Wireshark mailing list archives
Wireshark or protocol bug? (HTTP MIME multipart)
From: Kaul <mykaul () gmail com>
Date: Sun, 24 Oct 2010 12:08:18 +0200
I'm trying to add dissection of Kerberos encrypted HTTP sessions. Mostly, it's OK (got the headers parsed correctly, would file a BZ for this patch soon). However, when I'm trying to work with the body, which is a MIME multipart, it fails with exception. The reason seems to be that it does not have the double CRLF which is expected between headers and body of a MIME (?): imf_find_field_end() seems to fail to find additional CRLF - before the binary data (which is actually a Kerberos blob) appears. Attached please find a small capture showing the problem - not sure who's fault it is - or if it's fixable somehow in Wireshark. See packet 8 (dissect as HTTP please). Regards, Y.
Attachment:
kerberos_http_mark.pcap
Description:
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark or protocol bug? (HTTP MIME multipart) Kaul (Oct 24)
- Re: Wireshark or protocol bug? (HTTP MIME multipart) Jaap Keuter (Oct 25)
- Re: Wireshark or protocol bug? (HTTP MIME multipart) Kaul (Oct 25)
- Re: Wireshark or protocol bug? (HTTP MIME multipart) Anders Broman (Oct 26)
- Re: Wireshark or protocol bug? (HTTP MIME multipart) Kaul (Oct 26)
- Re: Wireshark or protocol bug? (HTTP MIME multipart) Jaap Keuter (Oct 26)
- Re: Wireshark or protocol bug? (HTTP MIME multipart) Kaul (Oct 25)
- Re: Wireshark or protocol bug? (HTTP MIME multipart) Jaap Keuter (Oct 25)