Wireshark-bugs: [Wireshark-bugs] [Bug 6338] New: wireshark cannot dessect mms which is not begin
Date: Mon, 12 Sep 2011 19:34:44 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6338

           Summary: wireshark cannot dessect mms which is not begining
                    with initiate(such as initiate-request and
                    initiate-response)
           Product: Wireshark
           Version: 1.2.9
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: [email protected]
        ReportedBy: [email protected]


Created an attachment (id=6989)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=6989)
Network packets

Build Information:
wireshark 1.2.9

Copyright 1998-2010 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI

0.4.8, with c-ares 1.7.0, with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5,
with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 13 2011),
with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729
--
if wireshak is started and captured after initiate service(such as
initiate-request and initiate-response), Wireshark dissects the messagges down
to ISO8823 OSI Presentation Protocol, but the presentation data can't be
decoded as MMS.

like attachment, Network packets are as follows:

0000   aa c0 a8 06 c8 aa 00 21 70 6b 0c 67 08 00 45 00  .......!pk.g..E.
0010   00 67 2f bc 40 00 80 06 42 88 c0 a8 03 34 c0 a8  .g/[email protected]
0020   03 c8 0f 75 00 66 2c 00 28 24 ad d8 00 da 50 18  ...u.f,.($....P.
0030   fa e3 88 a6 00 00 03 00 00 3f 02 f0 80 01 00 01  .........?......
0040   00 61 32 30 30 02 01 03 a0 2b a0 29 02 02 01 b5  .a200....+.)....
0050   a4 23 a1 21 a0 1f 30 1d a0 1b a1 19 1a 09 44 45  .#.!..0.......DE
0060   50 35 30 30 4e 53 52 1a 0c 4c 4c 4e 30 24 53 50  P500NSR..LLN0$SP
0070   24 53 47 43 42                                   $SGCB
result of wireshark1.2.9 dissect are as follows:

ISO 8823 OSI Presentation Protocol
  user-data: fully-encoded-data (1)
    fully-encoded-data: 1 item
      PDV-list
        presentation-context-identifier: 3
      presentation-data-values: single-ASN1-type (0)
        dissector is not available
          Expert Info (Warn/Undecoded): Dissector is not available
            Message: Dissector is not available
            Severity level: Warn
            Group: Undecoded
          single-ASN1-type: A029020201B5A423A121A01F301DA01BA1191A0944455035...

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.