aboutsummaryrefslogtreecommitdiffstats
path: root/test/captures
AgeCommit message (Collapse)AuthorFilesLines
2016-02-04[text2pcap] Fix parsing of hash sign at the end of the lineVasil Velichckov1-0/+10
Change-Id: I4ff1ef28aba353fd7548cb5c0603fc29479aa854 Reviewed-on: https://code.wireshark.org/review/13294 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-02-04[airpdcap] Add support to decrypt TDLS trafficCedric Izoard1-0/+0
- When scanning for keys, check for TDLS action frames (need to have TLDS response or confirm to derive the key) - When deriving PTK, also check MIC to ensure the key has been correctly computed. - As SA is between two STAs (and not STA and AP), store highest MAC address in sa.bssid, and the other one in sa.sta => Add new function (AirPDcapGetSaAddress) that will check for TDLS case. - Add test in decryption suite Bug: 11312 Change-Id: Ieccb6a23a0ffbf3b705dac9b67c856ae2d3eeca9 Reviewed-on: https://code.wireshark.org/review/13664 Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2016-01-14test: Add test in decryption test suite for 802.11wCedric Izoard1-0/+0
- Add a test to check decryption of management frames Bug: 11995 Change-Id: I588d0f17b9e5efc841266b9dae4764e5e931be3f Reviewed-on: https://code.wireshark.org/review/13259 Reviewed-by: Graham Bloice <graham.bloice@trihedral.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Michael Mann <mmann78@netscape.net>
2015-11-09WPA/WPA2 decoding fixes and improvementsAlexander Wetzel1-0/+0
- start decoding when we have eapol1+2 packets Do not insist on a complete captured handshake, decode what we can. - more robust way to detect eapol #2 packets At least Win 10 is violating the spec on rekey by setting the secure bit in #2. Unpatched version shows and handles #2 as #4, breaking decoding after rekey. - fixed eapol rekey key handling Inital patch (see https://code.wireshark.org/review/8268) is adding redundant keys, since it scans all the time and not only once. - ignore tailing garbage after eapol sections in frame See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9065#c8 Included testcase to test decode for incomplete handshakes and eapol2 packets with secure bit set on rekey. Ping-Bug: 9065 Change-Id: Id775088db9b5aaa80da9efdeed6902d024b5c0cd Reviewed-on: https://code.wireshark.org/review/11484 Reviewed-by: Michael Mann <mmann78@netscape.net> Petri-Dish: Michael Mann <mmann78@netscape.net> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2015-08-19Mergecap: add test suite for various merging scenariosHadriel Kaplan3-0/+0
Add a test suite for mergecap (and indirectly capinfos I guess). This is not exhaustive, but it's a start. Change-Id: I9442b4c32e31a74b1673961ad6ab50821441de3e Reviewed-on: https://code.wireshark.org/review/10082 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-07-15ssl-utils: fix failing decryption for some RSA keysPeter Wu1-0/+0
Reported at https://ask.wireshark.org/questions/43788/struggling-to-decrypt-ssl "u" requirement is documented at https://www.gnupg.org/documentation/manuals/gcrypt/RSA-key-parameters.html#RSA-key-parameters Add regression test (key is generated manually with p and q swapped and qInv recalculated). Change-Id: I5505ddcdb54bb47d7a58867b8c3e53fcc0f66dde Reviewed-on: https://code.wireshark.org/review/9573 Tested-by: Peter Wu <peter@lekensteyn.nl> Reviewed-by: Peter Wu <peter@lekensteyn.nl>
2015-06-04SSL: Add support for private key password when decryptingKevin Grigorenko1-0/+0
SSL traffic from tshark with -o ssl.keys_list. For example, as used in a new test also added in this commit: -o "ssl.keys_list: 127.0.0.1,9131,http,$TEST_KEYS_DIR/key.p12,WebAS" Change-Id: Ia6960fa4ae88182277f6d22d84ec9170ea74d54e Reviewed-on: https://code.wireshark.org/review/8746 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2015-05-08IEEE 802.11: 802.1X (WPA-EAP) rekeying supportdeagol1-0/+0
This patch extends the existing decryption support for WPA to also handle rekeys by checking each decrypted packet for a 4-way-handshake. Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise (WPA-EAP). For decrypting WPA-EAP secured packets the user must provide all used PMK's of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark via the existing interface. (The capture must have all 4-way-handshakes included also, starting with the first unencrypted one.) Every decrypted unicast packet will habe the used PMK and TK shown in the CCMP/TKIP section below the key index in the GUI. Group packets will display the GTK instead. Additionally this fixes a small issue with group rekey handling, so every packet can be selected in the GUI in random order, removing the need to manually find the correct group keying packets prior to that. It was tested primary with WPA-CCMP, but TKIP is also working. One section in the code touch bluetooth 802.1X support. It should do exactly the same, but will now also examine all decypted packets for rekeys. Ping-Bug: 11172 Change-Id: I19d055581fce6268df888da63485a48326046748 Reviewed-on: https://code.wireshark.org/review/8268 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2015-01-27Lua: Expose tcp_dissect_pdus() to LuaHadriel Kaplan1-0/+0
