date:20171122

[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243

--- Comment #8 from Gerrit Code Review  ---
Change 24543 merged by Anders Broman:
TLS: fix decryption with EMS and client auth

https://code.wireshark.org/review/24543

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14241] BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14241

--- Comment #3 from Dipankar Shaw  ---
please refer RFC 7911,  section 3 Extended NLRI Encodings.
in the packet I attached, i expect to see,

First 
4 Bytes as path Identifier -- 00 00 00 01 - mean decimal 1
1 Byte : prefix length 80 - mean decimal 128
last 
16 Bytes as IPv6 address. -- 20A0:::::2111:::

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14241] BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14241

Michael Mann  changed:

   What|Removed |Added

 Status|INCOMPLETE  |CONFIRMED
 CC||mman...@netscape.net

--- Comment #2 from Michael Mann  ---
The issue is with packet 6 in the supplied capture.  Just playing around, I
modified tvb_get_ipv6_addr_with_prefix_len() and removed the handling of prefix
values not divisible by 8 (non full bytes), and the packet dissected correctly.

My function now looks like this:

int
tvb_get_ipv6_addr_with_prefix_len(tvbuff_t *tvb, int offset, ws_in6_addr *addr,
guint32 prefix_len)
{
guint32 addr_len;

if (prefix_len > 128)
return -1;

addr_len = (prefix_len) / 8;
memset(addr->bytes, 0, 16);
tvb_memcpy(tvb, addr->bytes, offset, addr_len);

return addr_len;
}

I'm not sure if "bit handling" is just an IPv4 thing and it was erroneously
copy/pasted for IPv6, but this would affect a handful of dissectors if this was
changed.
No idea which RFCs this would refer to.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243

--- Comment #7 from Gerrit Code Review  ---
Change 24543 had a related patch set uploaded by Peter Wu:
TLS: fix decryption with EMS and client auth

https://code.wireshark.org/review/24543

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243

Peter Wu  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |CONFIRMED

--- Comment #6 from Peter Wu  ---
Tested again with a RSA private key now against boringssl e3b2a5d3 and was able
to reproduce the decryption issue.

SSLKEYLOGFILE=mbedtls-boringssl-clientauth-rsa.keys \
bssl server -www -accept 4433 -require-any-client-cert \
-key server.pem -cipher AES256-SHA

For comparison I have attached the key log file as created by boringssl. A look
in the debug file shows that the calculated master secret is wrong.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243

--- Comment #5 from Peter Wu  ---
Created attachment 15978
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15978=edit
Key log file for mbedtls client and boringssl server with mutual auth and RSA
kex

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243

--- Comment #4 from Peter Wu  ---
Created attachment 15977
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15977=edit
PEM-encoded RSA private key and self-signed X.509 certificate

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243

--- Comment #3 from Peter Wu  ---
Created attachment 15976
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15976=edit
Capture of mbedtls client and boringssl server with mutual auth and RSA kex

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243

--- Comment #2 from Peter Wu  ---
Would it be possible to attach a pcap with session secrets?

What version of Mbed TLS are you using?
What client/server implementation?
How did you configure decryption, using a key log file or a RSA private key?

I tested with mbedtls mbedtls-2.6.0-71-g5eafc741 client and boringssl e7136a97
server, and was able to decrypt the traffic with Wireshark
v2.5.0rc0-1801-gf5bc86df04 and v2.4.3rc0-55-g7857e105b3. The
extended_master_secret extension was confirmed in the Server Hello and a
decrypted HTTP layer is visible.

# 1. Build bssl test program and mbedtls
mkdir /tmp/b && cd /tmp/b && cmake -GNinja /boringssl && ninja bssl
cd /mbedtls && mkdir build && cmake -GNinja .. && ninja

# 2. Start capture, start server and run client
dumpcap -i lo -f 'port 4433' -w mbedtls-boringssl.pcapng -p &
SSLKEYLOGFILE=mbedtls-boringssl.keys /tmp/b/tool/bssl server -www -accept 4433
&
programs/ssl/ssl_client2 auth_mode=optional

# 3. Test capture + keys with Wireshark
wireshark -dtcp.port==4433,ssl -dssl.port==4433,http -Y ssl \
-r mbedtls-boringssl.pcapng -ossl.keylog_file:mbedtls-boringssl.keys

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 12584] Saving PDML packet dissection crashes wireshark

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12584

Graham Bloice  changed:

   What|Removed |Added

 CC||graham.blo...@trihedral.com

--- Comment #4 from Graham Bloice  ---
(In reply to Bogdan from comment #3)
> I've come across this bug also, while processing a packet capture file with
> DNP3 traffic (similar to
> https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3821). Perhaps this
> helps but I have noticed that the bug does NOT exist in wireshark/tshark
> version 2.2.6 but it does in 2.4.3. Any thoughts?

