Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] NCP Protocol Info field

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Gerry McCafferty <gmccaff@xxxxxxxxxxx>
Date: Thu, 6 Sep 2007 10:42:36 +1000


Quick question about the Info fields of ncp.ndsverb == 0x1 fields (NDS Resolve Name) in Wireshark 0.99.6a in Windows XP.

If it is a servername, then for some reason the fully qualified name (e.g. \T=TREE\O=OU\CN=SERVER) is appended with a string similar to ?\?wp ?w???????wj?0g then after that there are another 5 characters that differ with each packet, but at least one is a double-byte ASCII character of a square with four 0 in it (like when you try and display Chinese characters without the correct fonts).

I know that this is cosmetic, but this didn't appear in Ethereal 0.99.0 loaded on the same machine from my memory. Any idea why this is happening?

Regards,

Gerry McCafferty
Server Support
IBM Global Services A/NZ
  • Prev by Date: Re: [Wireshark-users] Unable to compile static build of TShark on Fedora 7
  • Next by Date: Re: [Wireshark-users] Unable to compile static build of TShark on Fedora 7
  • Previous by thread: Re: [Wireshark-users] Increase Length of Description Fields
  • Next by thread: [Wireshark-users] 3GPP2 A11 parsing error
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation