date:20200527

[Wireshark-bugs] [Bug 16575] Spanish localization and main menu tooltips don't work

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16575

--- Comment #8 from Guy Harris  ---
(In reply to Pulsedrivervstibby from comment #7)
> Tooltip don't work in all main menu only

OK, so the issue with main menu tooltips isn't that they're not translated,
it's that they *don't work at all* in *any* language.

Perhaps that's a Qt issue, but it's not part of *this* issue.

> in toolbar works ok.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16575] Spanish localization and main menu tooltips don't work

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16575

--- Comment #7 from Pulsedrivervstibby  ---
Tooltip don't work in all main menu only, in toolbar works ok.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16575] Spanish localization and main menu tooltips don't work

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16575

--- Comment #6 from Guy Harris  ---
(In reply to Pulsedrivervstibby from comment #5)
> for example, I you go to menu View -> Colorize Conversation -> New Coloring
> Rule..., if you put your cursor in this option must appear this text "Create
> a new coloring rule based on this field.".

If I hover over "New Coloring Rule..." in the menu, *no* such text pops up for
me, in *any* language.

This is on 10.15.5.

Do *any* menu tooltips work for you, in *any* language?  If not, that's a
*separate* issue.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16575] Spanish localization and main menu tooltips don't work

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16575

--- Comment #5 from Pulsedrivervstibby  ---
Hallo,

for example, I you go to menu View -> Colorize Conversation -> New Coloring
Rule..., if you put your cursor in this option must appear this text "Create a
new coloring rule based on this field.".

In file main_window.ui this string appears as tooltip of New Coloring Rule...
but this event don't work.

Greetings.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16255] support HE MCS to rate conversion

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16255

--- Comment #8 from Gerrit Code Review  ---
Change 37255 merged by Guy Harris:
ieee80211: Add datarate for 802.11AX packets

https://code.wireshark.org/review/37255

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16582] Missing null terminator of flag-list in dissector-tutorial

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16582

--- Comment #2 from Gerrit Code Review  ---
Change 37329 merged by Gerald Combs:
WSDG: Fix example

https://code.wireshark.org/review/37329

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16582] Missing null terminator of flag-list in dissector-tutorial

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16582

Gerald Combs  changed:

   What|Removed |Added

 Status|IN_PROGRESS |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16580] tshark / dumpcap: remoute capturing interraprion because of Invalid argument

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16580

--- Comment #1 from Guy Harris  ---
(In reply to Igor Tunakin from comment #0)
> Build Information:
> Packets: 2693294 dumpcap: An error occurred while writing to the file to
> which the capture was being saved
> ("Z:\demai10-H1_00010_20200525122929.pcap"): Invalid argument.
> Please report this to the Wireshark developers as a bug.
> https://bugs.wireshark.org/
> (This is not a crash; please do not say, in your report, that it is a crash.)
> Packets captured: 2693294
> Packets received/dropped on interface 'Ethernet0': 2693294/1
> (pcap:0/dumpcap:1/flushed:0/ps_ifdrop:0) (100.0%)
> --
> Hi,
> 
> I am tring to capture 802.11 traffic from two Cisco AP.
> Two Cisco Access Points (both have Dual Radio) configured to the Sniffer
> mode. Both AP are forwarding captureed packets over the  UDP port to the
> Server with the Wireschark.
> The Wireschark should receive packets and save tham into the network drive.
> I tested it with the Tshark and the Dumpcap. 
> I used commands:
> 
> tshark -i2 -s0 -f "udp port " -b filesize:10 -b files:1000 -w
> Z:\demai10-H1.pcap
> dumpcap -i2 -s0 -f "udp port " -b filesize:10 -b files:1000 -w
> Z:\demai10-H1.pcap
> 
> In both cases the sniffering was interrapted. First fault was after 6 hours
> and the last one after 3 hours.
> 
> In both cases I got the same error message:
> An error occurred while writing to the file to which the capture was being
> saved
> (): Invalid argument.

How large is the file?

What operating system, and what file server code, is the server on which the
network drive exists running?

Is it some version of Windows?  If so, what version?

Is it Mac OS X/OS X/macOS? If so, what version, and is it running the server
that comes with macOS (Samba in older versions, Apple's SMBX in newer
versions)?

Is it some other flavor of UN*X?  If so, is it running Samba or some other
server?  If it's Samba, what version of Samba is it?  If it's some other
server, what server is it, and what version of that server?

