Thank you Christian for the sponsorship, the test environment and the commands.
The first test that is failing looks for a string phrase (test/suite_decryption.py @ line 271 self.assertTrue(self.grepOutput('Who has 192.168.1.1')) ). I put a line of debug in the countOutput function (test/subprocesstest.py) to check what was the output from the tshark command executed before... it shows 192.168.5.1 (among others, but always 192.168.5.*):
line is -- 38 12.586605105 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
line is -- 25 10.547097155 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
line is -- 32 11.562579505 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
line is -- 38 12.586605105 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
line is -- 21 15.399324999 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
line is -- 32 16.402513535 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
line is -- 50 17.426588527 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
root@j-wireshark1:~/wireshark-3.6.2/obj-s390x-linux-gnu#
root@j-wireshark1:~/wireshark-3.6.2/obj-s390x-linux-gnu#
root@j-wireshark1:~/wireshark-3.6.2/obj-s390x-linux-gnu#
root@j-wireshark1:~/wireshark-3.6.2/obj-s390x-linux-gnu#
root@j-wireshark1:~/wireshark-3.6.2/obj-s390x-linux-gnu# grep Who miriam.log | wc -l
72
root@j-wireshark1:~/wireshark-3.6.2/obj-s390x-linux-gnu# grep Who miriam.log | grep 192.168.5 | wc -l
72
I checked that, in that entire test/suite_decryption.py file, all the asserts checking for verification of the GTK are with addresses 192.168.5.* except this. I'm wondering if this is intentional or not in the middle of my no-knowledge and inexpertise in tshark, although, on the other hand, the test passes in arm64 (I didn't see it neither the suite launched for other architectures)...
throws 192.168.5.* instead of 192.168.1.* are very welcome (or if you have concerns/suspicious about why this particular case is looking for the 192.168.1.1).
Thank you Christian for the sponsorship, the test environment and the commands.
The first test that is failing looks for a string phrase (test/suite_ decryption. py @ line 271 self.assertTrue (self.grepOutpu t('Who has 192.168.1.1')) ). I put a line of debug in the countOutput function (test/subproces stest.py) to check what was the output from the tshark command executed before... it shows 192.168.5.1 (among others, but always 192.168.5.*):
line is -- 38 12.586605105 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168. wireshark1: ~/wireshark- 3.6.2/obj- s390x-linux- gnu# wireshark1: ~/wireshark- 3.6.2/obj- s390x-linux- gnu# wireshark1: ~/wireshark- 3.6.2/obj- s390x-linux- gnu# wireshark1: ~/wireshark- 3.6.2/obj- s390x-linux- gnu# wireshark1: ~/wireshark- 3.6.2/obj- s390x-linux- gnu# grep Who miriam.log | wc -l wireshark1: ~/wireshark- 3.6.2/obj- s390x-linux- gnu# grep Who miriam.log | grep 192.168.5 | wc -l
5.5? Tell 192.168.5.1--
line is -- 25 10.547097155 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
line is -- 32 11.562579505 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
line is -- 38 12.586605105 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
line is -- 21 15.399324999 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
line is -- 32 16.402513535 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
line is -- 50 17.426588527 02:00:00:00:00:00 → ff:ff:ff:ff:ff:ff ARP 110 Who has 192.168.
5.5? Tell 192.168.5.1--
root@j-
root@j-
root@j-
root@j-
root@j-
72
root@j-
72
I checked that, in that entire test/suite_ decryption. py file, all the asserts checking for verification of the GTK are with addresses 192.168.5.* except this. I'm wondering if this is intentional or not in the middle of my no-knowledge and inexpertise in tshark, although, on the other hand, the test passes in arm64 (I didn't see it neither the suite launched for other architectures)...
Any ideas from anyone on why the command
tshark -o "wlan.enable_ decryption: TRUE" -r wireshark- 3.6.2/test/ captures/ wpa2-ft- eap.pcapng. gz -Y 'wlan.analysis.tk == 65471b64605bf2a 04af296284cb4ae 2a || wlan.analysis.gtk == 1783a5c28e046df 6fb58cf4406c4b2 2c'
throws 192.168.5.* instead of 192.168.1.* are very welcome (or if you have concerns/suspicious about why this particular case is looking for the 192.168.1.1).
Thanks!
P.S. In the meantime, reviewing the https:/ /www.wireshark. org/docs/ wsdg_html_ chunked/ ChapterTests. html