[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243 --- Comment #8 from Gerrit Code Review--- Change 24543 merged by Anders Broman: TLS: fix decryption with EMS and client auth https://code.wireshark.org/review/24543 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14241] BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14241 --- Comment #3 from Dipankar Shaw--- please refer RFC 7911, section 3 Extended NLRI Encodings. in the packet I attached, i expect to see, First 4 Bytes as path Identifier -- 00 00 00 01 - mean decimal 1 1 Byte : prefix length 80 - mean decimal 128 last 16 Bytes as IPv6 address. -- 20A0:::::2111::: -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14241] BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14241 Michael Mannchanged: What|Removed |Added Status|INCOMPLETE |CONFIRMED CC||mman...@netscape.net --- Comment #2 from Michael Mann --- The issue is with packet 6 in the supplied capture. Just playing around, I modified tvb_get_ipv6_addr_with_prefix_len() and removed the handling of prefix values not divisible by 8 (non full bytes), and the packet dissected correctly. My function now looks like this: int tvb_get_ipv6_addr_with_prefix_len(tvbuff_t *tvb, int offset, ws_in6_addr *addr, guint32 prefix_len) { guint32 addr_len; if (prefix_len > 128) return -1; addr_len = (prefix_len) / 8; memset(addr->bytes, 0, 16); tvb_memcpy(tvb, addr->bytes, offset, addr_len); return addr_len; } I'm not sure if "bit handling" is just an IPv4 thing and it was erroneously copy/pasted for IPv6, but this would affect a handful of dissectors if this was changed. No idea which RFCs this would refer to. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243 --- Comment #7 from Gerrit Code Review--- Change 24543 had a related patch set uploaded by Peter Wu: TLS: fix decryption with EMS and client auth https://code.wireshark.org/review/24543 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243 Peter Wuchanged: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED |CONFIRMED --- Comment #6 from Peter Wu --- Tested again with a RSA private key now against boringssl e3b2a5d3 and was able to reproduce the decryption issue. SSLKEYLOGFILE=mbedtls-boringssl-clientauth-rsa.keys \ bssl server -www -accept 4433 -require-any-client-cert \ -key server.pem -cipher AES256-SHA For comparison I have attached the key log file as created by boringssl. A look in the debug file shows that the calculated master secret is wrong. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243 --- Comment #5 from Peter Wu--- Created attachment 15978 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15978=edit Key log file for mbedtls client and boringssl server with mutual auth and RSA kex -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243 --- Comment #4 from Peter Wu--- Created attachment 15977 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15977=edit PEM-encoded RSA private key and self-signed X.509 certificate -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243 --- Comment #3 from Peter Wu--- Created attachment 15976 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15976=edit Capture of mbedtls client and boringssl server with mutual auth and RSA kex -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243 --- Comment #2 from Peter Wu--- Would it be possible to attach a pcap with session secrets? What version of Mbed TLS are you using? What client/server implementation? How did you configure decryption, using a key log file or a RSA private key? I tested with mbedtls mbedtls-2.6.0-71-g5eafc741 client and boringssl e7136a97 server, and was able to decrypt the traffic with Wireshark v2.5.0rc0-1801-gf5bc86df04 and v2.4.3rc0-55-g7857e105b3. The extended_master_secret extension was confirmed in the Server Hello and a decrypted HTTP layer is visible. # 1. Build bssl test program and mbedtls mkdir /tmp/b && cd /tmp/b && cmake -GNinja /boringssl && ninja bssl cd /mbedtls && mkdir build && cmake -GNinja .. && ninja # 2. Start capture, start server and run client dumpcap -i lo -f 'port 4433' -w mbedtls-boringssl.pcapng -p & SSLKEYLOGFILE=mbedtls-boringssl.keys /tmp/b/tool/bssl server -www -accept 4433 & programs/ssl/ssl_client2 auth_mode=optional # 3. Test capture + keys with Wireshark wireshark -dtcp.port==4433,ssl -dssl.port==4433,http -Y ssl \ -r mbedtls-boringssl.pcapng -ossl.keylog_file:mbedtls-boringssl.keys -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 12584] Saving PDML packet dissection crashes wireshark
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12584 Graham Bloicechanged: What|Removed |Added CC||graham.blo...@trihedral.com --- Comment #4 from Graham Bloice --- (In reply to Bogdan from comment #3) > I've come across this bug also, while processing a packet capture file with > DNP3 traffic (similar to > https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3821). Perhaps this > helps but I have noticed that the bug does NOT exist in wireshark/tshark > version 2.2.6 but it does in 2.4.3. Any thoughts? Do you have a capture file for that I could look at? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13207] enhancement : add 802.11ax Frame support in wireshark
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13207 Peter Wuchanged: What|Removed |Added CC||pe...@lekensteyn.nl -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14241] BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14241 Alexis La Gouttechanged: What|Removed |Added Status|UNCONFIRMED |INCOMPLETE Ever confirmed|0 |1 --- Comment #1 from Alexis La Goutte --- Hi, it is define in rfc number ? What the IPv6 address need to be display ? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 11370] Need dumpcap to be able to capture pcap-ng from a pipe
