Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 2359] Failure to detect/open valid ERF files

Wireshark-bugs: [Wireshark-bugs] [Bug 2359] Failure to detect/open valid ERF files

Date: Thu, 13 Mar 2008 22:38:37 +0000 (GMT)

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2359





--- Comment #3 from Stephen Donnelly <stephen@xxxxxxxxxx>  2008-03-13 22:38:34 GMT ---
(In reply to comment #2)

Unfortunately no. The assumption that this was a valid heuristic for any ERF
record type was incorrect.

I agree it may be useful to have more tests, but I'm not sure what more we can
do. Perhaps test for a valid date-range in the timestamp (>1996) ?

Could also perhaps check that the timestamps to not increase by more than say
12 months between records?

The rlen field has a minimum valid value of 16, the size of the record header,
the maximum depends on the card but the format is valid up to 2^16-1.

The wlen field min/max values are network dependent, but any representable
values are valid for the format.

The same is true for the lctr field.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

References:
- [Wireshark-bugs] [Bug 2359] New: Failure to detect/open valid ERF files
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 2360] New: ISIS Display filter for LSP-ID and Hostname
Next by Date: [Wireshark-bugs] [Bug 2360] ISIS Display filter for LSP-ID and Hostname
Previous by thread: [Wireshark-bugs] [Bug 2359] Failure to detect/open valid ERF files
Next by thread: [Wireshark-bugs] [Bug 2359] Failure to detect/open valid ERF files
Index(es):
- Date
- Thread