Provide a way for Lua-based dissectors to invoke tcp_dissect_pdus() to make TCP-based dissection easier. Bug: 9851 Change-Id: I91630ebf1f1fc1964118b6750cc34238e18a8ad3 Reviewed-on: https://code.wireshark.org/review/6778 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Tested-by: Hadriel Kaplan <hadrielk@yahoo.com>
2015-01-20HTTP2: Add HPACK decode to test suiteAlexis La Goutte1-0/+0
Change-Id: Ic84942b78a795974d6e2023751245ad98b8f1142 Reviewed-on: https://code.wireshark.org/review/6415 Reviewed-by: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-09-24test: add decryption test for isakmp with certificatesAlex Badea1-0/+0
This was suggested in review 2297. Capture and key are from bug 7951. Bug: 7951 Change-Id: I820c5e839b20ec464cc1be438633d5311f657fb2 Signed-off-by: Alex Badea <abadea@ixiacom.com> Reviewed-on: https://code.wireshark.org/review/4143 Reviewed-by: Evan Huus <eapache@gmail.com>
2014-03-26Add filterable expert info for LuaHadriel Kaplan1-0/+0
This adds the ability for a Lua script to register expert info fields, similar to C-code dissectors. This change also removes the need for the expert_add_info_format_internal() function. Existing Lua scripts do not have to change, because the existing expert info function uses the internal "_ws.lua" protocol instead of nothing; but using the new functionality provides more benefits since it correctly registers the expert info fields to the dissector's protocol. The test suite was amended to generate both old and new forms. Change-Id: Ib5ae74e927cfa81312baf7b04ff4104b0b4f936e Reviewed-on: https://code.wireshark.org/review/830 Reviewed-by: Evan Huus <eapache@gmail.com> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-03-19Fix lua file testsuite not working and weak heuristic readers not being ↵Hadriel Kaplan1-0/+0
registered The testsuite for Lua file reader/writer uses the acme_file.lua script to generate a pcapng file from an Acme sipmsg.log file. It then compares the tshark verbose output of this new pcapng file to a sip.pcapng file in the test/captures directory that was previously made. Unfortunately, the acme_file.lua script generates a timestamp based on local system timezone, rather than UTC, so the testsuite fails if not run in the EST timezone where the sip.pcapng file was originally made. This has now been fixed. Also, trying to register new weak heuristic readers fails because the GArray is terminated with a NULL-based row without Glib knowing about that. So this commit changes it to let Glib handle the NULL-terminated row, so that appending takes it into account automatically. Change-Id: I037ce1cfbda03585b3a1e159df78ff8ebb41fc32 Reviewed-on: https://code.wireshark.org/review/741 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2014-03-19Add capture file reader/writer support for Lua so scripts can implement new ↵Michael Mann2-0/+136
capture file formats. This enables a Lua script to implement a brand new capture file format reader/writer, so that for example one could write a script to read from vendor-specific "logs" of packets, and show them as normal packets in wireshark. Change-Id: Id394edfffa94529f39789844c382b7ab6cc2d814 Reviewed-on: https://code.wireshark.org/review/431 Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com> Reviewed-by: Michael Mann <mmann78@netscape.net> Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-03-14Add Lua heuristic dissector supportHadriel Kaplan1-0/+0
This adds the ability for Lua scripts to register heuristic dissectors for any protocol that has registered a heuristic dissector list, such as UDP, TCP, and ~50 others. The Lua function can also establish a conversation tied to its Proto dissector, to avoid having to check the heuristics for the same flow. The example dissector in the testsuite has also been enhanced to include a heuristic dissector, to verify the functionality and provide an example implementation. Change-Id: Ie232602779f43d3418fe8db09c61d5fc0b59597a Reviewed-on: https://code.wireshark.org/review/576 Reviewed-by: Anders Broman <a.broman58@gmail.com>
