tcpdump mailing list archives
Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5
From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Tue, 05 Oct 2004 09:39:12 -0400
-----BEGIN PGP SIGNED MESSAGE-----
"Guy" == Guy Harris <guy () alum mit edu> writes:
>> Are there any positive or negative reactions to this? Will
>> somebody fix it?
Guy> I'd check in the patch if somebody resolved the issue
Guy> either by saying that 12 is the right authlen for all
Guy> encryption algorithms, saying it's not and supplying a way
Guy> (including a patch) to figure out what the right authlen is, or
Guy> saying it's not, saying you can't determine it from the packet
Guy> contents, and supplying a patch to add the authentication
I was puzzled by the report, since I wrote the code and use the code
in a zillion test cases, but willing to accept it that maybe I never
cared if the end of the packet was correctly determined.
Well, actually, you can't find the next-header value if you don't
remove the authentication data.
The test case tests/esp1.sh does:
tcpdump -t -n -E "0x12345678@192.1.2.45 3des-cbc-hmac96:0x4043434545464649494a4a4c4c4f4f515152525454575758" -r
02-sunrise-sunset-esp.pcap
I'm confused about the statement that the authlen isn't set.
Perhaps it is really that the algorithm has not been set correct by th
reporters.
- --
] "Elmo went to the wrong fundraiser" - The Simpson | firewalls [
] Michael Richardson, Xelerance Corporation, Ottawa, ON |net architect[
] mcr () xelerance com http://www.sandelman.ottawa.on.ca/mcr/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Finger me for keys
iQCVAwUBQWKj/4qHRg3pndX9AQGlKQQAhBAE+iVPn0qA5xHN0TRirFK+GBAfFYFQ
t1/Ilp9rTQBVgzg6NyKAmT9NZbgFrU7tqjcV4FSRr8l/MQjLJkmIQhTFOELPqMqZ
Y9G5Qf7Kwaey9WKJ2dA0KTUx9BN2aP+2H2kv2tPF+pjHZA5qX3x+7VrR6hXX79Qa
Gs1Od8uvE+4=
=y0SG
-----END PGP SIGNATURE-----
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Current thread:
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Guy Harris (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Richardson (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Richardson (Oct 05)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Michael Mueller (Oct 06)
- Re: tcpdump -E doesn't work for 3des-cbc/hmac-md5 Guy Harris (Oct 05)