Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 4401] USB URB_ISOCHRONOUS Packet "Application Data" is displayed/captured wron

[bugzilla-daemon@xxxxxxxxxxxxx]

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4401

--- Comment #2 from Gregor Anich <gregor.anich@xxxxxx> 2010-01-19 15:27:33 PST ---
I tried with latest git/svn of libpcap/wireshark, here's the build info:

Version 1.2.5

Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.3, with GLib 2.22.3, with libpcap 1.1-PRE-CVS, with
libz
1.2.3.3, without POSIX capabilities, without libpcre, without SMI, without
c-ares, without ADNS, without Lua, with GnuTLS 2.8.3, with Gcrypt 1.4.4, with
MIT Kerberos, without GeoIP, with PortAudio V19-devel (built Jun 20 2009
13:28:51), without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.31-17-generic, with libpcap version 1.1-PRE-CVS, GnuTLS
2.8.3, Gcrypt 1.4.4.

Built using gcc 4.4.1.

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.

=== END OF BUILD INFO ===

The problem persists. Here's an example isochronous packet's "Application
Data":
0000   ee ff ff ff 00 00 00 00 1e 00 00 00 00 00 00 00  ................
0010   ee ff ff ff 1e 00 00 00 24 00 00 00 00 00 00 00  ........$.......
0020   ee ff ff ff 42 00 00 00 1e 00 00 00 00 00 00 00  ....B...........
0030   ee ff ff ff 60 00 00 00 24 00 00 00 00 00 00 00  ....`...$.......
0040   ee ff ff ff 84 00 00 00 1e 00 00 00 00 00 00 00  ................
0050   ee ff ff ff a2 00 00 00 24 00 00 00 00 00 00 00  ........$.......
0060   ee ff ff ff c6 00 00 00 1e 00 00 00 00 00 00 00  ................
0070   ee ff ff ff e4 00 00 00 24 00 00 00 00 00 00 00  ........$.......
0080   28 77 ac 00 28 77 ac 00 d8 11 e4 08 d8 11 e4 08  (w..(w..........
0090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00a0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00b0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00c0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00d0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00e0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00f0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
0180   00 00 00 00 00 00 00 00                          ........

As can be seen, there's the 16 byte pattern with eeffffff again, which is very
likely the struct mon_bin_isodesc from
linux-2.6.32/drivers/usb/mon/mon_bin.c line 116 (see original comment/bug
report)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.