Wireshark-bugs: [Wireshark-bugs] [Bug 3486] Adds ability to read Daintree SNA capture files (IEE
Date: Thu, 17 Sep 2009 08:42:29 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3486





--- Comment #9 from Eugene P <[email protected]>  2009-09-17 08:42:27 PDT ---
(In reply to comment #8)
> Created an attachment (id=3670)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3670) [details]
> Sample DCF File with Encrypted Packet
> 
> Attached is a sample file that uses this Network Key:
> 
> 2fe1:580b:bf68:4a24:7ce7:de7b:14a0:0617
> 
> DCF files like the attached sometimes include keys in header lines that 
> start with "#SEC_KEY":
> 
> key="1706a0147bdee77c244a68bf0b58e12f"
> 
> Unfortunately the filter doesn't extract the keys automatically. You have to
> manually enter the key in Wireshark in reverse byte order. Wireshark ignores
> the colons.
> 

Thanks for the sample file.
I filled in the network key you gave, and left Trust Center Address and Trust
Center Link Key empty, set Security Level to "AES-128 Encryption, 23-bit
Integrity Protection".
The capture still seems to be undecrypted. The frame shows: 
[Expert Info (Warn/Undecoded): Encrypted Payload].

What am I missing?
My WireShark is on Version 1.2.2 (SVN Rev 29910).
I assume the patch is included in this latest version?


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.