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11370 --- Comment #6 from Gerrit Code Review--- Change 24536 had a related patch set uploaded by James Ko: [WIP] dumpcap: enable capture of pcapng from pipe https://code.wireshark.org/review/24536 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14241] BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14241 Alexis La Gouttechanged: What|Removed |Added Summary|IPv6 NLRI is received with |BGP: IPv6 NLRI is received |Add-path ID, then Wire |with Add-path ID, then Wire |shark is not able to decode |shark is not able to decode |the packet correctly|the packet correctly CC||alexis.lagou...@gmail.com -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243 Alexis La Gouttechanged: What|Removed |Added CC||pe...@lekensteyn.nl --- Comment #1 from Alexis La Goutte --- Hi, Do you have try 2.5.x ? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243 Alexis La Gouttechanged: What|Removed |Added Summary|Wrong SSL decryption when |Wrong SSL decryption when |using EXTENDED MASTER |using EXTENDED MASTER |SECRET and Client |SECRET and Client |certificate reqest (mutual |certificate request (mutual |authentication) |authentication) CC||alexis.lagou...@gmail.com -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14237] SSH remote capture promiscuous mode
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14237 Michael Mannchanged: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14237] SSH remote capture promiscuous mode
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14237 --- Comment #1 from Gerrit Code Review--- Change 24530 merged by Michael Mann: sshdump: add option to prevent promiscuous mode. https://code.wireshark.org/review/24530 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14210] TRANSUM doesn't account for DNS retries in the Request Spread
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14210 --- Comment #6 from Paul Offord--- Hi Michael, I agree regarding the dissectors doing the protocol-related stuff - I definitely don't want to replicate this in TRANSUM. I didn't want to crack open the code again right now as I'm a bit pushed for time this week, but I'll roll in your DNS solution as soon as I can. I agree - I don't think your change will break TRANSUM. Best regards...Paul -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14210] TRANSUM doesn't account for DNS retries in the Request Spread
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14210 Michael Mannchanged: What|Removed |Added Status|CONFIRMED |RESOLVED Resolution|--- |FIXED --- Comment #5 from Michael Mann --- (In reply to Paul Offord from comment #3) > Hi Michael, > > We could definitely change TRANSUM to use the new DNS retransmission > information. Once change 24525 has been merged I'll raise a new bug to > document that TRANSUM should be changed. I'd like to go ahead with the > present patch in the meantime as it addresses the DNS issue and brings > significant performance improvements. > > Best regards...Paul Both change 24525 and 24506 have been merged (so closing bug). When I looked at the TRANSUM changes the "algorithm" for determining DNS retransmissions wasn't obvious to me (checking last few packets worth for duplicate IDs?). I looked because I didn't think the "time elapse" solution I came up with was that great, but it works and now we have a consistent API/interface with the new hf_ and expert fields. But for something like this, I think it's better to modify the dissector than the "tools" trying to analyze it. Initially I was more concerned that my DNS retransmission code would break TRANSUM, but I don't see how that could be the case. Note that the bugs listed in change 24525 have great capture files for testing DNS retransmissions if you want to see how TRANSUM would treat them too. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14210] TRANSUM doesn't account for DNS retries in the Request Spread
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14210 --- Comment #4 from Gerrit Code Review--- Change 24506 merged by Michael Mann: TRANSUM: Fix DNS-related bug and improve performance https://code.wireshark.org/review/24506 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14182] Calculate Conversation Timestamp - Turn on by default please
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14182 Michael Mannchanged: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14243] New: Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate reqest (mutual authentication)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243 Bug ID: 14243 Summary: Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate reqest (mutual authentication) Product: Wireshark Version: 2.4.2 Hardware: x86-64 OS: Windows 7 Status: UNCONFIRMED Severity: Major Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: oren...@gmail.com Target Milestone: --- Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- I'm using Wireshark 2.4.2 x64 for windows. The SSL library is mbedTLS. When using "Extended master secret" extention in addition to "client certificate request" ("Mutual authentication"), decryption fails. [Wrong data is shown]. When "handshake protocol: finished" message should appear - "Encrypted handshake message" appears instead (and "handshake protocol: finished" message doesn't appear in the trace). In mbedTLS library, the flag for enabling \ disabling "Extended master secret" in config.h is called "MBEDTLS_SSL_EXTENDED_MASTER_SECRET". The following tests were performed: 1. Client WITH "extended master secret" extention, server requests client certificate("Mutual authentication") --> Wrong decryption data appears. --> "Encrypted handshake message" message appears. 