forked from osmocom/wireshark
![]() This patch extends the existing decryption support for WPA to also handle rekeys by checking each decrypted packet for a 4-way-handshake. Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise (WPA-EAP). For decrypting WPA-EAP secured packets the user must provide all used PMK's of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark via the existing interface. (The capture must have all 4-way-handshakes included also, starting with the first unencrypted one.) Every decrypted unicast packet will habe the used PMK and TK shown in the CCMP/TKIP section below the key index in the GUI. Group packets will display the GTK instead. Additionally this fixes a small issue with group rekey handling, so every packet can be selected in the GUI in random order, removing the need to manually find the correct group keying packets prior to that. It was tested primary with WPA-CCMP, but TKIP is also working. One section in the code touch bluetooth 802.1X support. It should do exactly the same, but will now also examine all decypted packets for rekeys. Ping-Bug: 11172 Change-Id: I19d055581fce6268df888da63485a48326046748 Reviewed-on: https://code.wireshark.org/review/8268 Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com> Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Anders Broman <a.broman58@gmail.com> |
||
---|---|---|
.. | ||
baseline | ||
captures | ||
config | ||
keys | ||
lua | ||
README.test | ||
config.sh | ||
hosts.custom | ||
hosts.global | ||
hosts.personal | ||
suite-capture.sh | ||
suite-clopts.sh | ||
suite-decryption.sh | ||
suite-fileformats.sh | ||
suite-io.sh | ||
suite-nameres.sh | ||
suite-unittests.sh | ||
suite-wslua.sh | ||
test-backend.sh | ||
test.sh |
README.test
What is it? ----------- This is a collection of bash scripts which test the features of: - Wireshark - TShark - Dumpcap Motivation ---------- The command line options of Wireshark and the companion command line tools are numerous. This makes it hard to find newly introduced bugs doing manual testing (try and error) with source code changes. The current way is to do some changes, testing some scenarios by hand and commit the code so other users will complain about new problems. This obviously is far from being optimal. Limitations ----------- The test set currently provided will only do some basic tests, but even that is far better than nothing. This may involve in time as new tests can be added to fix problems reported by users. This will hopefully lead to a "complete" and reliable testset in the future. The tests are limited to command line tests, other things like unit tests or GUI test are not included. Prerequisites ------------- What you'll need (to do): - edit the file config.sh to suit your configuration - build the "all" target - build the "test-programs" target - have a bash (cygwin should do well) - have tput (e.g. in the cygwin ncurses package) - you'll need a network interface with some network traffic (so you can run the capture tests) - (for non-Windows platforms) An X server for running the capture tests with the graphical Wireshark program. A Test Ride ----------- The default configuration might not be suitable for your set-up. Most settings can be adjusted by setting an environment variable matching or by editing the setting in config.sh. For instance, the first network interface might not be used for traffic (like an unconnected Ethernet port). In that case, you might want to set the environment variable TRAFFIC_CAPTURE_IFACE to pick another interface. Use `dumpcap -D` to get a list of devices. On Windows, it is assumed that the user is able to perform captures. On non-Windows platforms, the opposite is assumed. If your dumpcap executable allows you to perform captures (for example, when it has appropriate capabilities), then you can override the default with: SKIP_CAPTURE=0 If you do not want to test the binaries in the build directory, you can override it with: WS_BIN_PATH=/usr/bin When your configuration is sane, you can start test.sh which should provide a basic menu. Just press Enter to start all tests. It should start all the available tests. Each test will throw out a line which should end with a green "Ok". If one of the tests fail, the script will report it and stop at this test step. Please remember to have some ICMP traffic on your network interface! The test suite will ping to www.wireshark.org while running capture tests, but this will slow down the tests.