Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 6955] New: H323 IDs have the domain truncated after '@' in

Date: Thu, 15 Mar 2012 09:16:14 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6955

           Summary: H323 IDs have the domain truncated after '@' in H225
                    RAS.
           Product: Wireshark
           Version: 1.7.x (Experimental)
          Platform: x86
        OS/Version: Windows 7
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: becorder@xxxxxxxxx


Created attachment 8025
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8025
h225-ras.pcap

Build Information:
Version 1.7.0 (SVN Rev 39768 from /trunk)

Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.22.1, with Cairo 1.10.2, with Pango 1.28.3, with
GLib 2.26.1, with WinPcap (version unknown), with libz 1.2.5, without POSIX
capabilities, with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python,
with GnuTLS 2.10.3, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with
PortAudio V19-devel (built Nov  8 2011), with AirPcap.

Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.10.3, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 21022

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I'm attaching a trace of RRQ and RCF messages between a H.323 endpoint and a
gatekeeper.

In the development release of wireshark (and in trunk), I see that

H.225 -> registrationRequest -> terminalAlias -> Item 0 -> AliasAddress:
h323-ID
    h323-ID: 20203@
and 
H.225 -> registrationConfirm -> terminalAlias -> Item 0 -> AliasAddress:
h323-ID
    h323-ID: 20203@

where the domain part of the h323 ID is not being displayed in the Packet
Details view.

Packet Bytes view correctly highlights and displays the relevant bytes
including the domain part.


Wireshark stable (1.6.5 from http://www.wireshark.org/download.html) shows the
entire h323 ID.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.