2014-03-13add a test for SSL/TLS decryption using the master secretMartin Kaiser1-0/+0
rename the existing SSL test to clarify that it uses the server's private key for decryption Change-Id: I13598fc4cf724b144a8f27bfa7a3316acfc78728 Reviewed-on: https://code.wireshark.org/review/640 Reviewed-by: Martin Kaiser <wireshark@kaiser.cx> Tested-by: Martin Kaiser <wireshark@kaiser.cx>
2014-02-21Add test suite for verifying Lua global variables/tables of previous ↵Hadriel Kaplan1-0/+0
releases have not disappeared. Several bugs have been introduced due to changing of perl scripts or #define names, such that things exported into Lua have dissapeared or changed unintentionally. This commit adds a test suite which compares the Lua global table with the ones from previous releases (1.8 and 1.10), to verify nothing has gone missing. New items can be added, but old ones cannot go away. The added script to verify these things, called 'verify_globals.lua', also has the ability to display what's new - i.e., what was not in the olrder releases. Lastly, this commit also fixes a bug: MENU_STAT_ENDPOINT became MENU_STAT_ENDPOINT_LIST due to a change in the make-init-lua.pl perl script in this 1.11 release. Change-Id: Iba143d1a436e706970635a5f8cc2b317955392bf Reviewed-on: https://code.wireshark.org/review/284 Reviewed-by: Evan Huus <eapache@gmail.com> Tested-by: Evan Huus <eapache@gmail.com>
2014-02-21Revert "Add test suite for verifying Lua global variables/tables of previous ↵Evan Huus1-0/+0
releases have not disappeared." This reverts commit 5b7f00178f45149ecdce204f1c71c1598ceedac1. Change-Id: Idf09d25270847970713b67d02bcd7cbc411a4e9c Reviewed-on: https://code.wireshark.org/review/280 Reviewed-by: Evan Huus <eapache@gmail.com>
2014-02-21Add test suite for verifying Lua global variables/tables of previous ↵Hadriel Kaplan1-0/+0
releases have not disappeared. Several bugs have been introduced due to changing of perl scripts or #define names, such that things exported into Lua have dissapeared or changed unintentionally. This commit adds a test suite which compares the Lua global table with the ones from previous releases (1.8 and 1.10), to verify nothing has gone missing. New items can be added, but old ones cannot go away. The added script to verify these things, called 'verify_globals.lua', also has the ability to display what's new - i.e., what was not in the olrder releases. Lastly, this commit also fixes a bug: MENU_STAT_ENDPOINT became MENU_STAT_ENDPOINT_LIST due to a change in the make-init-lua.pl perl script in this 1.11 release. Change-Id: Ic46172904256dc535b0fe4543237c07dddb3b9b5 Reviewed-on: https://code.wireshark.org/review/242 Reviewed-by: Evan Huus <eapache@gmail.com>
2014-02-09Add test suite for Lua dissector-related functionsHadriel Kaplan1-0/+0
This isn't super-fancy, but it runs a simple protocol dissector and verifies the tshark output matches what it expects. Things like Proto, ProtoField, Field, Tvb, TvbRange, etc., are used in an example dissector script - it dissects DNS... partially. Enough to make sure things aren't fundamentally broken. This provides something to add on top of later as well. Change-Id: Icf3c8e9534944bcf4c4f6150f02a9a43f999cd75 Reviewed-on: https://code.wireshark.org/review/126 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
2013-12-07add a decryption test for DVB-CI to the testsuiteMartin Kaiser1-0/+0
svn path=/trunk/; revision=53830
2013-10-09From Ed Beroset via https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9238Evan Huus1-0/+0
Add test for ANSI C12.22 decryption. svn path=/trunk/; revision=52469
2013-05-31nameres.hosts_file_handling shouldn't affect loading the profile "hosts"Gerald Combs1-0/+0
file. That should be loaded no matter what if we have name resolution enabled. Add a name resolution test suite. Currently disabled until I can test it on Windows. svn path=/trunk/; revision=49657
2012-04-02Add a test for Zigbee. Compress the 802.11 capture. Fix an error message.Gerald Combs3-0/+0
svn path=/trunk/; revision=41898
2012-04-02Add a test for DTLS decryption.Gerald Combs1-0/+0
svn path=/trunk/; revision=41896
2012-03-30Add a WPA PSK decryption test.Gerald Combs1-0/+0
svn path=/trunk/; revision=41865
2012-03-30rsasnakeoil2 is a PCAP file; name it .pcap for consistency. Set SVN ↵Jeff Morriss1-0/+0
properties appropriately. svn path=/trunk/; revision=41858
2012-03-30Add a decryption test suite along with an SSL decryption test. Move ourGerald Combs5-0/+0
growing collection of capture files to a subdirectory. svn path=/trunk/; revision=41852