Wireshark-bugs: [Wireshark-bugs] [Bug 3619] New: PPP Direction Information Metadata Lost when Co
Date: Sat, 27 Jun 2009 08:11:35 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3619

           Summary: PPP Direction Information Metadata Lost when Converting
                    pppdump Logs to pcap-ng
           Product: Wireshark
           Version: SVN
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: tyson.key@xxxxxxxxx


Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
It appears that when loading a pppdump log file containing packets with DCE and
DTE direction metadata, and then saving it as pcap-ng, the DCE/DTE direction
metadata is "lost"/stripped-out.

When reading the resulting file, the affected packets look something like this:
No.     Time           Source                Destination           Protocol
Info
      2 0.000000000    N/A                   N/A                   PPP LCP 
Configuration Request

Frame 2 (31 bytes on wire, 31 bytes captured)
    Arrival Time: Jun 25, 2009 01:00:11.900000000
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 2
    Frame Length: 31 bytes
    Capture Length: 31 bytes
    [Frame is marked: False]
    [Protocols in frame: ppp:lcp]
Point-to-Point Protocol
    Address: 0xff
    Control: 0x03
    Protocol: Link Control Protocol (0xc021)
PPP Link Control Protocol
    Code: Configuration Request (0x01)
    Identifier: 0x09
    Length: 25
    Options: (21 bytes)
        Async Control Character Map: 0x00000000 (None)
        Authentication protocol: 5 bytes
            Authentication protocol: Challenge Handshake Authentication
Protocol (0xc223)
            Algorithm: CHAP with MD5 (0x05)
        Magic number: 0x00f07db0
        Protocol field compression
        Address/control field compression

I expect to see something like this:
No.     Time   Source                Destination           Protocol Info
      2 0.0    DCE                   DTE                   PPP LCP 
Configuration Request

Frame 2 (31 bytes on wire, 31 bytes captured)
    Arrival Time: Jun 25, 2009 01:00:11.900000000
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 2
    Frame Length: 31 bytes
    Capture Length: 31 bytes
    [Frame is marked: False]
    [Protocols in frame: ppp:lcp]
    Point-to-Point Direction: Received (1)
Point-to-Point Protocol
    Address: 0xff
    Control: 0x03
    Protocol: Link Control Protocol (0xc021)
[Direction: DCE->DTE (1)]
PPP Link Control Protocol
    Code: Configuration Request (0x01)
    Identifier: 0x09
    Length: 25
    Options: (21 bytes)
        Async Control Character Map: 0x00000000 (None)
        Authentication protocol: 5 bytes
            Authentication protocol: Challenge Handshake Authentication
Protocol (0xc223)
            Algorithm: CHAP with MD5 (0x05)
        Magic number: 0x00f07db0
        Protocol field compression
        Address/control field compression

It seems that this metadata is preserved when exporting the pppdump file to a
"Visual Networks traffic capture" file.

Sample files are attached for perusal, as usual.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.