ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4014] ICMP: Add ID and seq # to Info column

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 16 Sep 2010 07:45:57 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4014

--- Comment #22 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2010-09-16 07:45:56 PDT ---
(In reply to comment #19)
> We could add an icmp preference item to let the user disable that heuristic and
> to display both the big and little endian representations.  It may be worth
> "overloading" the display filter field for both the little and big endian
> representations so the user doesn't have to think of which to type in, similar
> to how I did that with the TCP window size recently (assigning the value from
> the packet and the optional scaled window size as the same display filter).

If we use heuristics for guessing at the endian-ness of the sequence number,
maybe we should reduce the less-than-value comparison of the identifier field I
used in the patch from 10 to 5, since 4 is the largest currently seen
identifier used on Windows.  It would also further lower the chance that a
valid process ID used for the identifier on Linux would be misinterpreted. 
i.e., only pings with process ID of 0, 256, 512, 768 or 1024 could possibly
fool the heuristics ... that is until/unless Windows ping changes its current
identifier assignment.

Of course there may be many more implementations out there on other OS's I'm
not aware of that may use an entirely different value for the identifier field,
so there's always the chance that these heuristics will fail in those cases. 
And unfortunately, no heuristics I can think of will be able to reliably guess
at the endian-ness of the identifier field itself, particularly due to the
recent iputils-s20100214 fix, so that one may have to remain displayed in big
endian hex format even if heuristics are introduced for the sequence number.

So, all that aside, is it worth adding the heuristic with a preference to
disable it?  Seems like it to me, but I'll leave it up to the better judgment
of the Wireshark experts to decide.

And if you can overload the sequence number display filter field to make it
easier for the user, then I think that would be useful.  But I guess that would
only work if we do end up using heuristics and only display the sequence number
in one format or the other and not both, is that right?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube