Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 5462] New: NDMP dissector not handling fragment header in one frame and rest o

Wireshark-bugs: [Wireshark-bugs] [Bug 5462] New: NDMP dissector not handling fragment header in

Date: Thu, 2 Dec 2010 08:16:49 -0800 (PST)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5462

           Summary: NDMP dissector not handling fragment header in one
                    frame and rest of NDMP PDU in the next packet
           Product: Wireshark
           Version: 1.4.1
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: fschorr@xxxxxxxxxxx


Created an attachment (id=5564)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5564)
Capture showing the reported problem

Build Information:
Version 1.4.2 (SVN Rev 34959 from /trunk-1.4)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.16.6, with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Nov
18 2010), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

--
We've run into an application that puts just the Fragment header in one frame
and the NDMP header and the rest of the NDMP PDU in another frame.

In the attached capture frame 3 just has the NDMP Fragment header 0x80000034. 
Wireshark does not decode this Fragment header at all.

In frame 5 (the next frame from the DMA), Wireshark mis-dissects the actually
Sequence field of the NDMP header as the Fragment header which leads to the
NDMP request from this DMA to be mis-dissected.

Fragment header: 3466 bytes
     0... .... .... .... .... .... .... .... = Last Fragment: No
     .000 0000 0000 0000 0000 1101 1000 1010 = Fragment Length: 3466
NDMP fragment data (3466 bytes)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Wireshark-bugs] [Bug 5462] NDMP dissector not handling fragment header in one frame and rest of NDMP PDU in the next packet
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 5462] NDMP dissector not handling fragment header in one frame and rest of NDMP PDU in the next packet
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 5462] NDMP dissector not handling fragment header in one frame and rest of NDMP PDU in the next packet
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 5433] Add FT_EUI64 Field Type
Next by Date: [Wireshark-bugs] [Bug 4097] Kerberos dissected as STUN2
Previous by thread: [Wireshark-bugs] [Bug 5433] Add FT_EUI64 Field Type
Next by thread: [Wireshark-bugs] [Bug 5462] NDMP dissector not handling fragment header in one frame and rest of NDMP PDU in the next packet
Index(es):
- Date
- Thread