https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5844
Sake <sake@xxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #4 from Sake <sake@xxxxxxxxxx> 2011-04-23 03:03:34 PDT ---
(In reply to comment #0)
> When we run a packet capture of kerberos messages, the AS-REP message fails to
> decode. We can only decode it when we manually select to decode the packet. The
> interesting item is that when the same caputre is opened up using the same
> installation of Wireshark on a Windows XP computer, it is decoded
> automatically.
This is most probably because on the system with the problem to decode the
AS-REP message, you have "Reassemble fragmented IP datagrams" unchecked. This
causes the AS-REQ to not be fully assembled and it needs the full PDU to
determine that frame 44/45 contain the AS-REP message. If you enable
"Reassemble fragmented IP datagrams" in the IP protocol preferences, you should
be fine.
> > Another problem occurs for the AS-REQ and AS-REP are not decoded when the
> following steps are performed.
>
> 1. Enter kerberos in the filter
> 2. Select Apply.
> 3. Select Save As from the File pull-down menu.
> 4. Select the "Display Only" radio buttion
> 5. Open newly created file in Wireshark.
> 6. None of the packets can be decoded anymore
This is a known limitation (see bug 3315), when you apply a display filter that
show you PDU's for which reassembly has been done on a lower layer, not all
fragments are saved. You can work around the issue by applying a filter at the
IP layer (in your case: ip.addr eq 10.32.161.25 and ip.addr eq 10.32.0.13)
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
