Wireshark-bugs: [Wireshark-bugs] [Bug 2125] DCE RPC fragments are reassembled wrongly
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2125
------- Comment #3 from yamisoe@xxxxxxxxx 2008-01-14 14:44 GMT -------
I've analyzed this bug for both SVN Rev 22276, and SVN Rev 24088, and the later
one is the latest version.
For SVN Rev 22276, dissect_read_andx_response() does not set fid properly, but
this has been fixed in latest version.
However, the real problem is we only use source ip, destination ip, and 'id' as
the fragment key for DCE RPC, which is , I think, not enough.
(See the tcpdump I uploaded)
Packet 187, 185, 193 are reassembled together, but packet 187's destination
port is 33630, while the other two's is 33626.
But I don't know if it is good to just modify reassemble.c :: struct
_fragment_key, or add one more fragment key definition. Therefore, I decide not
to give a patch here.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.