Alexander Wetzel
changed
bug 9065
Comment # 8
on bug 9065
from Alexander Wetzel
current versions have a regression here, at least both 1.12.8 and trunk are not
able to decode this capture, even after striping it down as suggested.
The problem is, that in the eapol message #1 packets are four unaccounted bytes
in front of the FCS, tailing the 802.X authentication information.
The original (and still valid) reason for the capture attached here to be not
working is, that it has more than 256 different SA in it. (In fact there seem
to be 1662 SAs in the capture...)
Now that could be fixed by setting "AIRPDCAP_MAX_SEC_ASSOCIATIONS_NR" in to an
higher value in epan/crypt/airpdcap_system.h, but the current default seems to
be reasonable for me.
I assume this may something which should be mentioned on the wiki instead, so
I've added that to Gotchas here: https://wiki.wireshark.org/HowToDecrypt802.11
You are receiving this mail because:
- You are watching all bug changes.