Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 12728] New: ZGP encrypted differencce between packet detai

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 09 Aug 2016 15:10:26 +0000
Bug ID 12728
Summary ZGP encrypted differencce between packet details and bytes
Product Wireshark
Version 2.0.5
Hardware x86-64
OS Windows 7
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Created attachment 14799 [details]
capture show difference details VS bytes

Build Information:
Version 2.0.5 (v2.0.5-0-ga3be9c6 from master-2.0)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.38.0, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale
French_France.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980),
based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15,
with Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i7-4800MQ CPU @ 2.70GHz (with SSE4.2), with 32393MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Hello,
I've seen these bugs since at least v2.0.2 I think it has never been
implemented correctly.
When I watch at the packet details of an encrypted ZGP payload (key set so
Wireshark can decode) the decode is perfect. Each value is interpreted
correctly etc...
BUT in the packet bytes window "Decrypted GP Payload" the bytes are more or
less random (sometimes correct especially on end of frame). This makes me think
the buffer containing these decoded data is not always updated (with the
correct data).

Could you please hava a look ?

For a bit of help, the decode is called from packet-zbee-nwk-gp.c in function
dissect_zbee_nwk_gp there is a call to zbee_gp_decrypt_payload that seems to
work fine as packet details window is OK ... I think things go wrong after but
there is no much code after that. 

The attached capture shows the difference between packet details windows and
packet bytes window. It should be the same.

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube