http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2111
oder@xxxxxxxxxxxxx changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WONTFIX |
------- Comment #5 from oder@xxxxxxxxxxxxx 2007-12-30 14:38 GMT -------
(In reply to comment #4)
> What Stephen meant was to attach a capture file in binary format (ie not text
> output).
I do not have capture file in binary format. I did not save it.
> Unfortunately you have zeroed out the tcp-payload which gets checked by the
> SMMP dissector. But I'm 99,9% sure that the first 16 bytes of your payload were
> matching a valid SMMP header. After that, the SMMP dissector could not dissect
> it properly and reported it as malformed.
What do you mean? Packets 117051 and 117052 are unchanged - I did not zero
anything. You can see question marks in 2nd and 3rd packet and two last packets
where I made corrections. The hidden data was directory paths and error message
responses - that is, ASCII text.
> The easy workaround is to disable the SMMP protocol dissector in the
> preferences when that happens.
I do not undertand. Packet clearly contains Enternet header, then IP header
then TCP data. What a fuzzy logic should be applied to find something else in
it?
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
