Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2116] New: Incorrect Malformed Packet Error in UCP Protoco

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 17 Dec 2007 21:56:01 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2116

           Summary: Incorrect Malformed Packet Error in UCP Protocol
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: larry@xxxxxxxxxx


Build Information:
Version 0.99.6a (SVN Rev 22276)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.12, with GLib 2.12.12, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
During a regular Wireshark trace of UCP packets running over ethernet, I noted
that Wireshark said the login packet was malformed, even though it looked OK
and the server responded correctly.  After looking at the UCP protocol, it
became clear that Wireshark was parsing a type 60 message which only has one
Reserverd field (RES1) and expecting it to have two Reserved fields (RES1 and
RES2) like a type 61 message.  This is because it is using the same function to
parse both messages, and does not have a conditional for the type 60 field.

The EMI specification is here, with the important messages in sections 6.3 and
6.4: http://www.nowsms.com/discus/messages/1/EMI_UCP_Specification_40-8156.pdf


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube