Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 7819] New: Protocol:CIP CM Unknown Service (0x5b) but impl

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 9 Oct 2012 05:41:17 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7819

           Summary: Protocol:CIP CM Unknown Service (0x5b) but implemented
                    as 0x5B
           Product: Wireshark
           Version: unspecified
          Platform: x86
        OS/Version: Windows XP
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Dissection engine (libwireshark)
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: wilhelm.leonhardsberger@xxxxxxxxxxxx


Build Information:
Version 1.6.8 (SVN Rev 42761 from /trunk-1.6)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.10, with GLib 2.28.8, with WinPcap (version
unknown), with libz 1.2.5, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.12.18,
with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP, with PortAudio V19-devel
(built May 22 2012), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 21022
--
Hi,

by capturing CIP-EtherNet/IP traffic I discovered, that Wireshark does not
recognize the Large Forward Open Service 0x5b. By looking into the sources,
wireshark->epan->dissectors->packet-cip.h I saw that the Large Forward Open
Service is implemented, but as 0x5B. By building my own developer wireshark I
changed the service value from 0x5b to 0x5B and voila wireshark was able to
handle the Large Forward Open service. 
Strange thing is, that wireshark is capable to recognize the Forward Close
service 0x4e which is also defined in packet-cip.h by 0x4E, so I cannot be a
upper/lower case error. 

Thanks, LeoB

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube