https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5983
Summary: DTLS fragment reassemble failure
Product: Wireshark
Version: 1.5.x (Experimental)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: michaelc@xxxxxxxxxxxxxxx
Created an attachment (id=6440)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6440)
Failed to reassemble packet #5 into server handshake message.
Build Information:
Version 1.7.0 (SVN Rev 37381 from /trunk)
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.22.1, with GLib 2.26.1, with WinPcap (version
unknown), with libz 1.2.5, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.10.3,
with
Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
May
24 2011), with AirPcap.
Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.10.3, Gcrypt 1.4.6, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
The attached pcap was captured with these two OpenSSL client server handshake
while using a rather large certificate (e.g. 2048-bit RSA or SHA-256
signature):
Server (openssl-0.9.8r on Linux):
openssl s_server -dtls1 -CAfile cacert.pem -cert 6084.pem -no_dhe
Client (openssl-0.9.8r on Windows):
openssl s_client -CAfile cacert.pem -cert 5062.pem -dtls1 -connect
10.0.2.15:4433 -debug
Packet #4 contains 2 server handshake messages, Server_Hello and
Server_Certificate, and due to its size, the latter was fragmented and the
second half of which was sent in packet #5. The Wireshark DTLS dissector failed
to reassemble it. My guess is it is not able to look past Server_Hello.
Sending multiple DTLS records in a single UDP packet is quite normal as shown
in this OpenSSL exercise.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.