ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 5269] New: AgentX dissector does not honour endian-ess fla

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Fri, 1 Oct 2010 11:33:02 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5269

           Summary: AgentX dissector does not honour endian-ess flag
           Product: Wireshark
           Version: unspecified
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: fulko.hew@xxxxxxxxx


Created an attachment (id=5249)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5249)
non-decoding example

Build Information:
Version 1.0.3

Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.12.8, with GLib 2.14.6, with libpcap 0.9.7, with libz
1.2.3, without POSIX capabilities, with libpcre 7.3, without SMI, without ADNS,
without Lua, with GnuTLS 1.6.3, with Gcrypt 1.2.4, with MIT Kerberos, without
PortAudio, without AirPcap.

Running on Linux 2.6.26.8-57.fc8, with libpcap version 0.9.7.

Built using gcc 4.1.2 20070925 (Red Hat 4.1.2-33).
--
>On 1 Oct 2010, at 19:53, Fulko Hew wrote:

> Imagine my surprise when Wireshark failed to decode the
> AgentX protocol inside some captured packets.  It all
> depends on where the packets originated from (which OS).
>
> Attached are two capture sessions of AgentX traffic.
>
> One decodes... Between a Linux box and a Linux box.
> One doesn't... Between a Windows box and a Linux box.
>
> I'm not sure what triggers the failure, but in one case
> Wireshark successfully decodes the AgentX traffic inside
> the TCP PDU and in the other case it doesn't.  The top
> protocol window (when it doesn't decode) also tags the
> packets as '[TCP segment of a reassembled PDU]'

The difference is that in the non-working example, there is a flag that
indicates that multibyte values are in BigEndian representation and the agentX
dissector does not seem to honor this. When it then sees "00 00 00 20" as
length, it does not interpret this as 32 bytes, but as 536870912. So then it
tries to read that many bytes to reassemble the PDU. Of course it fails at
that.

Could you please open a bug report at http://bugs.wireshark.org and attach the
two tracefiles so that we don't lose track of it?

Cheers,
Sake

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube