Wireshark-bugs: [Wireshark-bugs] [Bug 13031] New: ZigBee Green Power add key during execution
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 20 Oct 2016 08:51:31 +0000
Bug ID 13031
Summary ZigBee Green Power add key during execution
Product Wireshark
Version 2.2.0
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter atsju2@yahoo.fr 

Build Information:
Version 2.2.0-custom (v2.2.0-0-g5368c50 from tag2.2.0)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with Qt 5.4.1, with WinPcap (4_1_3), with GLib 2.38.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2.4, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale
French_France.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980),
based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15,
with Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz (with SSE4.2), with 32393MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 31101

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
First of all, yes it is a custom build, but this part shouldn't be impacted.

1) During a live capture of an encrypted device, all packets are decrypted and
parsed correctly.
2) the device uses a new security key already in the known list. No problem
3) the device uses a really new security key and I add it manually to the ZGP
key list => the new packets are decrypted but the old one (with a key still in
the list) are not decrypted.
4) Save the capture to reproduce the "bug" close and reopen Wireshark, open the
saved capture, all frames are decrypted (because keys are known)

So my conclusion the addition "during capture" of new security keys is only
partially working.

You are receiving this mail because:
  • You are watching all bug changes.