Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10916] NHRP dissector incorrect decode of authentication extension

Wireshark-bugs: [Wireshark-bugs] [Bug 10916] NHRP dissector incorrect decode of authentication e

Date: Tue, 03 Feb 2015 15:55:36 +0000

Comment # 1 on bug 10916 from Chris Maynard

(In reply to Patrick from comment #0)
> Build Information:
> Version 1.6.7

This is a rather old version of Wireshark that is no longer supported.  You
should consider upgrading, if possible.

> The NHRP dissector incorrectly decodes the cleartext password used in the
> NHRP Authentication Extension - see the attached capture -
> The first 4 bytes are decoded as an a Source Address when in fact they are
> the first 4 bytes of the password, the second four bytes are displayed as
> just data - when they should be displayed as a password.

Wireshark appears to be dissecting the extension properly according to section
5.3.4 NHRP Authentication Extension of RFC 2332
(http://tools.ietf.org/html/rfc2332).

By the way, the data is not a password at all, but rather, "The data field
contains the keyed hash calculated over the entire NHRP payload."

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 10916] New: NHRP dissector incorrect decode of authentication extension
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10798] HTTP Requests are only partially dissected (data is "thrown away")
Next by Date: [Wireshark-bugs] [Bug 9515] TLSV1 "Ignored Unknown Record"
Previous by thread: [Wireshark-bugs] [Bug 10916] New: NHRP dissector incorrect decode of authentication extension
Next by thread: [Wireshark-bugs] [Bug 10916] NHRP dissector incorrect decode of authentication extension
Index(es):
- Date
- Thread