Wireshark-bugs: [Wireshark-bugs] [Bug 12524] New: Add another decryption option to frames incorr

Date: Tue, 14 Jun 2016 20:46:25 +0000
Bug ID 12524
Summary Add another decryption option to frames incorrectly flagged as protected
Product Wireshark
Version Git
Hardware All
OS All
Status UNCONFIRMED
Severity Enhancement
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 14649 [details]
sample capture

Build Information:
Version 2.1.1-git (v2.1.1rc0-93-g76ed781 from master)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.5.1, with libpcap, without POSIX capabilities, with
GLib 2.36.0, with zlib 1.2.5, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2,
with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, with
QtMultimedia, without AirPcap.

Running on Mac OS X 10.11.5, build 15F34 (Darwin 15.5.0), with locale C, with
libpcap version 1.5.3 - Apple version 54, with GnuTLS 2.12.19, with Gcrypt
1.5.0, with zlib 1.2.5.
Intel(R) Core(TM) i7-4870HQ CPU @ 2.50GHz (with SSE4.2)

Built using clang 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31).
--
Macos seems to be able to capture raw ieee80211 WPA2/CCMP traffic and decrypt
the frame if the capturing device is one of the communication partners. It does
also leave the protected bit on and the IV in.
The existing decryption options do not offer a useful value, as there are lots
of other still encrypted frames in the bigger capture file (not included).


You are receiving this mail because:
  • You are watching all bug changes.