Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 6295] Can't read full 64-bit SNMP values

Date: Fri, 2 Sep 2011 09:42:34 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6295

--- Comment #2 from Stephen Fisher <steve@xxxxxxxxxxxxxxxxxx> 2011-09-02 10:42:33 MDT ---
As Jaap posted on ask.wireshark.org:

"It's a signed/unsigned BER encoding thing. You try to set a Counter64
[APPLICATION 6], which is an unsigned 64 bit integer. That, in BER encoding,
results in an extra zero octet prefixed to the value so that it has no sign bit
set. That whole value is feed into the presentation routines found in proto.c,
but these are fixed size, so a zero octet prefix breaks the size check, as
you've seen.

So there you have it, a mismatch between TLV encoded values (BER) and fixed
size values (typed values). The SNMP dissector should convert between these
worlds, obviously it doesn't do a well enough job here. You can file a bug
report on this, with a sample capture, at bugs.wireshark.org."

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.