Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 10557] New: EAPOL 4-way handshake information wrong

Wireshark-bugs: [Wireshark-bugs] [Bug 10557] New: EAPOL 4-way handshake information wrong

Date: Fri, 10 Oct 2014 18:21:08 +0000

Bug ID	10557
Summary	EAPOL 4-way handshake information wrong
Product	Wireshark
Version	1.12.1
Hardware	x86-64
OS	Windows 7
Status	UNCONFIRMED
Severity	Trivial
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	murray.pickard@emerson.com

Created attachment 13156 [details]
screenshot snippet showing EAPOL Keys being incorrectly identified

Build Information:
Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12)

Copyright 1998-2014 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, with AirPcap 4.1.3 build
3348.
       Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, with 8072MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

--
On Windows 7, the EAPOL Key Exchange descriptions show key packets 2 and 4 as
"Key (Message 4 of 4)". This is being seen in both WireShark 1.10.10 and 1.12.1
(version 1.8.5 I tested with showed incorrect messages on some recent captures
too, but I left the WinPcap at version 4.1.3).  Older capture files I have show
correctly.  

I'm starting to suspect the issue may be related to the 4.1.3 (Riverbed)
AirPcap drivers as that is the only other component I am aware of changing
between past captures that display correctly and the new captures I've taken in
the past week since re-installing older versions of Wireshark exhibit the same
issue.  Unless reinstalling the older versions isn't replacing some of the
files that should otherwise be replaced to truely run the older version.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 10557] EAPOL 4-way handshake information wrong
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 10539] ad-data and pa-data structures other than IF-RELEVANT are no longer decoded in kerberos ASN1 dissector
Next by Date: [Wireshark-bugs] [Bug 10557] EAPOL 4-way handshake information wrong
Previous by thread: [Wireshark-bugs] [Bug 10556] Wireshark can't open netmon files from Microsoft Message Analyzer using non-standard "reserved for pcap" media types
Next by thread: [Wireshark-bugs] [Bug 10557] EAPOL 4-way handshake information wrong
Index(es):
- Date
- Thread