ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 3298] New: WSP header length incorrect

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 3 Mar 2009 04:00:09 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3298

           Summary: WSP header length incorrect
           Product: Wireshark
           Version: 1.0.4
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: baboinen@xxxxxxxxx


Created an attachment (id=2804)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2804)
Captures containing WSP packets whose "Headers Length" field is shown correctly
and incorrectly.

Build Information:
Version 1.0.4 (SVN Rev 26501)

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with ADNS, with Lua 5.1, with GnuTLS 2.3.8, with Gcrypt 1.4.1, with MIT
Kerberos, with PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
(packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The problem appears on both 1.0.4 windows build as well as linux, tshark, 1.0.5
build.

In attached capture, incorrect.cap, packet 2 contains the WSP reply.
In that reply inside the WSP is the field "Headers Length". The length is coded
with 2 bytes, 81 and 21 successively.
Summing hex 81 and 21 makes 162 (decimal) while wireshark shows 161.
The headers are 160 bytes long and 2 bytes of the "Headers Length" field makes
it to be 162 bytes.

The packet is charged with another system which analysis the WSP messages and
is charged correctly taking in acount that the "Headers Length" is 162 bytes
and not 161 as wireshark shows.

Another capture, correct.cap, contains another WSP packets which show the
"Headers Length" correctly but that header length is coded with 1 byte. This
capture is attached only for comparison reasons.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube