Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2111] New: Packet incorrectly detected as SMPP

Date: Mon, 17 Dec 2007 13:53:38 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2111

           Summary: Packet incorrectly detected as SMPP
           Product: Wireshark
           Version: 0.99.6
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: oder@xxxxxxxxxxxxx


Build Information:
Version 0.99.6a (SVN Rev 22276)
--
These are two similar packets. First one was decoded correctly, however SMPP
content has been detected in second one for some reason.

=========1=========
No.     Time        Source                Destination           Protocol Info
 115273 530.470590  172.25.31.241         172.25.31.249         TCP      [TCP
segment of a reassembled PDU]

Frame 115273 (82 bytes on wire, 82 bytes captured)
    Arrival Time: Dec 12, 2007 14:51:19.841715000
    [Time delta from previous captured frame: 0.000673000 seconds]
    [Time delta from previous displayed frame: 0.000673000 seconds]
    [Time since reference or first frame: 530.470590000 seconds]
    Frame Number: 115273
    Frame Length: 82 bytes
    Capture Length: 82 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:tcp]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]
Ethernet II, Src: Intel_b9:5d:30 (00:0e:0c:b9:5d:30), Dst: AsustekC_5c:57:23
(00:15:f2:5c:57:23)
    Destination: AsustekC_5c:57:23 (00:15:f2:5c:57:23)
        Address: AsustekC_5c:57:23 (00:15:f2:5c:57:23)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Source: Intel_b9:5d:30 (00:0e:0c:b9:5d:30)
        Address: Intel_b9:5d:30 (00:0e:0c:b9:5d:30)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 172.25.31.241 (172.25.31.241), Dst: 172.25.31.249
(172.25.31.249)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 68
    Identification: 0x868a (34442)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x5c0d [correct]
        [Good: True]
        [Bad : False]
    Source: 172.25.31.241 (172.25.31.241)
    Destination: 172.25.31.249 (172.25.31.249)
Transmission Control Protocol, Src Port: 16015 (16015), Dst Port: 2789 (2789),
Seq: 4198257, Ack: 71145, Len: 28
    Source port: 16015 (16015)
    Destination port: 2789 (2789)
    Sequence number: 4198257    (relative sequence number)
    [Next sequence number: 4198285    (relative sequence number)]
    Acknowledgement number: 71145    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 17520
    Checksum: 0x9d5c [correct]
        [Good Checksum: True]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 115272]
        [The RTT to ACK the segment was: 0.000673000 seconds]
    [Reassembled PDU in frame: 115314]
    TCP segment data (28 bytes)

0000  00 15 f2 5c 57 23 00 0e 0c b9 5d 30 08 00 45 00   ...\W#....]0..E.
0010  00 44 86 8a 00 00 40 06 5c 0d ac 19 1f f1 ac 19   .D....@.\.......
0020  1f f9 3e 8f 0a e5 5e 2f 09 57 b4 a4 cf a4 50 18   ..>...^/.W....P.
0030  44 70 9d 5c 00 00 00 00 00 00 00 00 00 03 00 00   Dp.\............
0040  00 00 00 00 00 0c 00 00 00 04 00 00 00 70 00 00   .............p..
0050  00 00                                             ..
=========1=========




=========2=========
No.     Time        Source                Destination           Protocol Info
 117052 535.502844  172.25.31.241         172.25.31.249         TCP      16015
> 2789 [PSH, ACK] Seq=5136073 Ack=95061 Win=17520 Len=28[Malformed Packet]

Frame 117052 (82 bytes on wire, 82 bytes captured)
    Arrival Time: Dec 12, 2007 14:51:24.873969000
    [Time delta from previous captured frame: 0.000812000 seconds]
    [Time delta from previous displayed frame: 0.000812000 seconds]
    [Time since reference or first frame: 535.502844000 seconds]
    Frame Number: 117052
    Frame Length: 82 bytes
    Capture Length: 82 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:ip:tcp:smpp]
    [Coloring Rule Name: TCP]
    [Coloring Rule String: tcp]
Ethernet II, Src: Intel_b9:5d:30 (00:0e:0c:b9:5d:30), Dst: AsustekC_5c:57:23
(00:15:f2:5c:57:23)
    Destination: AsustekC_5c:57:23 (00:15:f2:5c:57:23)
        Address: AsustekC_5c:57:23 (00:15:f2:5c:57:23)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Source: Intel_b9:5d:30 (00:0e:0c:b9:5d:30)
        Address: Intel_b9:5d:30 (00:0e:0c:b9:5d:30)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address
(factory default)
    Type: IP (0x0800)
Internet Protocol, Src: 172.25.31.241 (172.25.31.241), Dst: 172.25.31.249
(172.25.31.249)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 68
    Identification: 0x8a9c (35484)
    Flags: 0x00
        0... = Reserved bit: Not set
        .0.. = Don't fragment: Not set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x57fb [correct]
        [Good: True]
        [Bad : False]
    Source: 172.25.31.241 (172.25.31.241)
    Destination: 172.25.31.249 (172.25.31.249)
Transmission Control Protocol, Src Port: 16015 (16015), Dst Port: 2789 (2789),
Seq: 5136073, Ack: 95061, Len: 28
    Source port: 16015 (16015)
    Destination port: 2789 (2789)
    Sequence number: 5136073    (relative sequence number)
    [Next sequence number: 5136101    (relative sequence number)]
    Acknowledgement number: 95061    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 17520
    Checksum: 0xf02b [correct]
        [Good Checksum: True]
        [Bad Checksum: False]
    [SEQ/ACK analysis]
        [This is an ACK to the segment in frame: 117051]
        [The RTT to ACK the segment was: 0.000812000 seconds]
[Malformed Packet: SMPP]

0000  00 15 f2 5c 57 23 00 0e 0c b9 5d 30 08 00 45 00   ...\W#....]0..E.
0010  00 44 8a 9c 00 00 40 06 57 fb ac 19 1f f1 ac 19   [email protected].......
0020  1f f9 3e 8f 0a e5 5e 3d 58 af b4 a5 2d 10 50 18   ..>...^=X...-.P.
0030  44 70 f0 2b 00 00 00 00 00 00 00 00 00 03 00 00   Dp.+............
0040  00 00 00 00 00 0c 00 00 00 04 00 00 00 ce 00 00   ................
0050  00 00                                             ..
=========2=========


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.