That all assumes SMB; if the network drive is being accessed by some protocol
*other* than SMB/SMB2/SMB3, what protocol is it?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16580] tshark / dumpcap: remoute capturing interraprion because of Invalid argument

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16580

Guy Harris  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |INCOMPLETE

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16575] Spanish localization and main menu tooltips don't work

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16575

--- Comment #4 from Guy Harris  ---
(In reply to Pulsedrivervstibby from comment #3)
> I see that in macOS the mainmenu tooltips still don't work in other languages.

To what main menu tooltips are you referring?  I don't get tooltips when I
hover over the main menu on my Mac.

Do you mean "the main menu *item names*"? If so, *that* works, at least in
French, with 3.2.4.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16586] MNC not displayed correctly in some places if length is 2 digits vs 3

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16586

Jaap Keuter  changed:

   What|Removed |Added

 Resolution|--- |NOTABUG
 Status|UNCONFIRMED |RESOLVED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16582] Missing null terminator of flag-list in dissector-tutorial

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16582

Jaap Keuter  changed:

   What|Removed |Added

 Status|UNCONFIRMED |IN_PROGRESS
 Ever confirmed|0   |1

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16582] Missing null terminator of flag-list in dissector-tutorial

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16582

--- Comment #1 from Gerrit Code Review  ---
Change 37329 had a related patch set uploaded by Jaap Keuter:
WSDG: Fix example

https://code.wireshark.org/review/37329

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16588] USB: setup transfers with data stage from host to device is dissected twice when captured on usbmon

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16588

Filipe Laíns  changed:

   What|Removed |Added

 CC||deso...@gmail.com,
   ||la...@archlinux.org

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16588] New: USB: setup transfers with data stage from host to device is dissected twice when captured on usbmon

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16588

Bug ID: 16588
   Summary: USB: setup transfers with data stage from host to
device is dissected twice when captured on usbmon
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: la...@archlinux.org
  Target Milestone: ---

Created attachment 17769
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17769&action=edit
mouse capture

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Tomasz said:
> with usbmon captures, usb setup transfers with data stage from host to device 
> is dissected twice, first by class dissector, then generic fallback

This was discovered when adding dissection for USB HID reports. One example is
packet 54 of the attached capture.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16255] support HE MCS to rate conversion

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16255

gl...@extremenetworks.com changed:

   What|Removed |Added

 Status|INCOMPLETE  |IN_PROGRESS
 CC||gl...@extremenetworks.com

--- Comment #7 from gl...@extremenetworks.com ---
In process of submitting a change to address this.  See
https://code.wireshark.org/review/37255

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16575] Spanish localization and main menu tooltips don't work

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16575

--- Comment #3 from Pulsedrivervstibby  ---
Hallo,

I have added the translated strings to the 3.2 branch, until the new update I
don't know if it will work, I see that in macOS the mainmenu tooltips still
don't work in other languages.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16585] Update OSCORE dissector to RFC8613

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16585

Mališa Vučinić  changed:

   What|Removed |Added

 Status|IN_PROGRESS |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16586] MNC not displayed correctly in some places if length is 2 digits vs 3

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16586

Pascal Quantin  changed:

   What|Removed |Added

 CC||pas...@wireshark.org

--- Comment #2 from Pascal Quantin  ---
As Uli explained, the PLMN info in the IMSI is either 5 or 6 digits long and
there is reliable no way to deduce it. the E.212 dissector applies a simple
heuristic where we do the matching against the known PLMN list (coming from the
ITU E.212 specification) and as you could expect the test PLMN 001 01 is not
registered in ITU. 
We could do something to handle this specific case, but it will break for any
other unknown PLMN so I'm not in favor of adding a specific treatment for the
test PLMN.
When the PLMN is not matching, maybe we could print it as 5 digits only instead
of 6 (as there are more 5 digits PLMNs than 6). But again this will be wrong
for other cases.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16585] Update OSCORE dissector to RFC8613

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16585

--- Comment #2 from Gerrit Code Review  ---
Change 37314 merged by Anders Broman:
oscore: Update to RFC8613.

https://code.wireshark.org/review/37314

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16496] HTTP2: headers are not dissected when earlier HEADERS frames are missing

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16496

--- Comment #8 from Gerrit Code Review  ---
Change 37278 merged by Anders Broman:
http2: workaround to fix headers dissection for partial captures

https://code.wireshark.org/review/37278

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16582] New: Missing null terminator of flag-list in dissector-tutorial

