Wireshark-bugs: [Wireshark-bugs] [Bug 2943] New: decoding of ESP payload issue

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 6 Oct 2008 06:23:53 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2943

           Summary: decoding of ESP payload issue
           Product: Wireshark
           Version: 1.1.x (Experimental)
          Platform: PC
        OS/Version: Windows 2000
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: vincent.helfre@xxxxxxx


Created an attachment (id=2320)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2320)
sample_esp_dec.pcap

Build Information:
Version 1.1.2-SVN-26356 (SVN Rev 26356)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.14.3, with GLib 2.18.1, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.5.3, without ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt
1.4.1, with MIT Kerberos, with PortAudio V19-devel (built Oct  5 2008), with
AirPcap.

Running on Windows 2000 Service Pack 4, build 2195, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
There is a regression in recent wireshark release. Decoding ESP payload works
on version 0.99.8. In 1.1.2, it does not work any more.

I am attaching sample_esp_dec.pcap which should be possible to decode with
these keys:

In Edit->Preference->Protocoles->ESP:
Attempt to detect/decode encrypted ESP payload: box checked

SA#1:  IPv4|192.168.204.4|192.168.0.101|*
Encryption algorithm #1: AES-CBC[RFC3602]
Authentication algorithm #1: HMAC-SHA1-96[RFC2404]
Encryption Key #1: 0x2062279616a7abbc7b2b3d9b33f3f9e9
Authentication Key #1: 0x152d80ff9f3fd5d2775bd644bfd59880f0d9bd2a

SA#2:  IPv4|192.168.0.101|192.168.204.4|*
Encryption algorithm #2: AES-CBC[RFC3602]
Authentication algorithm #2: HMAC-SHA1-96[RFC2404]
Encryption Key #2: 0x9adebb20e176c4ff494be15ca3ab1d5d
Authentication Key #2: 0xfb3d5efbfbb5d5373118f43f33733081de9cf4ef


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.