[Wireshark-bugs] [Bug 15240] New: Adequate and valid filter does not produce target.

Fri, 26 Oct 2018 05:10:05 -0700 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15240

            Bug ID: 15240
           Summary: Adequate and valid filter does not produce target.
           Product: Wireshark
           Version: 2.6.2
          Hardware: x86
                OS: Fedora
            Status: UNCONFIRMED
          Severity: Normal
          Priority: Low
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: ricky.t...@gmail.com
  Target Milestone: ---

Created attachment 16682
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16682&action=edit
curl commands involving POST request and hostname 'wireshark.org'

Build Information:
Wireshark 2.6.2 (v2.6.2)

Compiled (64-bit) with Qt 5.11.1, with libpcap, with POSIX capabilities
(Linux),
with libnl 3, with GLib 2.57.1, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.13.0, with Lua 5.1.5, with GnuTLS 3.6.3, with Gcrypt 1.8.3, with MIT
Kerberos,
with MaxMind DB resolver, without nghttp2, without LZ4, without Snappy, without
libxml2, with QtMultimedia, without SBC, without SpanDSP, without bcg729.

Running on Linux 4.18.16-300.fc29.x86_64, with Intel(R) Core(TM) i5 CPU       M
430  @ 2.27GHz (with SSE4.2), with 3733 MB of physical memory, with locale
fi_FI.UTF-8, with libpcap version 1.9.0-PRE-GIT (with TPACKET_V3), with GnuTLS
3.6.4, with Gcrypt 1.8.3, with zlib 1.2.11, binary plugins supported (0
loaded).
--
To reproduce – Run commands

$ curl -vOLX POST https://www.wireshark.org/download/docs/wsdg_html.zip
(It downloads 191 319 B sized file)

$ curl --request POST -v -output https://www.wireshark.org

Wireshark filter: '(ssl.handshake.type == 1) && (ssl.record.version == 0x304)'.

Actual result: no eligible target.

Expected result: eligible target to be present. Presence of TLS v.1.3 as SSL
record version is illustrated by that curl command:

$ curl -vOLX POST https://www.wireshark.org/download/docs/wsdg_html.zip
(...)
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, [no content] (0):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3723 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [80 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, [no content] (0):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]

Additional information:

$ curl -V
curl 7.61.1 (x86_64-redhat-linux-gnu) libcurl/7.61.1 OpenSSL/1.1.1 zlib/1.2.11
brotli/1.0.5 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5)
libssh/0.8.3/openssl/zlib nghttp2/1.34.0

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to