Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 9539] New: VITA 49 dissection incorrect

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 10 Dec 2013 10:34:00 +0000
Bug ID 9539
Summary VITA 49 dissection incorrect
Classification Unclassified
Product Wireshark
Version 1.10.3
Hardware x86-64
OS Windows 7
Status UNCONFIRMED
Severity Normal
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Created attachment 12280 [details]
Screenshot of incorrect VITA 49 dissection

Build Information:
Version 1.10.3 (SVN Rev 53022 from /trunk-1.10)

Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Nov  1 2013), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel(R) Xeon(R) CPU E3-1240 v3 @ 3.40GHz, with 16310MB of physical memory.


Built using Microsoft Visual C++ 10.0 build 40219
--
I am testing sending VITA 49 packets over UDP and Wireshark appears to be
dissecting the T flag in the header incorrectly and is looking for the trailer
2 words early.

The standard says that bits [27..24] of the header compose of the flags C, T
and the reserved two bits R, R in that order (CTRR). However, Wireshark
dissects them in the order RCTR. If I set the T flag (which indicates a trailer
is present), Wireshark reports that the T flag is set to 0 and the C flag is
set to 1, which is incorrect. However, despite reporting no trailer flag set,
Wireshark then displays the trailer contents below. The trailer section is not
present when you set the C flag to 1 and the T flag to 0 (in which case
Wireshark reports there is a trailer but does not display the trailer secion).

This further leads to another problem where the trailer contents reported are
not correct as although the length field is correct, Wireshark is reporting the
contents of the trailer to be the 32-bit word that is 2 words from the end
instead of the last word.

For example see the attached screenshot which shows the correct VITA 49 packet
length of 9 words (including 5 word header, 3 word payload, 1 word trailer) and
yet the dissector is looking at the seventh as the trailer. The screenshot also
shows the incorrect reporting of the T flag.

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube