Wireshark-bugs: [Wireshark-bugs] [Bug 6047] New: NetBIOS decoded as reload-framing or stun or tu
Date: Tue, 21 Jun 2011 01:16:07 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6047

           Summary: NetBIOS decoded as reload-framing or stun or
                    turnchannel
           Product: Wireshark
           Version: 1.6.0
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Created an attachment (id=6542)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6542)
NetBIOS packages

Build Information:
wireshark 1.7.0 (SVN Rev 37739 from /trunk)

Copyright 1998-2011 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.4, with GLib 2.28.8, with libpcap 1.1.1, with
libz 1.2.5, without POSIX capabilities, without libpcre, with SMI 0.4.8, with
c-ares 1.7.4, with Lua 5.1, with Python 2.6.6, with GnuTLS 2.8.6, with Gcrypt
1.4.6, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built May 16
2011 14:32:14), without AirPcap.

Running on Mac OS 10.6.7 (Darwin 10.7.0), with libpcap version 1.1.1, with libz
1.2.5, GnuTLS 2.8.6, Gcrypt 1.4.6.

Built using gcc 4.2.1 (Apple Inc. build 5666) (dot 3).

--
The attached capture contains two NetBIOS packages in frame 4 and 5.

Wireshark's heuristics decode this frames first as reload-framing, then as stun
and last as turnchannel, which is obviously wrong.  Disabling this dissectors
works, but is a bad solution.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.