Wireshark-bugs: [Wireshark-bugs] [Bug 4062] T.125 MCS: connect-initial/response 4 bytes left to
Date Prev · Date Next · Thread Prev · Thread Next
Date: Tue, 1 Dec 2009 05:58:24 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4062

Franck Guenichot <malphx@xxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |malphx@xxxxxxx

--- Comment #2 from Franck Guenichot <malphx@xxxxxxx> 2009-12-01 05:58:20 PST ---
It seems that these bytes should be in the userData field.
Here's an excerpt from MS-RDPBCGR specs:
The byte values in the example are: 04 82 01 33
"
04 82 01 33 -> Connect-Initial::userData (307 bytes) 
The first byte (0x04) is the ASN.1 OctetString type. The length is  
encoded using the BER definite long variant format. Hence, since the  
most significant bit of the second byte (0x82) is set, the low seven  
bits contain the number of length bytes, which means that the number  
of length bytes is 2. Hence, 0x01 and 0x33 are length bytes, which  
implies that the length is greater than 256 bytes and less than  
65536 bytes, specifically 0x133 (307) bytes.  
"

So, in the case of the attachment linked to this bug request:
The first packet's string is: 04 82 01 17 meaning:
279 bytes (0x117) of data following. 

The second packet's bytes are : 04 82 01 1B
meaning 283 bytes of data following...

If you look at the announced length of the userData in Wireshark, you could see
that these value are correct meaning that the T.125 dissector make the job.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.