Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 6474] New: CAPv2 decoding: initialDPArgExtension is not we

Date: Thu, 20 Oct 2011 10:01:20 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6474

           Summary: CAPv2 decoding: initialDPArgExtension is not well
                    decoded
           Product: Wireshark
           Version: 1.2.7
          Platform: x86-64
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: babassbailly@xxxxxxx


Created an attachment (id=7279)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=7279)
IDP: wireshark capture & decoding

Build Information:
Version 1.2.7

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.20.0, with GLib 2.24.0, with libpcap 1.0.0, with libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.8, with SMI 0.4.8,
with
c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Feb 18 2010 23:31:11),
without AirPcap.

Running on Linux 2.6.32-32-generic, with libpcap version 1.0.0, GnuTLS 2.8.5,
Gcrypt 1.4.4.

Built using gcc 4.4.3.

--
It seems to me that there is an error in decoding of initialDPArgExtension in
an CAPv2 InitialDP.

No fields is correctly decoded. There must be an offset during the decoding.
Could you verify that?

Thanks.

PS: I attached a capture of IDP corresponding to mfc (so there is
initialDPArgExtension) and a file which contains the correct decoding of the
initialDPArgExtension. (GT and IMSI have been modified)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.