Wireshark-bugs: [Wireshark-bugs] [Bug 12882] New: TCP packets sometimes are incorrectly parsed a
Date: Mon, 12 Sep 2016 09:32:37 +0000
Bug ID 12882
Summary TCP packets sometimes are incorrectly parsed as TDS (or other corruptions)
Product Wireshark
Version 2.2.0
Hardware x86
OS Windows 10
Status UNCONFIRMED
Severity Major
Priority Low
Component Dissection engine (libwireshark)
Assignee bugzilla-admin@wireshark.org
Reporter uxorious@acon.dezign.dk

Created attachment 14908 [details]
1st packet shows incorrectly

Build Information:
Version 2.2.0 (v2.2.0-0-g5368c50 from master-2.2)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2.4, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 10, build 14393, with locale English_United
States.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based
on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with
Gcrypt 1.6.2, without AirPcap.
       Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz (with SSE4.2), with 8074MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Sometimes Wireshark will incorrectly parse TCP packets and show corrupt
packets, or TDS packets instead.

One file I had showed frame 8 as having TDS data in it.
If I exported only half the frames, it showed correctly.

I narrowed it down to just 3 packets from the original file (so the stream is
missing a ton between the 1st and the last 2 fames).

The first packet will display incorrectly.
Export the file without the other 2 packets, and all is well.


You are receiving this mail because:
  • You are watching all bug changes.