Wireshark · Ethereal-dev: [Ethereal-dev] BUG report

["Pavel Orchov" <porchov@xxxxxxxxxx>]

Hi,

I have found some BUG in ethereal here is description by README:

 

Linux version: Linux 2.4.21-144-default, SUSE distribution

 

gtk version: GTK+ 2.2.3

 

Ethereal version: 0.10.6

Compiled with GTK+ 2.2.3 , with Glib 2.2.3, with libpcap 0.7.2, with libz 1.1.4,  with libpcre 4.4, without UCD-SNMP or Net-SNMP, without ADNS.

 

BUG description:

I am trying to capture HTTP stream when chunked stream arriving:

- Enable capture with filter "tcp port 80"

- Enter www.cnn.com or www.bbc.com

- One of the connections should include HTTP stream when response arrive in chunked mode, you will see "Transfer-encoding: chunked" in one of the streams.

- Open this stream in HEX mode (you can save it or just look in the bottom of the Ethereal GUI) and check if chunk offset is  correct. I found that chunk offset is not correct in all chunks. This means that Ethereal does not capture the stream correctly or Ethereal add some symbols to the stream that make chunk offset incorrect.

- You may be sure that server send correct stream, otherwise you were not see the web page of cnn or bbc.

 

BUG occurs with 0.9.* and 0.10.6 versions of Ethereal.

 

*****************************
Finjan Software

This e-mail and any attached files are confidential and may be legally
privileged. The unauthorized use, disclosure or copying of this email or
any information contained within it is strictly prohibited. This also
confirms that Finjan Software's Vital Security for E-Mail has scanned this
message for the presence of known viruses and potentially malicious
code.

Finjan Software - Prevention is the Best Cure!
*****************************