Wireshark-bugs: [Wireshark-bugs] [Bug 4062] T.125 MCS: connect-initial/response 4 bytes left to
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4062
Franck Guenichot <malphx@xxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |malphx@xxxxxxx
--- Comment #2 from Franck Guenichot <malphx@xxxxxxx> 2009-12-01 05:58:20 PST ---
It seems that these bytes should be in the userData field.
Here's an excerpt from MS-RDPBCGR specs:
The byte values in the example are: 04 82 01 33
"
04 82 01 33 -> Connect-Initial::userData (307 bytes)
The first byte (0x04) is the ASN.1 OctetString type. The length is
encoded using the BER definite long variant format. Hence, since the
most significant bit of the second byte (0x82) is set, the low seven
bits contain the number of length bytes, which means that the number
of length bytes is 2. Hence, 0x01 and 0x33 are length bytes, which
implies that the length is greater than 256 bytes and less than
65536 bytes, specifically 0x133 (307) bytes.
"
So, in the case of the attachment linked to this bug request:
The first packet's string is: 04 82 01 17 meaning:
279 bytes (0x117) of data following.
The second packet's bytes are : 04 82 01 1B
meaning 283 bytes of data following...
If you look at the announced length of the userData in Wireshark, you could see
that these value are correct meaning that the T.125 dissector make the job.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.