Do you have a capture file for that I could look at?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13207] enhancement : add 802.11ax Frame support in wireshark

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13207

Peter Wu  changed:

   What|Removed |Added

 CC||pe...@lekensteyn.nl

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14241] BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14241

Alexis La Goutte  changed:

   What|Removed |Added

 Status|UNCONFIRMED |INCOMPLETE
 Ever confirmed|0   |1

--- Comment #1 from Alexis La Goutte  ---
Hi,

it is define in rfc number ?
What the IPv6 address need to be display ?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 11370] Need dumpcap to be able to capture pcap-ng from a pipe

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11370

--- Comment #6 from Gerrit Code Review  ---
Change 24536 had a related patch set uploaded by James Ko:
[WIP] dumpcap: enable capture of pcapng from pipe

https://code.wireshark.org/review/24536

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14241] BGP: IPv6 NLRI is received with Add-path ID, then Wire shark is not able to decode the packet correctly

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14241

Alexis La Goutte  changed:

   What|Removed |Added

Summary|IPv6 NLRI is received with  |BGP: IPv6 NLRI is received
   |Add-path ID, then Wire  |with Add-path ID, then Wire
   |shark is not able to decode |shark is not able to decode
   |the packet correctly|the packet correctly
 CC||alexis.lagou...@gmail.com

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243

Alexis La Goutte  changed:

   What|Removed |Added

 CC||pe...@lekensteyn.nl

--- Comment #1 from Alexis La Goutte  ---
Hi,

Do you have try 2.5.x ?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14243] Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate request (mutual authentication)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243

Alexis La Goutte  changed:

   What|Removed |Added

Summary|Wrong SSL decryption when   |Wrong SSL decryption when
   |using EXTENDED MASTER   |using EXTENDED MASTER
   |SECRET and Client   |SECRET and Client
   |certificate reqest (mutual  |certificate request (mutual
   |authentication) |authentication)
 CC||alexis.lagou...@gmail.com

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14237] SSH remote capture promiscuous mode

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14237

Michael Mann  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|UNCONFIRMED |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14237] SSH remote capture promiscuous mode

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14237

--- Comment #1 from Gerrit Code Review  ---
Change 24530 merged by Michael Mann:
sshdump: add option to prevent promiscuous mode.

https://code.wireshark.org/review/24530

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14210] TRANSUM doesn't account for DNS retries in the Request Spread

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14210

--- Comment #6 from Paul Offord  ---
Hi Michael,

I agree regarding the dissectors doing the protocol-related stuff - I
definitely don't want to replicate this in TRANSUM.  I didn't want to crack
open the code again right now as I'm a bit pushed for time this week, but I'll
roll in your DNS solution as soon as I can.

I agree - I don't think your change will break TRANSUM.

Best regards...Paul

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14210] TRANSUM doesn't account for DNS retries in the Request Spread

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14210

Michael Mann  changed:

   What|Removed |Added

 Status|CONFIRMED   |RESOLVED
 Resolution|--- |FIXED

--- Comment #5 from Michael Mann  ---
(In reply to Paul Offord from comment #3)
> Hi Michael,
> 
> We could definitely change TRANSUM to use the new DNS retransmission
> information.  Once change 24525 has been merged I'll raise a new bug to
> document that TRANSUM should be changed.  I'd like to go ahead with the
> present patch in the meantime as it addresses the DNS issue and brings
> significant performance improvements.
> 
> Best regards...Paul

Both change 24525 and 24506 have been merged (so closing bug).

When I looked at the TRANSUM changes the "algorithm" for determining DNS
retransmissions wasn't obvious to me (checking last few packets worth for
duplicate IDs?).  I looked because I didn't think the "time elapse" solution I
came up with was that great, but it works and now we have a consistent
API/interface with the new hf_ and expert fields.  But for something like this,
I think it's better to modify the dissector than the "tools" trying to analyze
it.  Initially I was more concerned that my DNS retransmission code would break
TRANSUM, but I don't see how that could be the case.
Note that the bugs listed in change 24525 have great capture files for testing
DNS retransmissions if you want to see how TRANSUM would treat them too.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14210] TRANSUM doesn't account for DNS retries in the Request Spread

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14210

--- Comment #4 from Gerrit Code Review  ---
Change 24506 merged by Michael Mann:
TRANSUM: Fix DNS-related bug and improve performance

https://code.wireshark.org/review/24506

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14182] Calculate Conversation Timestamp - Turn on by default please

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14182

Michael Mann  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|UNCONFIRMED |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14243] New: Wrong SSL decryption when using EXTENDED MASTER SECRET and Client certificate reqest (mutual authentication)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14243

Bug ID: 14243
   Summary: Wrong SSL decryption when using EXTENDED MASTER SECRET
and Client certificate reqest (mutual authentication)
   Product: Wireshark
   Version: 2.4.2
  Hardware: x86-64
OS: Windows 7
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: oren...@gmail.com
  Target Milestone: ---

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
I'm using Wireshark 2.4.2 x64 for windows.
The SSL library is mbedTLS.

