https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3710
Summary: Dissector mistake with LLC SNAP I frames
Product: Wireshark
Version: 1.2.0
Platform: Other
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: rjgodoy@xxxxxxxxxxxxxxx
Created an attachment (id=3321)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3321)
captured frame where the bug happens
Build Information:
Version 1.2.0 (SVN Rev 28753)
Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 15 2009), with
AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1
beta4
(packet.dll version 4.1.0.1237), based on libpcap version 1.0 - branch, GnuTLS
2.8.1, Gcrypt 1.4.4, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729
--
When using LLC-SNAP and I-frames (instead of U-frames) the LLC-SNAP dissector
confuses the start of the SNAP-OUI.
Note that I-frames carry a 2-byte control field, instead of the 1-byte control
field of S-frames and U-frames.
The dissector takes the most significative byte of OUI from the second byte of
the LLC control field.
In the attached example, it shows the OUI as 0x010000 instead of 0x000000
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
