Wireshark-bugs: [Wireshark-bugs] [Bug 9855] New: ZigBee PRO ZDO dissector incorrect dissection o

Date: Mon, 10 Mar 2014 08:35:14 +0000
Bug ID 9855
Summary ZigBee PRO ZDO dissector incorrect dissection of mgmt_rtg_rsp (Routing Table Response)
Classification Unclassified
Product Wireshark
Version 1.10.6
Hardware x86-64
OS Windows 8.1
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 12612 [details]
Capture file with incorrectly displayed packet. Use NWK key
fd:30:49:ec:45:38:11:14:8d:e0:b9:b4:ef:ca:65:6e to decrypt secure ZigBee NWK
frames

Build Information:
Version 1.10.6 (v1.10.6 from master-1.10)

Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Mar  7 2014), with AirPcap.

Running on 64-bit Windows 8, build 9200, with WinPcap version 4.1.3 (packet.dll
version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel(R) Core(TM)2 CPU          6600  @ 2.40GHz, with 6077MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The next hop and status fields of routing table entries in mgmt_rtg_rsp frames
are dissected incorrectly. Status and next hop fields are interfering somehow.
Probably an alignment issue.

Attached is a capture file with a frame that is incorrectly displayed.

Expected result:

4 entries in routing table:
destination 276c via ffff, status INACTIVE (0, 0, 0, 0)
destination 3849 via 3849, status ACTIVE (0, 0, 0, 0)
destination c6f6 via e5e6, status ACTIVE (0, 0, 0, 0)
Destination d056 via e5e6, status ACTIVE (0, 0, 0, 0)

The active network key for this capture is
fd:30:49:ec:45:38:11:14:8d:e0:b9:b4:ef:ca:65:6e. It can be entered via
Preferences, Protocols, ZigBee NWK, Pre-configured Keys


You are receiving this mail because:
  • You are watching all bug changes.