Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2005] New: Visual Network format KO in Wireshark, OK in Et

Date: Wed, 21 Nov 2007 16:37:15 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2005

           Summary: Visual Network format KO in Wireshark, OK in Ethereal
                    0.10.14.
           Product: Wireshark
           Version: 0.99.8
          Platform: PC
        OS/Version: Windows 2000
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mantovani@xxxxxxxx
                CC: venturini@xxxxxxxx


Build Information:
Version 0.99.8-SVN-23527 (SVN Rev 23527)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.1, with GLib 2.14.3, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1,
with
GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio PortAudio
V19-devel, with AirPcap.

Running on Windows 2000 Service Pack 4, build 2195, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I'm trying to load a PPP trace created in Visual Network format.
The trace is correctly decoded in Ethereal 0.10.14, it is not in Wireshark.

LCP negotiation starts with HDLC header FF 03, peers agree for Address/Control
field compression, therefore in subsequent IPCP packets the HDLC header is not
present.

Ethereal decodes Both LCP and IPCP correctly, Wireshark decodes correctly only
LCP (because packets start with FF 03) but not IPCP (packets start with 80 21).

The problem is present in Wireshark 0.99.7-SVN-23521 too.

###

I also made an experiment: 
- open the trace in PCAP format, wireshark decodes it correctly
- save it as VN format from wireshark itself
- re-load it in wireshark, you get the badly decoded trace.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.