Skip to content
Snippets Groups Projects
New look: Off

Wireshark 1.2.1 crashes on Windows when when capturing or attempt to open a file containing TLS 1.2 conversation

    • Closed Issue created by Wireshark GitLab Migration @ws-gitlab-migration

    This issue was migrated from bug 4008 in our old bug tracker.

    Original bug information:

    Reporter: Adrian Dimcev
    Status: RESOLVED FIXED
    Product: Wireshark
    Component: GTK+ UI
    OS: Windows XP
    Platform: x86-64
    Version: 1.2.1

    Attachments:

    captures.zip: Zip archive containing two captures.

    To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

    Child items ...

    • Activity

    • Wireshark GitLab Migration
      Wireshark GitLab Migration @ws-gitlab-migration ·
      Author

      :speech_balloon: Adrian Dimcev said:

      Build Information: Version 1.2.1 (SVN Rev 29141) Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown), with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8, with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with AirPcap. Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1 beta5 (packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1, Gcrypt 1.4.4, without AirPcap. Built using Microsoft Visual C++ 9.0 build 30729

      Wireshark, version bellow(different Windows OS), crashes when capturing or attempt to open a file containing TLS 1.2 conversation, for example see the attached captures(within the zip archive).

Version 1.2.1 (SVN Rev 29141)
Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1 beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729

or

Version 1.2.1 (SVN Rev 29141)
Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.
Running on Windows Server 2003 Service Pack 2, build 3790, with WinPcap version
4.1 beta5 (packet.dll version 4.1.0.1452), based on libpcap version 1.0.0,
GnuTLS 2.8.1, Gcrypt 1.4.4, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729

or

Version 1.2.1 (SVN Rev 29141)

Compiled with GTK+ 2.14.7, with GLib 2.18.4, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, without libpcre, without SMI,
without c-ares, without ADNS, with Lua 5.1, without GnuTLS, without Gcrypt,
without Kerberos, without GeoIP, with PortAudio V19-devel (built Jul 19 2009),
without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Windows Vista, build 7600, with WinPcap version 4.1 beta5 (packet.dll
version 4.1.0.1452), based on libpcap version 1.0.0.

Built using Microsoft Visual C++ 9.0 build 30729


The captures were taken on a Debian VM(using promiscous mode) which did not crashed, running:
Version 1.0.2
Compiled with GTK+ 2.12.12, with GLib 2.16.6, with libpcap 0.9.8, with libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.6, without SMI, with
ADNS, with Lua 5.1, with GnuTLS 2.4.2, with Gcrypt 1.4.1, with MIT Kerberos,
with PortAudio V19-devel (built Oct 12 2008), without AirPcap.
Running on Linux 2.6.26-2-amd64, with libpcap version 0.9.8.
Built using gcc 4.3.2.


Also I can open the attached captures on an Ubuntu 9 Desktop VM using a built from source version like:
Version 1.2.1
Compiled with GTK+ 2.16.1, with GLib 2.20.1, with libpcap 1.0.0, with libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, without GnuTLS, without Gcrypt, without
Kerberos, without GeoIP, without PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on Linux 2.6.28-15-generic, with libpcap version 1.0.0.
Built using gcc 4.3.3.


You may duplicate the problem if you have an Windows 7 machine, use IE8 and configure from Tools\Internet Option\Advanced, select only 'Use TLS 1.2' and go to a web server capable of using TLS 1.2 like https://tls.woodgrovebank.com, and take a capture on that machine itself or on another machine(XP, Windows 2003) using promiscuous mode.
Or if you have on a (XP) machine GnuTLS installed, use gnutls-cli with a command like:
gnutls-cli --priority NONE:+VERS-TLS1.2:+AES-256-CBC:+RSA:+SHA256:+COMP-NULL --x509cafile 'CA file' tls.woodgrovebank.com --insecure
and capture the traffic on that machine.
    • Wireshark GitLab Migration added oswindows uigtk version1.2 labels

      added oswindows uigtk version1.2 labels

    • Wireshark GitLab Migration
      Wireshark GitLab Migration @ws-gitlab-migration ·
      Author

      :speech_balloon: Adrian Dimcev said:

      Created attachment 3652 Zip archive containing two captures.

      Zip archive containing two captures.

    • Wireshark GitLab Migration
      Wireshark GitLab Migration @ws-gitlab-migration ·
      Author

      :speech_balloon: Jaap Keuter said:

      Fixed in revision 29906.

    • Wireshark GitLab Migration closed

      closed

    Please register or sign in to reply