Re: TCP data PDU decoding fails depending on TCP options field?

[Fulko Hew <fulko.hew () gmail com>]

On Fri, Oct 1, 2010 at 2:18 PM, Sake Blok <sake () euronet nl> wrote:

> On 1 okt 2010, at 19:53, Fulko Hew wrote:
>
> > Imagine my surprise when Wireshark failed to decode the
> > AgentX protocol inside some captured packets.  It all
> > depends on where the packets originated from (which OS).
> >
> > Attached are two capture sessions of AgentX traffic.
> >
> > One decodes... Between a Linux box and a Linux box.
> > One doesn't... Between a Windows box and a Linux box.
> >
> > I'm not sure what triggers the failure, but in one case
> > Wireshark successfully decodes the AgentX traffic inside
> > the TCP PDU and in the other case it doesn't.  The top
> > protocol window (when it doesn't decode) also tags the
> > packets as '[TCP segment of a reassembled PDU]'
>
> The difference is that in the non-working example, there is a flag that
> indicates that multibyte values are in BigEndian representation and the
> agentX dissector does not seem to honor this. When it then sees "00 00 00
> 20" as length, it does not interpret this as 32 bytes, but as 536870912. So
> then it tries to read that many bytes to reassemble the PDU. Of course it
> fails at that.
>
> Could you please open a bug report at http://bugs.wireshark.org and attach
> the two tracefiles so that we don't lose track of it?

Done, bugzilla entry #5269 submitted.

 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5269

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe