Hash (8)
    Version: 1.0
    Exchange type: Quick Mode (32)
    Flags
    Message ID: 0x4755b931
    Length: 188
    Hash payload
        Next payload: Security Association (1)
        Length: 24
        Hash Data
    Security Association payload
        Next payload: Nonce (10)
        Length: 84
        Domain of interpretation: IPSEC (1)
        Situation: IDENTITY (1)
        Proposal payload
            Next payload: Proposal (2)
            Length: 36
            Proposal number: 1
            Protocol ID: IPSEC_ESP (3)
            SPI size: 4
            Number of transforms: 1
            SPI
            Transform payload
                Next payload: NONE (0)
                Length: 24
                Transform number: 1
                Transform ID: AES (12)
                SA-Life-Type (1): Seconds (1)
                SA-Life-Duration (2): Duration-Value (1800)
                Encapsulation-Mode (4): Tunnel (1)
                Authentication-Algorithm (5): HMAC-SHA (2)
    Nonce payload
        Next payload: Identification (5)
        Length: 20
        Nonce Data
    Identification payload
        Next payload: Identification (5)
        Length: 16
        ID type: IPV4_ADDR_SUBNET (4)
        Protocol ID: Unused
        Port: Unused
        Identification data: 10.200.0.0
    Identification payload
        Next payload: NONE (0)
        Length: 16
        ID type: IPV4_ADDR_SUBNET (4)
        Protocol ID: Unused
        Port: Unused
        Identification data: 10.198.0.0

0000  00 00 00 02 45 00 00 d8 00 01 00 00 00 11 63 f9   ....E.........c.             
0010  c0 46 6a c8 c0 46 6a c6 01 f4 01 f4 00 c4 77 4b   .Fj..Fj.......wK             
0020  d5 2e 13 1d 5f 9b 76 f9 2e b3 16 96 5f 3c 20 ec   ...._.v....._< .             
0030  08 10 20 00 47 55 b9 31 00 00 00 bc 01 00 00 18   .. .GU.1........             
0040  31 df e2 ed df 2d 8b 80 d5 3c c6 40 1c fd aa d0   1....-...<.@....             
0050  da 6d 91 bc 0a 00 00 54 00 00 00 01 00 00 00 01   .m.....T........             
0060  02 00 00 24 01 03 04 01 5e f2 ff ef 00 00 00 18   ...$....^.......             
0070  01 0c 00 00 80 01 00 01 80 02 07 08 80 04 00 01   ................             
0080  80 05 00 02 00 00 00 24 02 03 04 01 8f 03 ed 24   .......$.......$             
0090  00 00 00 18 01 03 00 00 80 01 00 01 80 02 07 08   ................             
00a0  80 04 00 01 80 05 00 02 05 00 00 14 da a4 22 f7   ..............".             
00b0  fe 83 8d 87 50 0a fb e9 62 17 cc ce 05 00 00 10   ....P...b.......             
00c0  04 00 00 00 0a c8 00 00 ff ff 00 00 00 00 00 10   ................             
00d0  04 00 00 00 0a c6 00 00 ff ff 00 00               ............

Follow-Ups:
- Re: [Ethereal-dev] Parsing error for ISAKMP QM proposals
  - From: Guy Harris

Prev by Date: [Ethereal-dev] Re: Problems compiling ethereal on a HP-UX 10.20 System
Next by Date: [Ethereal-dev] idl2eth update
Previous by thread: [Ethereal-dev] Re: Problems compiling ethereal on a HP-UX 10.20 System
Next by thread: Re: [Ethereal-dev] Parsing error for ISAKMP QM proposals
Index(es):
- Date
- Thread