Wireshark

  • Riverbed Technology
  • WinPcap
SHARKFEST '13 - Wireshark Developer and User Conference - June 16-19, 2013 - UC Berkeley
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-bugs: [Wireshark-bugs] [Bug 5899] New: Most edonkey packets cannot be dissected because of the Protocol Obfuscation

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 8 May 2011 08:57:42 -0700 (PDT)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5899

           Summary: Most edonkey packets cannot be dissected because of
                    the Protocol Obfuscation
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: xiaoxiangquan@xxxxxxxxx


Created an attachment (id=6301)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6301)
a real capture from downloading, 95% of the packets cannot be dissected

Build Information:
Version 1.5.1 (SVN Rev 36407 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.4, with GLib 2.28.6, with libpcap 1.1.1, with
libz 1.2.3.4, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without Python, without GnuTLS, without
Gcrypt, without Kerberos, without GeoIP, without PortAudio, without AirPcap.

Running on Linux 2.6.38-8-generic, with libpcap version 1.1.1, with libz
1.2.3.4.

Built using gcc 4.5.2.
--
Since long ago emule/amule has applied Protocol Obfuscation, see:
http://wiki.emule-web.de/index.php/Protocol_obfuscation
Or the related amule source code: amule/src/Encrypted*.*

I'm trying to add this feature to /epan/dissectors/packet-edonkey.c by store
client id and verify key, they are needed when decrypt. But it doesn't work
well until now.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
  • Follow-Ups:
    • [Wireshark-bugs] [Bug 5899] Most edonkey packets cannot be dissected because of the Protocol Obfuscation
      • From: bugzilla-daemon
    • [Wireshark-bugs] [Bug 5899] Most edonkey packets cannot be dissected because of the Protocol Obfuscation
      • From: bugzilla-daemon
    • [Wireshark-bugs] [Bug 5899] Most edonkey packets cannot be dissected because of the Protocol Obfuscation
      • From: bugzilla-daemon
    • [Wireshark-bugs] [Bug 5899] Most edonkey packets cannot be dissected because of the Protocol Obfuscation
      • From: bugzilla-daemon
  • Prev by Date: [Wireshark-bugs] [Bug 5893] VTP dissector enhancement to recognize VTP Join/Prune messages (patch included)
  • Next by Date: [Wireshark-bugs] [Bug 5899] Most edonkey packets cannot be dissected because of the Protocol Obfuscation
  • Previous by thread: [Wireshark-bugs] [Bug 5756] Wireshark probably should have an Installer package rather than be drag-install
  • Next by thread: [Wireshark-bugs] [Bug 5899] Most edonkey packets cannot be dissected because of the Protocol Obfuscation
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation