[IPP] Report on Wireshark IPPS issues...

[IPP] Report on Wireshark IPPS issues...

Kennedy, Smith (Wireless & Standards Architect) smith.kennedy at hp.com
Wed Jan 16 15:31:43 UTC 2019 

Hi Mike,

Thanks for looking into that!

A slightly different problem I had previously observed with Wireshark releases that included your updated IPP dissector (starting with 2.4?) was that when IPP traffic captured communicating with an IPP Printer listening on a non-standard port (some port other than TCP 631) weren't being recognized as IPP for some reason. This happens a lot when sniffing ippserver. But I just tested this with Wireshark 2.6.5 and 2.6.6 and both seem to be working as I would expect. Just wanted to close the loop on that.

Cheers for the work!

Smith

/**
    Smith Kennedy
    Chair, IEEE ISTO Printer Working Group
    HP Inc.
*/


> On Jan 16, 2019, at 6:57 AM, Michael Sweet <msweet at apple.com> wrote:
> 
> All,
> 
> I've done some testing with the current stable version of Wireshark on macOS to determine what is going on with IPPS support (one of my long-standing action items...)
> 
> The short of it is this: I am able to successfully decrypt IPPS traffic when I have the private key of the printer and RSA is used for the initial handshake. However, if a more secure handshake is in use (e.g. ECDHE) that provides forward secrecy, this all breaks because, well, that's the nature of the security offered by TLS... :) Short of getting a printer to log its session key (not something I'd recommend in production firmware!), there isn't anything that can be done in Wireshark to "fix" this.
> 
> I've filed a Github issue to track a possible future ipptool feature to log all network traffic to a file (decrypted) for analysis:
> 
> https://github.com/istopwg/ippsample/issues/168 <https://protect-us.mimecast.com/s/qd3iCVOrBrcqLo0wsy-2_L?domain=github.com>
> 
> _________________________________________________________
> Michael Sweet, Senior Printing System Engineer
> 
> _______________________________________________
> ipp mailing list
> ipp at pwg.org
> https://www.pwg.org/mailman/listinfo/ipp <https://protect-us.mimecast.com/s/4P7uCW6vDvhrgmz9tnNAOw?domain=pwg.org>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pwg.org/pipermail/ipp/attachments/20190116/ecdda7f8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4263 bytes
Desc: not available
URL: <http://www.pwg.org/pipermail/ipp/attachments/20190116/ecdda7f8/attachment.p7s>

More information about the ipp mailing list