Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2103] New: TCP dissector fail to handle heuristic dissecto

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 14 Dec 2007 12:59:15 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2103

           Summary: TCP dissector fail to handle heuristic dissectors for
                    mult segments (XOT)
           Product: Wireshark
           Version: 0.99.7
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: gerhard.nospam@xxxxxxxxx


Build Information:
Windows 0.99.7.pre2
Solaris 0.99.8 svn 23839 (own build)
Solaris 0.99.6 (own build)
--
Wireshark fails to dissect XOT packet where the XOT header spans two TCP
segments

See the example:
e1: 
  xot-x25-RR [OK]
  xot-x25-RR [OK]
  xot-x25 512Bytes, More set [NOK, listed as X25 single packet]
  3byte of XOT header [NOK, listed as TCP data]
e2:
  1byte of XOT+ X25 88 bytes (More not set) [lists the reassembled TCP, but not
handling as XOT]
e3: (TCP ack in other direction)
e4:
  XOT- X25 231 Bytes, More not set [NOK, reassembled 4 bytes from frame 2 and
88 bytes from frame 4]

The problem is that XOT uses a heuristic dissector and tcp_dissect_pdu is not
adapted to that.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube