Wireshark-bugs: [Wireshark-bugs] [Bug 12569] New: Incorrect interpretation of Cisco NHRP Authent
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 29 Jun 2016 18:34:29 +0000
Bug ID 12569
Summary Incorrect interpretation of Cisco NHRP Authentication Extension
Product Wireshark
Version Git
Hardware x86
OS All
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter g.djavadyan@gmail.com 

Created attachment 14691 [details]
NHRP packets with authentication extension

Build Information:
TShark (Wireshark) 2.1.0-git (v2.1.0rc0-3301-gf7cd537 from unknown)
--
Dear Wireshark developers,

Although RFC 2332 specifies that NHRP Authentication Extension have to include
Src Addr a variable length field
(https://tools.ietf.org/html/rfc2332#section-5.3.4.1), Cisco implemented it
without Src Addr field. This leads to incorrect interpretation of
Authentication Extension.

I checked it using classic IOS version [Cisco IOS Software, C2600 Software
(C2600-ADVENTERPRISEK9-M), Version 12.4(25d), RELEASE SOFTWARE (fc1)] and using
modern IOS XE version [Cisco IOS Software, CSR1000V Software
(X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.5(1)S2, RELEASE SOFTWARE (fc2)].

The dumped packets from both versions are attached. Authentication string is
"CISCO". Many thanks in advance!

Garri

You are receiving this mail because:
  • You are watching all bug changes.