Wireshark-bugs: [Wireshark-bugs] [Bug 13279] New: Can't decode packets captured with OpenBSD enc
Date: Thu, 29 Dec 2016 20:47:06 +0000
Bug ID 13279
Summary Can't decode packets captured with OpenBSD enc(4) encapsulating
Product Wireshark
Version 2.2.3
Hardware x86-64
OS Windows 10
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter thelabrat13@gmail.com

Created attachment 15157 [details]
File captured using enc(4)

Build Information:
ersion 2.2.3 (v2.2.3-0-g57531cd)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.6.1, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 10, build 14393, with locale English_United
States.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based
on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with
Gcrypt 1.6.2, without AirPcap.
AMD FX(tm)-8150 Eight-Core Processor            (with SSE4.2), with 16366MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Wireshark can't decapsulate packets captured in "OpenBSD enc(4) encapsulataion"
format. TCPdump can.

tcpdump: listening on enc0, link-type ENC (OpenBSD encapsulated IP), capture
size 1400 bytes
15:25:46.836545 (authentic,confidential): SPI 0xc565caa1: IP (tos 0x0, ttl 63,
id 1179, offset 0, flags [none], proto ICMP (1), length 84, bad cksum 90eb
(->91eb)!)
    172.16.67.1 > 172.16.74.1: ICMP echo request, id 57859, seq 0, length 64
15:25:46.836570 (authentic,confidential): SPI 0xc565caa1: IP (tos 0x0, ttl 64,
id 24190, offset 0, flags [none], proto IPIP (4), length 104, bad cksum 0
(->3266)!)
    172.16.73.67 > 172.16.72.74: IP (tos 0x0, ttl 63, id 1179, offset 0, flags
[none], proto ICMP (1), length 84)
    172.16.67.1 > 172.16.74.1: ICMP echo request, id 57859, seq 0, length 64
15:25:46.859112 (authentic,confidential): SPI 0xc9ed52a9: IP (tos 0x0, ttl 63,
id 3776, offset 0, flags [none], proto IPIP (4), length 104)
    172.16.72.74 > 172.16.73.67: IP (tos 0x0, ttl 63, id 7450, offset 0, flags
[none], proto ICMP (1), length 84)
    172.16.74.1 > 172.16.67.1: ICMP echo reply, id 57859, seq 0, length 64


You are receiving this mail because:
  • You are watching all bug changes.