Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10557] EAPOL 4-way handshake information wrong

Wireshark-bugs: [Wireshark-bugs] [Bug 10557] EAPOL 4-way handshake information wrong

Date: Fri, 27 Mar 2015 16:11:59 +0000

What	Removed	Added
CC		pascal.quantin@gmail.com

Comment # 9 on bug 10557 from Pascal Quantin

(In reply to amato_carbonara from comment #8)
> Hi Alexis,
>   I believe using the counter value to distinguish between message #2 and
> message #4 would be too difficult (or impossible) with the Wireshark
> dissector.  In the IEEE 802.11 specification the value for the counter is
> defined as following:
> Message #2 - counter = n
> Message #4 - counter = n+1
> So the only way to distinguish between message #2 and message #4 using the
> counter value would be for Wireshark to "look ahead" and compare the counter
> values (e.g., if counter1 < counter2, then message 2, else message 4). 
> According to my understanding of the Wireshark dissector, "looking ahead" is
> not possible.

It is possible using multi pass (which id done by default in Wireshark, and
with the -2 option in tshark)

You are receiving this mail because:

You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 10557] EAPOL 4-way handshake information wrong
Next by Date: [Wireshark-bugs] [Bug 10557] EAPOL 4-way handshake information wrong
Previous by thread: [Wireshark-bugs] [Bug 10557] EAPOL 4-way handshake information wrong
Next by thread: [Wireshark-bugs] [Bug 10557] EAPOL 4-way handshake information wrong
Index(es):
- Date
- Thread