On Jan 10, 2013, at 11:50 PM, "Ewgenij Sokolovski" <ewgenijkkg@xxxxxx> wrote:
>> The reason for the "Exception occurred" error is that a dissector tried to
>> fetch data from a tvbuff but the data was past the end of the packet (not
>> just the end of the captured packet data, but past the end of the actual
>> packet length).
>
> Hmm, so does that mean that the value for packet length is wrong? Or were there no data at the place where dissector looked for it, indeed?
The latter - although it really means "there is no data there *and, if this capture was done with a snapshot length set, there wouldn't have been data there had the capture been done without a snapshot length set*". (If the capture was done with a snapshot length set, and the data would have been there had a snapshot length not been set or had the snapshot length been sufficiently larger, a different message is shown - that's just a problem with the capture process, e.g. a too-short snapshot, not a problem with the packet or the dissectors.)
What that means is that either
1) the dissector has a bug, and shouldn't be looking there for data;
2) the packet was bad, and should (according to the protocol specification) have had data there, but didn't;
3) the packet would have had data there had it been reassembled from whatever fragments made it up, but reassembly wasn't done (either because it was disabled, or because Wireshark didn't have information needed to reassemble it, or Wireshark doesn't have code to reassemble it).
