Wireshark · Ethereal-dev: [Ethereal-dev] [DCE RPC] Incorrect dissection with CVS version 20040603153321

Ethereal-dev: [Ethereal-dev] [DCE RPC] Incorrect dissection with CVS version 20040603153321

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Jean-Baptiste Marchand <Jean-Baptiste.Marchand@xxxxxx>

Date: Fri, 4 Jun 2004 11:29:18 +0200

Hello,

it seems that there is a dissection problem with a current version of
the DCE RPC dissector.

The first attached capture (epm1_anon.cap) contains 6 frames, 2 two TCP segments
(SYN-ACK, ACK) and 4 DCE RPC PDUs. The last two DCE RPC PDUs are not
properly dissected as EPM operations.

The second attached capture (epm2_anon.cap) is identical to the first one,
except that the first TCP segment has been removed. The last two DCE RPC
PDUs are properly dissected as EPM operations.

The only difference is that in the first case, we see a SYN-ACK TCP
segment and thus, this might be something related to TCP conversations?

PS: attached traces have been anonymized with ipsumdump
(http://www.icir.org/kohler/ipsumdump/), thus IP addresses are different
in the traces but they were both generated from the same original trace.


Jean-Baptiste Marchand
-- 
Jean-Baptiste.Marchand@xxxxxx
HSC - http://www.hsc.fr/

Attachment: epm1_anon.cap
Description: Binary data

Attachment: epm2_anon.cap
Description: Binary data

Follow-Ups:
- Re: [Ethereal-dev] [DCE RPC] Incorrect dissection with CVS version 20040603153321
  - From: Jean-Baptiste Marchand

Prev by Date: Re: [Ethereal-dev] Linking against OpenSSL
Next by Date: Re: [Ethereal-dev] Linking against OpenSSL
Previous by thread: [Ethereal-dev] Re: [Ethereal-cvs] cvs commit: ethereal/gtk dlg_utils.c
Next by thread: Re: [Ethereal-dev] [DCE RPC] Incorrect dissection with CVS version 20040603153321
Index(es):
- Date
- Thread