Wireshark-bugs: [Wireshark-bugs] [Bug 10557] EAPOL 4-way handshake information wrong
amato_carbonara@yahoo.com
changed
bug 10557
What |
Removed |
Added |
CC |
|
amato_carbonara@yahoo.com
|
Comment # 2
on bug 10557
from amato_carbonara@yahoo.com
This error appears to be a dissector problem and not related to AirPcap
drivers.
Restating of error: EAPOL key message #2 is incorrectly labeled as Message 4
of 4 when WPA Key descriptors are used.
Further information: Within the dissectors-packet-ieee80211.c file, lines 18327
through 18345 are used to provide the EAPOL Key Message labels. The dissector
is using the following to distinguish between Message 2 and Message 4:
counter = tvb_get_guint8(tvb, offset+11)
According to the logic within the dissector (line 18336), Message 2 should not
have counter set.
if(!counter)
With this logic, the dissector expects the first byte of the 8 byte replay
counter to be 0 for message 2 and non-zero for message 4. If I understand the
spec correctly, the replay counter should be incremented by the Authenticator,
i.e. message 4 should have a replay counter that is 1 more that that in message
2.
This error was also discussed on the Wireshark forum:
https://ask.wireshark.org/questions/40856/tvb_get_guint8-function
You are receiving this mail because:
- You are watching all bug changes.