Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 5651] New: TCP analysis is not performed if options field

Date: Thu, 3 Feb 2011 07:57:32 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5651

           Summary: TCP analysis is not performed if options field has
                    been truncated
           Product: Wireshark
           Version: 1.5.x (Experimental)
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: turney_cal@xxxxxxx


Build Information:
Version 1.5.1 (SVN Rev Unknown from unknown)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.16.6, with GLib 2.24.2, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Jan
25 2011), with AirPcap.

Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 10.0 build 30319


--
The minimum TCP header length with one TCP option is 32.  If it's > 20 but <
32, the capture has been frame-sliced. If so, the code that dissects the
options field should be skipped; otherwise, an exception gets thrown which
prevents the packet from being analyzed (tcp_analyze_seq) if configured to do
so. 

Note the TCP analysis feature does not use or require any of the info in the
options field including such things as SACK ranges, so there is no do downside
to allowing analysis to proceed when the options field is truncated provided
the entire 20-byte TCP header is intact.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.