Bug#496768: wireshark: "Follow TCP stream" is not "Port numbers reused"-aware

Wed, 27 Aug 2008 03:24:40 -0700 

Package: wireshark
Version: 1.0.2-3
Severity: normal

"TCP Port numbers reused" happens every now and then, especially if
the capture is run over a longer time and the client OS does not use a
wide range of local ports.

Now I noticed that at least for HTTP the extremely useful "Follow TCP
stream" function ignores all data in the second TCP stream.  This
hides potentially interesting data.

How to repeat
-------------

Use the following Perl script that does two HTTP GET request using the
same local port number.  Insert a web server in the $host variable,
and capture the traffic.

-----------------------------------------------------------
#!/usr/bin/perl -w

use IO::Socket;

use strict;

my $host = 'a.web.server';

for my $i (1..2) {
    my $sock = new IO::Socket::INET (
        PeerAddr => $host,
        PeerPort => 80,
        Proto => 'tcp',
        LocalPort => 9999,
        ReuseAddr => 1,
    ) || die ("Cannot create socket: $!.\n");

    print $sock 
        "GET / HTTP/1.0\r\n" .
        "Host: $host\r\n" .
        "X-Round: $i\r\n" .
        "\r\n";
    while (defined (my $line = <$sock>)) {
        ;
    }
    undef $sock;
    last if ($i == 2);
    sleep (1);
}
exit 0;
-----------------------------------------------------------

Open the capture file in wireshark and select "Follow TCP stream".

Expected behaviour: wireshark shows both request/response pairs.

Seen behaviour: wireshark always only shows the first pair, identified
by the "X-Round: 1" header. Selecting a packet of the second pair
before doing the "Follow TCP stream" does not help.

-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wireshark depends on:
ii  libadns1              1.4-0.1            Asynchronous-capable DNS client li
ii  libatk1.0-0           1.22.0-1           The ATK accessibility toolkit
ii  libc6                 2.7-13             GNU C Library: Shared libraries
ii  libcairo2             1.6.4-6            The Cairo 2D vector graphics libra
ii  libcomerr2            1.41.0-3           common error description library
ii  libgcrypt11           1.4.1-1            LGPL Crypto library - runtime libr
ii  libglib2.0-0          2.16.4-2           The GLib library of C routines
ii  libgnutls26           2.4.1-1            the GNU TLS library - runtime libr
ii  libgtk2.0-0           2.12.11-3          The GTK+ graphical user interface 
ii  libkrb53              1.6.dfsg.4~beta1-3 MIT Kerberos runtime libraries
ii  libpango1.0-0         1.20.5-1           Layout and rendering of internatio
ii  libpcap0.8            0.9.8-5            system interface for user-level pa
ii  libpcre3              7.6-2.1            Perl 5 Compatible Regular Expressi
ii  libportaudio2         19+svn20071022-2   Portable audio I/O - shared librar
ii  wireshark-common      1.0.2-3            network traffic analyser (common f
ii  zlib1g                1:1.2.3.3.dfsg-12  compression library - runtime

Versions of packages wireshark recommends:
ii  gksu                          2.0.0-5    graphical frontend to su

wireshark suggests no packages.

-- no debconf information




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to