When using "Extended master secret" extention in addition to "client
certificate request" ("Mutual authentication"), decryption fails. [Wrong data
is shown].
When "handshake protocol: finished" message should appear - "Encrypted
handshake message" appears instead (and "handshake protocol: finished" message
doesn't appear in the trace).

In mbedTLS library, the flag for enabling \ disabling "Extended master secret"
in config.h is called "MBEDTLS_SSL_EXTENDED_MASTER_SECRET".

The following tests were performed:
1. Client WITH "extended master secret" extention, 
   server requests client certificate("Mutual authentication") 
   --> Wrong decryption data appears. 
   --> "Encrypted handshake message" message appears.

2. Client WITHOUT "extended master secret" extention, 
   server requests client certificate("Mutual authentication") 
   --> Decryption succedes. 
   --> "Handshake protocol: finished" message appears.

3. Client WITH "extended master secret" extention, 
   server does NOT requests client certificate
   --> Decryption succedes. 
   --> "Handshake protocol: finished" message appears.

I assume the bug is caused by wrong "session_hash" used by the wireshark.

Note Bugs: #13704, #12042, #10686
(This is not a duplicate of any of them, however the fix might be related)

P.S - I'm sorry the wireshark logs \  build information is not available here,
they are in local network which doesn't have access to the interenet.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234

--- Comment #8 from Dario Lombardo  ---
I suppose this could be related to this change

https://code.wireshark.org/review/#/c/24531/

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234

--- Comment #7 from NOYB  ---
For a number of reasons cannot install 2.5 for debugging.  Sorry.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234

--- Comment #6 from Dario Lombardo  ---
(In reply to NOYB from comment #5)
> Perhaps could do that if I knew where the debug flag in the dialog is
> located.

I am sorry, I missed the version you're using. That feature has not been
backported to 2.4, it is only in dev version (2.5). Can you install that?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234

--- Comment #5 from NOYB  ---
Perhaps could do that if I knew where the debug flag in the dialog is located.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234

--- Comment #4 from Dario Lombardo  ---
Can you tick the debug flag in the dialog and specify a debug file, then paste
the content? It shows the command line of the extcap and the remote command
sent.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234

--- Comment #3 from NOYB  ---
I should also add that I've since noticed adding a space in a variety of places
causes it too work too.  So don't wear blinders casing the abbreviated octet
goose.

At the beginning, end, between hosts, next to parenthesis, etc.
It's really odd.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234

--- Comment #2 from NOYB  ---
No Wireshark error message.  The remote capture happens.  Just without any
capture filtering.  Can see that the filter was not passed to the remote by
looking at the processes.

FreeBSD 11.1:
ps -wwU root | grep "[d]ump"

CentOS 7:
ps -ax | grep "[d]ump"

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14235] SSH remote capture private key pageant option

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14235

--- Comment #1 from Dario Lombardo  ---
I've gone through this some time ago. Looked like libssh doesn't have a proper
pageant support. sshdump is based on libssh.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14234] SSH remote capture filter does not load

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14234

--- Comment #1 from Dario Lombardo  ---
Which error message does wireshark give you?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14178] DNS Retransmission Detection (Expert)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14178

Pascal Quantin  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 CC||pascal.quan...@gmail.com
 Status|UNCONFIRMED |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13313] dns_time not calculated based on first request with same transaction ID as respons.

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13313

Pascal Quantin  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|UNCONFIRMED |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14178] DNS Retransmission Detection (Expert)

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14178

--- Comment #2 from Gerrit Code Review  ---
Change 24525 merged by Anders Broman:
Add support to handle DNS retransmissions

https://code.wireshark.org/review/24525

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 13313] dns_time not calculated based on first request with same transaction ID as respons.

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13313

--- Comment #4 from Gerrit Code Review  ---
Change 24525 merged by Anders Broman:
Add support to handle DNS retransmissions

https://code.wireshark.org/review/24525

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14239] SSH remote capture command not terminated if no packets captured

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14239

Dario Lombardo  changed:

   What|Removed |Added

 CC||rkn...@gmail.com

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14239] SSH remote capture command not terminated if no packets captured

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14239

--- Comment #1 from Dario Lombardo  ---
I'd add Roland.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14239] SSH remote capture command not terminated if no packets captured

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14239

Dario Lombardo  changed:

   What|Removed |Added

 Status|UNCONFIRMED |CONFIRMED
 Ever confirmed|0   |1

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14240] SSH remote capture settings profiles

2017-11-22 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14240

--- Comment #1 from Dario Lombardo  ---
We discussed about this during the last sharkfest. At the moment you can use
the global wireshark profiles to save multiple ssh profiles.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

40 matches

Mail list logo