wireshark-dev October 2010 archive
Main Archive Page > Month Archives  > wireshark-dev archives
wireshark-dev: Re: [Wireshark-dev] Wireshark or protocol bug? (H

Re: [Wireshark-dev] Wireshark or protocol bug? (HTTP MIME multipart)

From: Jaap Keuter <jaap.keuter_at_nospam>
Date: Mon Oct 25 2010 - 13:30:21 GMT
To: Developer support list for Wireshark <wireshark-dev@wireshark.org>


I see no problem here. It loads fine in Wireshark 1.4.1.

I do see, and which is a bug in Wireshark, is that it doesn't treat it
as multipart/mixed, as stated in RFC 2046, Section 5.1.3:

"multipart" subtypes that an implementation does not recognize
 must be
treated as being of subtype "mixed".


On Sun, 24 Oct 2010
12:08:18 +0200, Kaul wrote:

I'm trying to add dissection of Kerberos
encrypted HTTP sessions.
Mostly, it's OK (got the headers parsed
correctly, would file a BZ for this patch soon).
However, when I'm
trying to work with the body, which is a MIME multipart, it fails with
 The reason seems to be that it does not have the double
CRLF which is expected between headers and body of a MIME
imf_find_field_end() seems to fail to find additional CRLF - before
the binary data (which is actually a Kerberos blob) appears.

please find a small capture showing the problem - not sure who's fault
it is - or if it's fixable somehow in Wireshark.
See packet 8 (dissect
as HTTP please).



Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev