Wireshark-users: [Wireshark-users] ZRTP version indication problem - Wireshark 1.1.2

From: Marian Kechlibar <marian.kechlibar@xxxxxxxxxxxxxx>
Date: Mon, 16 Mar 2009 13:00:30 +0100
Hello all,

I have detected a trivial bug regarding support of the ZRTP protocol
in Wireshark 1.1.2.

The ZRTP protocol version has been increased from 1.00 to 1.10 in the
latest ZRTP protocol drafts. The binary structure of the messages is
still the same. However, when Wireshark records a ZRTP Hello packet,
it will display "Unsupported version of ZRTP protocol" instead of
"Hello Packet". That is because the ZRTP protocol version is explicitely
stated within the Hello packet and the code obviously does not recognize
1.10 as supported version yet.

The correction is trivial, at least for the person who orients himself
in the source code for ZRTP packet analyzer: add 1.1* versions to the
list of supported versions. I write 1.1* instead of 1.10, because the
ZRTP protocol draft states that all versions which differ only in the
last character of their version (say, 1.10, 1.11 and 1.1b) MUST be
interoperable.

The latest ZRTP draft also added support for Ping and PingACK messages.
However, support for them is not such a trivial enhancement, it actually
needs some extra coding...

Best regards

Marian Kechlibar
crypto developer
unregistered user of Wireshark