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16582

Bug ID: 16582
   Summary: Missing null terminator of flag-list in
dissector-tutorial
   Product: Web sites
   Version: N/A
  Hardware: x86
OS: Windows 10
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Main site - www.wireshark.org
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: dmart...@dmartini.de
  Target Milestone: ---

Build Information:
not useful here
--
The tutorial under the following link is incomplete:
https://www.wireshark.org/docs/wsdg_html_chunked/ChDissectAdd.html


Please add the Null Terminator in the second "Flag list"

# Recent Version of the tutorial #  


Adding Flags to the protocol. 

static int
dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data
_U_)
{
...
...
static const int* bits[] = {
&hf_foo_startflag,
&hf_foo_endflag,
&hf_foo_priorityflag
};

 Change into: #

dissect_foo(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data
_U_)
{
...
...
static const int* bits[] = {
&hf_foo_startflag,
&hf_foo_endflag,
&hf_foo_priorityflag,
NULL
};

It costed me 4 hours to find this little missing ,null.
And it would be super useful if the complete file of packet-foo.c would be
uploaded at the end of this page. 

Thank you!

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 11840] Qt version of Wireshark doesn't have the edit packet option

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11840

Balling  changed:

   What|Removed |Added

 CC||valery.zapo...@gmail.com

--- Comment #3 from Balling  ---
Why do we have gui.packet_editor.enabled then?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16583] New: Incorrect description of Keep-alive conditions in documentation.

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16583

Bug ID: 16583
   Summary: Incorrect description of Keep-alive conditions in
documentation.
   Product: Wireshark
   Version: 3.2.3
  Hardware: x86-64
OS: Linux
Status: UNCONFIRMED
  Severity: Trivial
  Priority: Low
 Component: Documentation
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: gori...@gmail.com
  Target Milestone: ---

Build Information:
Version 3.2.3 (Git v3.2.3 packaged as 3.2.3-1) 
Copyright 1998-2020 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later
 This is free software; see the
source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (64-bit) with Qt 5.12.5, with libpcap, with POSIX capabilities
(Linux), with libnl 3, with GLib 2.64.2, with zlib 1.2.11, with SMI 0.4.8, with
c-ares 1.16.0, with Lua 5.2.4, with GnuTLS 3.6.13 and PKCS #11 support, with
Gcrypt 1.8.5, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.40.0,
with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.10, with
QtMultimedia, without automatic updates, with SpeexDSP (using system library),
with SBC, with SpanDSP, without bcg729. 
Running on Linux 5.6.0-1-amd64, with Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
(with SSE4.2), with 32056 MB of physical memory, with locale en_US.UTF-8, with
light display mode, without HiDPI, with libpcap version 1.9.1 (with
TPACKET_V3), with GnuTLS 3.6.13, with Gcrypt 1.8.5, with brotli 1.0.7, with
zlib 1.2.11, binary plugins supported (18 loaded). Built using gcc 9.3.0. 
Wireshark is Open Source Software released under the GNU General Public
License. 
Check the man page and https://www.wireshark.org for more information. 
--
Description of TCP Keep-Alive in documentation states that "any of SYN, FIN, or
RST are set":

TCP Keep-Alive
Set when the segment size is zero or one, the current sequence number is one
byte less than the next expected sequence number, and any of SYN, FIN, or RST
are set.
Supersedes “Fast Retransmission”, “Out-Of-Order”, “Spurious Retransmission”,
and “Retransmission”.
source: https://www.wireshark.org/docs/wsug_html_chunked/ChAdvTCPAnalysis.html


Source code shows that condition is "(flags&(TH_SYN|TH_FIN|TH_RST))==0 )" so
SYN, FIN or RST are NOT set:

1972 /* KEEP ALIVE
1973  * a keepalive contains 0 or 1 bytes of data and starts one byte prior
1974  * to what should be the next sequence number.
1975  * SYN/FIN/RST segments are never keepalives
1976  */
1977 if( (seglen==0||seglen==1)
1978 &&  seq==(tcpd->fwd->tcp_analyze_seq_info->nextseq-1)
1979 &&  (flags&(TH_SYN|TH_FIN|TH_RST))==0 ) {
1980 if(!tcpd->ta) {
1981 tcp_analyze_get_acked_struct(pinfo->num, seq, ack, TRUE,
tcpd);
1982 }
1983 tcpd->ta->flags|=TCP_A_KEEP_ALIVE;
1984 }

source:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=epan/dissectors/packet-tcp.c;h=a11e6d0c629c229f344af32029d26fc6cef1b546;hb=HEAD

