Wireshark-bugs: [Wireshark-bugs] [Bug 3486] Adds ability to read Daintree SNA capture files (IEE
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3486
--- Comment #9 from Eugene P <eugenios@xxxxxxxxx> 2009-09-17 08:42:27 PDT ---
(In reply to comment #8)
> Created an attachment (id=3670)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3670) [details]
> Sample DCF File with Encrypted Packet
>
> Attached is a sample file that uses this Network Key:
>
> 2fe1:580b:bf68:4a24:7ce7:de7b:14a0:0617
>
> DCF files like the attached sometimes include keys in header lines that
> start with "#SEC_KEY":
>
> key="1706a0147bdee77c244a68bf0b58e12f"
>
> Unfortunately the filter doesn't extract the keys automatically. You have to
> manually enter the key in Wireshark in reverse byte order. Wireshark ignores
> the colons.
>
Thanks for the sample file.
I filled in the network key you gave, and left Trust Center Address and Trust
Center Link Key empty, set Security Level to "AES-128 Encryption, 23-bit
Integrity Protection".
The capture still seems to be undecrypted. The frame shows:
[Expert Info (Warn/Undecoded): Encrypted Payload].
What am I missing?
My WireShark is on Version 1.2.2 (SVN Rev 29910).
I assume the patch is included in this latest version?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.