Wireshark-bugs: [Wireshark-bugs] [Bug 1871] New: SIP pkt in Hammer cap file incorrectly analysed
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1871
Summary: SIP pkt in Hammer cap file incorrectly analysed as SAIA
S-BUS
Product: Wireshark
Version: 0.99.6
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: craig_watkinson@xxxxxxxxxxx
Build Information:
Version 0.99.6a (SVN Rev 22276)
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.10.12, with GLib 2.12.12, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.
Built using Microsoft Visual C++ 6.0 build 8804
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
[Apologies if this is duplicated - I tried to create a bug yesterday, but I am
unable to see it, so assume this failed]
Some packets in a capture taken from a Hammer call analyser are being
incorrectly analysed as SAIA S-Bus packets. Other packets between the same two
hosts are being interpreted correctly. Previous versions of Ethereal (v0.10.12)
did analyse these captures correctly.
An example of an incorrectly interpreted packet is below, and cap file is
available if required.
0000 00 03 ba 99 a6 74 00 03 ba 99 94 ba 08 00 45 00 .....t.. ......E.
0010 01 a9 1c ae 40 00 ff 11 eb 63 51 90 67 8c 51 90 ....@... .cQ.g.Q.
0020 67 85 13 c4 13 ba 01 95 25 53 53 49 50 2f 32 2e g....... %SSIP/2.
0030 30 20 31 30 30 20 54 72 79 69 6e 67 0d 0a 56 69 0 100 Tr ying..Vi
0040 61 3a 20 53 49 50 2f 32 2e 30 2f 55 44 50 20 38 a: SIP/2 .0/UDP 8
0050 31 2e 31 34 34 2e 31 30 33 2e 31 33 33 3a 35 30 1.144.10 3.133:50
0060 35 30 3b 62 72 61 6e 63 68 3d 7a 39 68 47 34 62 50;branc h=z9hG4b
0070 4b 2a 30 30 32 65 2d 30 30 30 30 33 36 62 33 2d K*002e-0 00036b3-
0080 30 62 65 30 2a 30 30 2d 62 74 73 69 70 2e 62 74 0be0*00- btsip.bt
0090 2e 63 6f 6d 2d 2b 34 34 35 36 30 30 39 30 39 31 .com-+44 56009091
00a0 39 33 2e 62 0d 0a 56 69 61 3a 20 53 49 50 2f 32 93.b..Vi a: SIP/2
00b0 2e 30 2f 55 44 50 20 38 31 2e 31 34 34 2e 31 30 .0/UDP 8 1.144.10
00c0 33 2e 31 34 30 3b 62 72 61 6e 63 68 3d 7a 39 68 3.140;br anch=z9h
00d0 47 34 62 4b 2a 30 30 32 65 2d 30 30 30 30 32 64 G4bK*002 e-00002d
00e0 33 65 2d 30 38 38 31 0d 0a 46 72 6f 6d 3a 20 22 3e-0881. .From: "
00f0 34 34 35 36 30 30 39 30 39 31 39 32 22 20 3c 73 44560090 9192" <s
0100 69 70 3a 34 34 35 36 30 30 39 30 39 31 39 32 40 ip:44560 0909192@
0110 62 74 73 69 70 2e 62 74 2e 63 6f 6d 3e 3b 74 61 btsip.bt .com>;ta
0120 67 3d 30 30 38 32 2d 30 30 30 30 31 38 62 33 2d g=0082-0 00018b3-
0130 30 38 38 30 0d 0a 54 6f 3a 20 3c 73 69 70 3a 30 0880..To : <sip:0
0140 35 36 30 30 39 30 39 31 39 33 40 62 74 73 69 70 56009091 93@btsip
0150 2e 62 74 2e 63 6f 6d 3e 0d 0a 43 61 6c 6c 2d 49 .bt.com> ..Call-I
0160 44 3a 20 30 30 38 32 2d 30 30 30 30 31 38 62 33 D: 0082- 000018b3
0170 2d 30 38 38 30 34 36 66 37 38 63 35 39 2d 35 62 -088046f 78c59-5b
0180 32 37 2d 31 32 61 33 30 39 38 40 73 69 70 75 61 27-12a30 98@sipua
0190 0d 0a 43 53 65 71 3a 20 31 20 49 4e 56 49 54 45 ..CSeq: 1 INVITE
01a0 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 ..Conten t-Length
01b0 3a 20 30 0d 0a 0d 0a : 0....
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.