| Bug ID |
11217
|
| Summary |
MSRP dissector does not take into account TCP fragmentation
|
| Product |
Wireshark
|
| Version |
1.12.4
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 13626 [details]
MSRP sample trace with sample data that show the problem
Build Information:
Version 1.12.4 (v1.12.4-0-gb4861da from master-1.12)
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
with
MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Mar 4 2015), with
AirPcap.
Running on 32-bit Windows 7 Service Pack 1, build 7601, without WinPcap, GnuTLS
3.2.15, Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, with 3493MB of physical
memory.
Built using Microsoft Visual C++ 10.0 build 40219
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
MSRP dissector does not take TCP fragmentation into account. With two tcp
segments that build together one MSRP message only the first segment is decoded
as MSRP. The second segment is shown as tcp frame and the MSRP data
can not be used.
First tcp fragment also is getting a MSRP expert error/malformed info.
Most probably because the finalizing transaction-id$ is not found in the first
segment.
Also analysis of protocol issues is more difficult than necessary.
You are receiving this mail because:
- You are watching all bug changes.
