https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2905
Summary: "ISAKMP-Attrib payload" values wrongly
interpreted/displayed
Product: Wireshark
Version: 1.0.3
Platform: Other
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Low
Component: Extras
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: zappacor@xxxxxxxxxxxx
Build Information:
wireshark 1.0.3
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.11, with GLib 2.16.5, with libpcap 0.9.8, with libz
1.2.3, with POSIX capabilities (Linux), with libpcre 7.8, without SMI, without
ADNS, without Lua, without GnuTLS, without Gcrypt, without Kerberos, without
PortAudio, without AirPcap.
Running on Linux 2.6.26-tuxonice, with libpcap version 0.9.8.
Built using gcc 4.3.1.
--
Sorry if this is not the right place to post this, just please tell where
should I do it if that's the case.
Now, when decoding ISAKMP traffic WireShark doesn't decode some of the XAUTH
fields correctly as you can see here:
Internet Security Association and Key Management Protocol
Initiator cookie: C2CE615CB2795129
Responder cookie: 1392CB3FB96C3ADD
Next payload: Hash (8)
Version: 1.0
Exchange type: Transaction (Config Mode) (6)
Flags: 0x00
Message ID: 0x4ff279b4
Length: 90
Hash payload
Next payload: Attrib (14)
Payload length: 24
Hash Data
Attrib payload
Next payload: NONE (0)
Payload length: 38
Type ISAKMP_CFG_REPLY (2)
Identifier: 0
XAUTH_TYPE (0)
XAUTH_USER_NAME: <too big (8 bytes)>
XAUTH_USER_PASSWORD: <too big (10 bytes)>
where both values XAUTH_USER_NAME and XAUTH_USER_PASSWORD are strings and shown
be decoded as such. And here:
Internet Security Association and Key Management Protocol
Initiator cookie: C2CE615CB2795129
Responder cookie: 1392CB3FB96C3ADD
Next payload: Hash (8)
Version: 1.0
Exchange type: Transaction (Config Mode) (6)
Flags: 0x00
Message ID: 0x2ee3dd79
Length: 124
Hash payload
Next payload: Attrib (14)
Payload length: 24
Hash Data
Attrib payload
Next payload: NONE (0)
Payload length: 72
Type ISAKMP_CFG_SET (3)
Identifier: 1
XAUTH_STATUS (1)
INTERNAL_IP4_ADDRESS (2270963452e)
INTERNAL_IP4_DNS (2619157494e)
INTERNAL_IP4_DNS (2619155396e)
INTERNAL_IP4_NBNS (2325487595e)
INTERNAL_IP4_NBNS (2325487597e)
INTERNAL_ADDRESS_EXPIREY (86400e)
INTERNAL_IP4_SUBNET: <too big (8 bytes)>
where all of the INTERNAL_IP4_* values should be interpreted and displayed as
IP addresses instead of numbers and for all of them (including
INTERNAL_ADDRESS_EXPIREY) I don't know what the "e" character at the end of the
values shown mean (I think it's just a bug in the interpretation/display).
Regards,
Rolando Zappacosta
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.