Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 7921] New: WLAN decryption status not updated after updati

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 27 Oct 2012 09:06:28 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7921

           Summary: WLAN decryption status not updated after updating
                    WEP/WPA keys
           Product: Wireshark
           Version: 1.8.3
          Platform: x86
        OS/Version: All
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: samano.and@xxxxxxxxx


Build Information:
wireshark 1.9.0 (SVN Rev 45808 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.10, with Cairo 1.10.2, with Pango 1.30.0, with
GLib 2.32.3, with libpcap, with libz 1.2.3.4, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.7.5, without Lua, without Python,
with GnuTLS 2.12.14, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, with
PortAudio <= V18, with AirPcap.

Running on Linux 3.2.0-32-generic, with locale C, with libpcap version 1.1.1,
with libz 1.2.3.4, GnuTLS 2.12.14, Gcrypt 1.5.0, without AirPcap.

Built using gcc 4.6.3.
--
For user convenience, I think WLAN decryption status should be updated right
after
the user puts WEP or WPA keys in the UAT dialog box.

Below is a procedure that a "novice" WLAN analyst is likely to do:
(Here, "Enable decryption" option in the IEEE 802.11 preference is already
enabled)

 1. Get a pcap file from his colleague tester
 2. Double-click the file to launch Wireshark
 3. He notices that WLAN frames are encrypted, so he asks the tester for the
key
 4. He goes into "Edit" -> "Preferences..." -> "Protocols" -> "IEEE802.11" and
then
    clicks "Edit..." button to launch "WEP and WPA Decryption keys" UAT
 5. He fills in the key and click "OK" -> "OK"
 6. Then he finds the frames are still not decrypted. He will either:
    a) tweak other options (such as "Reassemble fragmented 802.11 datagrams",
etc) and
       suddenly gets the WLAN frames decrypted.  or,
    b) blame the colleague saying "Your key wasn't right!"

I see this issue with 1.8.x and later.

Note: Wireshark 1.6.x do not have this issue since they do not use
UAT for WEP/WPA keys. The user simply fills out the key in the pref dialog,
click "OK", then he will see the decrypted frames.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube