Wireshark-bugs: [Wireshark-bugs] [Bug 10557] EAPOL 4-way handshake information wrong
Comment # 12
on bug 10557
from Alexis La Goutte
(In reply to amato_carbonara from comment #8)
> Hi Alexis,
> However, there is a much easier way to distinguish between message #2 and
> message #4. Instead of using the counter field, Wireshark could parse the
> "WPA Key Nonce" field (display filter = wlan_rsna_eapol.keydes.nonce).
> According to the IEEE specification, sections 11.6.6.3 and 11.6.6.5 define
> the value for the WPA Key Nonce as following:
> Message #2, Key Nonce = SNonce (Supplicant Nonce)
> Message #4, Key Nonce = 0
> So, the logic would be:
> 1. Use the Wireshark parser to determine the WPA Key Nonce value. The Key
> nonce field is 32 octets.
> 2. If !(keynonce), then message #2
> Else message #4
>
> This new code would replace lines 18335 through 18340 within the
> "dissectors-packet-ieee80211.c" file
>
> Since I have never written code within Wireshark, I am hesitant to provide
> the fix myself.
Yes, it is a better idea i think
No problem to propose a patch, there is a review code (Gerrit) before merge on
master and i will try your patch before merged on master
You can look http://wiki.wireshark.org/Development/SubmittingPatches for help
to submit a patch
You are receiving this mail because:
- You are watching all bug changes.