Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 3955] New: Wireshark showing extraneous data in a TCP stre

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Thu, 27 Aug 2009 16:31:49 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3955

           Summary: Wireshark showing extraneous data in a TCP stream, when
                    no such data was present
           Product: Wireshark
           Version: 1.2.1
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: kartayyar@xxxxxxxxx


Created an attachment (id=3582)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=3582)
Snoop showing non HTTP data "entity" when there is no such data sent from the
client

Build Information:


Version: 1.2.1, as downloaded from wireshark.org.

Full data:

Version 1.2.1 (SVN Rev 29141)

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.1
beta5
(packet.dll version 4.1.0.1452), based on libpcap version 1.0.0, GnuTLS 2.8.1,
Gcrypt 1.4.4, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.


Also observed in 1.0.7.
--
Click follow TCP stream on Frame 4 in the supplied snoop.

It shows client -> server stream having non HTTP data in it, you will see
client->server traffic with the word "entity" without any other headers.

However, if you go over the actual packets in the stream, there isn't any
packet with the word "entity"


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube