Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 1666] New: Segmented SIP message was not decoded as SIP

Date: Mon, 25 Jun 2007 15:18:23 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1666

           Summary: Segmented SIP message was not decoded as SIP
           Product: Wireshark
           Version: 0.99.4
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: hongzhan@xxxxxxxxx


Build Information:
Version 0.99.4 (SVN Rev 19757)

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown), with
libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.3.1, with ADNS, with Lua 5.1,
with
GnuTLS 1.5.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio <= V18, with
AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 3.1
(packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x], without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
If the SIP message is too big, the endpoint segments it to send it through TCP
packets. After capturing it, Wireshark can display the whole SIP message.
However if I saved the file by filtering out only saving the SIP message. The
wireshark only saved the 2nd half of SIP message, because the 1st half of the
SIP message was decoded as TCP message not SIP message.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.