Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 12702] New: File over EtherCAT: dissector produces file le

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 03 Aug 2016 09:45:16 +0000
Bug ID 12702
Summary File over EtherCAT: dissector produces file length field that doesn't exist in spec
Product Wireshark
Version 2.0.4
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Trivial
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected] 

Created attachment 14787 [details]
FoE Read request

Build Information:
Version 2.0.4 (v2.0.4-0-gdd7746e from master-2.0)

Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.38.0, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale C, with
WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without
AirPcap.
Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz (with SSE4.2), with 8080MB of physical
memory.


Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
In short: I've got an EtherCAT packet capture for the initial FoE Read request
in an EtherCAT file transfer operation. Wireshark is parsing one field as
"FileLength" (ecat_mailbox.foe_filelength), but FoE does not have this field -
it has no method at all of indicating a file size beforehand.

This field, at offset 2 past the mailbox header for FoE Read and FoE Write
requests, holds a uint32 "Password" field. In an FoE Data request (carrying the
file contents) it's Packet Number. I'm not sure anyone uses the password field
(or why they would, it's pointless) and wouldn't be surprised if someone
somewhere repurposed it for file length, but that's not what the spec says.

In the attached capture, the relevant field is at bytes 48-51, "a8 00 07 10".

You are receiving this mail because:
  • You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube