Wireshark-bugs: [Wireshark-bugs] [Bug 10916] NHRP dissector incorrect decode of authentication e
Date: Sat, 14 Feb 2015 10:56:26 +0000

Comment # 4 on bug 10916 from
(In reply to Patrick from comment #3)
> (In reply to Chris Maynard from comment #1)
> > (In reply to Patrick from comment #0)
> > > Build Information:
> > > Version 1.6.7
> > 
> > This is a rather old version of Wireshark that is no longer supported.  You
> > should consider upgrading, if possible.
> > 
> > > The NHRP dissector incorrectly decodes the cleartext password used in the
> > > NHRP Authentication Extension - see the attached capture -
> > > The first 4 bytes are decoded as an a Source Address when in fact they are
> > > the first 4 bytes of the password, the second four bytes are displayed as
> > > just data - when they should be displayed as a password.
> > 
> > Wireshark appears to be dissecting the extension properly according to
> > section 5.3.4 NHRP Authentication Extension of RFC 2332
> > (http://tools.ietf.org/html/rfc2332).
> > 
> > By the way, the data is not a password at all, but rather, "The data field
> > contains the keyed hash calculated over the entire NHRP payload."
> 
> This must be implementation specific in this case CISCO as the password is
> in clear-text "NHRPAUTH" - it's moot anyway as NHRP would be secured by
> IPSec anyway.

There is some information about CISCO implementation ?


You are receiving this mail because:
  • You are watching all bug changes.