2. Client WITHOUT "extended master secret" extention, server requests client certificate("Mutual authentication") --> Decryption succedes. --> "Handshake protocol: finished" message appears. 3. Client WITH "extended master secret" extention, server does NOT requests client certificate --> Decryption succedes. --> "Handshake protocol: finished" message appears. I assume the bug is caused by wrong "session_hash" used by the wireshark. Note Bugs: #13704, #12042, #10686 (This is not a duplicate of any of them, however the fix might be related) P.S - I'm sorry the wireshark logs \ build information is not available here, they are in local network which doesn't have access to the interenet. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing listArchives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234 --- Comment #8 from Dario Lombardo--- I suppose this could be related to this change https://code.wireshark.org/review/#/c/24531/ -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234 --- Comment #7 from NOYB--- For a number of reasons cannot install 2.5 for debugging. Sorry. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234 --- Comment #6 from Dario Lombardo--- (In reply to NOYB from comment #5) > Perhaps could do that if I knew where the debug flag in the dialog is > located. I am sorry, I missed the version you're using. That feature has not been backported to 2.4, it is only in dev version (2.5). Can you install that? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234 --- Comment #5 from NOYB--- Perhaps could do that if I knew where the debug flag in the dialog is located. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234 --- Comment #4 from Dario Lombardo--- Can you tick the debug flag in the dialog and specify a debug file, then paste the content? It shows the command line of the extcap and the remote command sent. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234 --- Comment #3 from NOYB--- I should also add that I've since noticed adding a space in a variety of places causes it too work too. So don't wear blinders casing the abbreviated octet goose. At the beginning, end, between hosts, next to parenthesis, etc. It's really odd. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234 --- Comment #2 from NOYB--- No Wireshark error message. The remote capture happens. Just without any capture filtering. Can see that the filter was not passed to the remote by looking at the processes. FreeBSD 11.1: ps -wwU root | grep "[d]ump" CentOS 7: ps -ax | grep "[d]ump" -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14235] SSH remote capture private key pageant option
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14235 --- Comment #1 from Dario Lombardo--- I've gone through this some time ago. Looked like libssh doesn't have a proper pageant support. sshdump is based on libssh. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234 --- Comment #1 from Dario Lombardo--- Which error message does wireshark give you? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14178] DNS Retransmission Detection (Expert)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14178 Pascal Quantinchanged: What|Removed |Added Resolution|--- |FIXED CC||pascal.quan...@gmail.com Status|UNCONFIRMED |RESOLVED -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13313] dns_time not calculated based on first request with same transaction ID as respons.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13313 Pascal Quantinchanged: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14178] DNS Retransmission Detection (Expert)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14178 --- Comment #2 from Gerrit Code Review--- Change 24525 merged by Anders Broman: Add support to handle DNS retransmissions https://code.wireshark.org/review/24525 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13313] dns_time not calculated based on first request with same transaction ID as respons.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13313 --- Comment #4 from Gerrit Code Review--- Change 24525 merged by Anders Broman: Add support to handle DNS retransmissions https://code.wireshark.org/review/24525 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14239] SSH remote capture command not terminated if no packets captured
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14239 Dario Lombardochanged: What|Removed |Added CC||rkn...@gmail.com -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14239] SSH remote capture command not terminated if no packets captured
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14239 --- Comment #1 from Dario Lombardo--- I'd add Roland. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14239] SSH remote capture command not terminated if no packets captured
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14239 Dario Lombardochanged: What|Removed |Added Status|UNCONFIRMED |CONFIRMED Ever confirmed|0 |1 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14240] SSH remote capture settings profiles
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14240 --- Comment #1 from Dario Lombardo--- We discussed about this during the last sharkfest. At the moment you can use the global wireshark profiles to save multiple ssh profiles. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe