Re: [Wireshark-dev] wireshark seems to not correctly follow WPA2 rekeying

[Alexis La Goutte]

On Sun, Oct 12, 2014 at 12:35 PM, Alexis La Goutte
alexis.lagou...@gmail.com wrote:
 Hi Avery,

 On Sat, Oct 11, 2014 at 1:01 PM, Avery Pennarun apenw...@gmail.com wrote:
 Tested with wireshark 1.10.6 and 1.12.1.

 See attached pcap, which I've trimmed down to a minimally reproducible
 test case.  I created this by setting up hostapd to rekey very
 frequently:

 wep_rekey_period=10
 wpa_group_rekey=10
 wpa_strict_rekey=1
 wpa_gmk_rekey=9
 wpa_ptk_rekey=10

 And then attached a station to it, generating some traffic.

 For this test data, the SSID:password is TestSSID and 01234567.

 Here's what we see:
 - Packet #10-28: initial EAPOL exchange
 - Packet #29-164: some successfully decoded traffic
 - Packet #165-1308: group key rotation (probably not relevant, but
 just in case...)
 - Packet #1308-1430: more successfully decoded traffic
 - Packet #1431-1439: session key rotation
 - Packet #1442-end: traffic does *not* decode successfully.

 I would have expected that since the rekeying was captured correctly,
 wireshark would be able to continue decoding after the rekeying is
 completed.

 I captured this traffic on a Macbook Air (not participating in this
 interaction) with 'tcpdump -I.  For wireshark to decode the first
 part, I had to set Ignore the protection bit to Yes - with IV in
 Edit | Preferences | Protocols | IEEE 802.11.

 Note: I've confirmed that the station and AP were able to communicate
 during the entire session.  In case it matters, the client is a Linux
 box with ath9k and wpa_supplicant and the AP is a Linux box with
 ath10k and hostapd.

 It is possible to create a new bug on bugtracker ? (with pcap sample...)
 http://bugs.wireshark.org

 Does anyone have any suggestions for what I might be doing wrong, or
 if there is a bug in wireshark?  I'd be surprised if it simply can't
 handle rekeying and nobody has noticed.
 Do you have try oldest release ? (like 1.8 ?)

 I no sure if the rekeying is supported by Wireshark actually...


 Thanks!

 Avery

Avery,

it is possible to create a new issue with your pcap sample ?
 ___
 Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
 Archives:http://www.wireshark.org/lists/wireshark-dev
 Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
  mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

[Wireshark-dev] Gerrit StartSSL OpenID provider

[Peter Wu]

Hi,

Has anyone tried to link a StartSSL identity in Gerrit? I just tried to do so,
but get a 401 Unauthorized back in Gerrit.

Although not available in the UI, you can chose your own OpenID provider by
hitting one of the provider buttons (e.g. StartSSL), then cancel by hitting Esc
(Stop). Use Firebug to disable the submit event on the form and edit the hidden
form, then submit.

In my case, I chose for https://lekensteyn.startssl.com/ but now I have another
Anonymous Coward account which is not linked to my main identity.

Any suggestions to remove the Anonymous Coward account, and properly link my
StartSSL identity to Gerrit?
-- 
Kind regards,
Peter
https://lekensteyn.nl

___
Sent via:Wireshark-dev mailing list wireshark-dev@wireshark.org
Archives:http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe