|Main Archive Page > Month Archives > wireshark-dev archives|
On Fri, Oct 1, 2010 at 2:18 PM, Sake Blok <firstname.lastname@example.org> wrote:
> On 1 okt 2010, at 19:53, Fulko Hew wrote:
> > Imagine my surprise when Wireshark failed to decode the
> > AgentX protocol inside some captured packets. It all
> > depends on where the packets originated from (which OS).
> > Attached are two capture sessions of AgentX traffic.
> > One decodes... Between a Linux box and a Linux box.
> > One doesn't... Between a Windows box and a Linux box.
> > I'm not sure what triggers the failure, but in one case
> > Wireshark successfully decodes the AgentX traffic inside
> > the TCP PDU and in the other case it doesn't. The top
> > protocol window (when it doesn't decode) also tags the
> > packets as '[TCP segment of a reassembled PDU]'
> The difference is that in the non-working example, there is a flag that
> indicates that multibyte values are in BigEndian representation and the
> agentX dissector does not seem to honor this. When it then sees "00 00 00
> 20" as length, it does not interpret this as 32 bytes, but as 536870912. So
> then it tries to read that many bytes to reassemble the PDU. Of course it
> fails at that.
> Could you please open a bug report at http://bugs.wireshark.org and attach
> the two tracefiles so that we don't lose track of it?
Done, bugzilla entry #5269 submitted.
Sent via: Wireshark-dev mailing list <email@example.com>