Wireshark-bugs: [Wireshark-bugs] [Bug 5469] New: fix for malformed VNC handshake
Date: Mon, 6 Dec 2010 12:22:52 -0800 (PST)

           Summary: fix for malformed VNC handshake
           Product: Wireshark
           Version: 1.4.2
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: [email protected]
        ReportedBy: [email protected]

Created an attachment (id=5578)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5578)
most straightforward patch fixing the issue for me

Build Information:
wireshark 1.4.2, built from source
I have come across a .pcap file containing VNC traffic where the dissector
output stops right after the first packet, which is the server initializing the

Viewing the traffic in a hex editor, it appears that the client violated the
RFB specification by ending its handshake with 0x00 instead of 0x0a. The server
 didn't mind, though, and resumed the session normally. I must admit that I do
not know which client was used in this session, but I could try to find out if
you require this information. 

It's up to you whether wireshark will support this deviation from the spec or
this issue is a WONTFIX, but IMHO there should at least be a diagnostic message
when this occurs. 

I've attached a very simple patch against 1.4.2 that fixes the issue for me.

Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.