ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 7491] New: DNP3 Protocol Dissector Does not Fully Decode A

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 17 Jul 2012 10:02:58 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7491

           Summary: DNP3 Protocol Dissector Does not Fully Decode
                    Application Layer Object 50 Variation 3
           Product: Wireshark
           Version: SVN
          Platform: x86
        OS/Version: Windows 7
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Dissection engine (libwireshark)
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: cbontje@xxxxxxxxx


Build Information:
Version 1.8.0 (SVN Rev 43431 from /trunk-1.8)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.10, with Cairo 1.10.2, with Pango 1.30.0, with
GLib 2.32.2, with WinPcap (4_1_2), with libz 1.2.5, without POSIX capabilities,
with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS
2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio
V19-devel (built Jun 21 2012), with AirPcap.

Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
DNP3 Dissector does not decode the 6-byte Time Stamp component of Application
Layer Object 50 Variation 3 (Last Recorded Date and Time).  The object had
previously been defined in the dissector but was never referenced when actually
decoding the packets so any existing instances of this object will produce an
"unknown data chunk" section where the time stamp should be present.

I have attached both a capture file that exhibits the problem (See packet #11)
as well as a diff/patch that will correct the issue.

Contact me if there are any questions,

Chris Bontje

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube