ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 5551] New: ICMP Type Code wrong

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 6 Jan 2011 08:17:24 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5551

           Summary: ICMP Type Code wrong
           Product: Wireshark
           Version: 1.2.1
          Platform: x86
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: skeetabomb@xxxxxxxxx


Created an attachment (id=5704)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5704)
Screenshot of ICMP packet with incorrect Type/Code values in columns.

Build Information:
Version 1.2.1 (SVN Rev 29141)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.1, Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Custom GUI Preferences:
Added columns to display 'icmp.type' and 'icmp.code'

Scenario:
Running IPv4 ICMP packet capture.

Event:
ICMP Time-to-live-exceeded packet captured (ICMP Type 11 Code 0) in response to
a ping packet (ICMP Echo Request - Type 8 Code 0).

Buggy Behaviour (Queen's English):
The actual values displayed in the 'icmp.type' and 'icmp.code' columns are
(Type) '8' and (Code) '0' respectively, whereas they should technically be '11'
and '0' respectively for 'this' packet. The Information column reads correctly
that 'this' packet is an ICMP TTL Exceeded packet.

I think this is misleading and confusing behaviour.

Forgive me if this has been fixed in subsequent code versions. I have the
latest elsewhere and will check this capture against that to see if it still
decodes these columns with incorrect values.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube