Wireshark · Wireshark-dev: [Wireshark-dev] Invalid PDU length and TCP reassembly

Wireshark-dev: [Wireshark-dev] Invalid PDU length and TCP reassembly

From: "Abhik Sarkar" <sarkar.abhik@xxxxxxxxx>

Date: Sat, 22 Dec 2007 04:11:45 +0400

Hello All,

I am facing an issue with dissection of SMPP PDUs with invalid length
(though the matter might effect any other dissector which use TCP
reassembly too).

In my test, I send two PDUs in two different TCP frames each of length
40. However, the PDUs have their PDU length field incorrectly set to
41. With reassembly on in this case, the TCP dissector "steals" one
byte from the second frame for the dissection of the first SMPP PDU.
However, because the second PDU has now lost the first byte, it is no
longer recognized as a valid SMPP PDU and hence is not dissected.

With TCP reassembly turned off, the behaviour is that each frame is
dissected as an SMPP PDU, but as malformed PDUs.

Is this something to be expected, or can the behaviour be enchanced in
someway to improve the chances of the protocol dissector detecting
malformed packets?

Regards,
Abhik

Attachment: Invalid PDU length.pcap
Description: Binary data

Follow-Ups:
- Re: [Wireshark-dev] Invalid PDU length and TCP reassembly
  - From: Guy Harris

Prev by Date: [Wireshark-dev] Question on expert info
Next by Date: Re: [Wireshark-dev] Question on expert info
Previous by thread: Re: [Wireshark-dev] Question on expert info
Next by thread: Re: [Wireshark-dev] Invalid PDU length and TCP reassembly
Index(es):
- Date
- Thread