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16559] Add expert info for ignored TCP Fast Open data

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16559

Peter Wu  changed:

   What|Removed |Added

 Status|IN_PROGRESS |RESOLVED
 Resolution|--- |FIXED

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16580] New: tshark / dumpcap: remoute capturing interraprion because of Invalid argument

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16580

Bug ID: 16580
   Summary: tshark / dumpcap: remoute capturing interraprion
because of Invalid argument
   Product: Wireshark
   Version: 3.2.4
  Hardware: x86-64
OS: Windows Server 2016
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dumpcap
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: t.i...@ymail.com
  Target Milestone: ---

Build Information:
Packets: 2693294 dumpcap: An error occurred while writing to the file to which
the capture was being saved
("Z:\demai10-H1_00010_20200525122929.pcap"): Invalid argument.
Please report this to the Wireshark developers as a bug.
https://bugs.wireshark.org/
(This is not a crash; please do not say, in your report, that it is a crash.)
Packets captured: 2693294
Packets received/dropped on interface 'Ethernet0': 2693294/1
(pcap:0/dumpcap:1/flushed:0/ps_ifdrop:0) (100.0%)
--
Hi,

I am tring to capture 802.11 traffic from two Cisco AP.
Two Cisco Access Points (both have Dual Radio) configured to the Sniffer mode.
Both AP are forwarding captureed packets over the  UDP port to the Server
with the Wireschark.
The Wireschark should receive packets and save tham into the network drive.
I tested it with the Tshark and the Dumpcap. 
I used commands:

tshark -i2 -s0 -f "udp port " -b filesize:10 -b files:1000 -w
Z:\demai10-H1.pcap
dumpcap -i2 -s0 -f "udp port " -b filesize:10 -b files:1000 -w
Z:\demai10-H1.pcap

In both cases the sniffering was interrapted. First fault was after 6 hours and
the last one after 3 hours.

In both cases I got the same error message:
An error occurred while writing to the file to which the capture was being
saved
(): Invalid argument.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16586] New: MNC not displayed correctly in in some places if length is 2 digits vs 3

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16586

Bug ID: 16586
   Summary: MNC not displayed correctly in in some places if
length is 2 digits vs 3
   Product: Wireshark
   Version: unspecified
  Hardware: x86
OS: Windows 10
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: mike.olive...@gmail.com
  Target Milestone: ---

Created attachment 17768
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17768&action=edit
sample capture file

Build Information:
Version 3.2.4 (v3.2.4-0-g893b5a5e1e3e) 
Copyright 1998-2020 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later
 This is free software; see the
source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (64-bit) with Qt 5.12.8, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic
updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled
resampler), with SBC, with SpanDSP, with bcg729. 
Running on 64-bit Windows 10 (1909), build 18363, with Intel(R) Core(TM)
i5-8400H CPU @ 2.50GHz (with SSE4.2), with 16174 MB of physical memory, with
locale English_United States.1252, with light display mode, without HiDPI, with
Npcap version 0.9991, based on libpcap version 1.9.1, with GnuTLS 3.6.3, with
Gcrypt 1.8.3, with brotli 1.0.2, without AirPcap, binary plugins supported (19
loaded). Built using Microsoft Visual Studio 2019 (VC++ 14.25, build 28614). 

--
When decoding an LTE call from a wireless handset, IMSI consists of the
MCC+MNC_MSIN. The MNC can either be 2 or three digits. In my case the MCC is
001 and the MNC is 01, however wireshark is displaying the MCC incorrectly as
011 (where the last 1 is part of the MSIN). 

Note in packet 8 that the MNC is decoded incorrectly under AVP: User-Name(1)
however appears to be correctly decoded under AVP: Visited-PLMN-Id(1407)

  AVP: User-Name(1) l=22 f=-M- val=00101123456701
AVP Code: 1 User-Name
AVP Flags: 0x40, Mandatory: Set
AVP Length: 22
User-Name: 00101123456701
IMSI: 00101123456701
[Association IMSI: 00101123456701]
Mobile Country Code (MCC): Unknown (1)
Mobile Network Code (MNC): Unknown1 (011)
Padding: 
AVP: RAT-Type(1032) l=16 f=VM- vnd=TGPP val=EUTRAN (1004)
AVP: ULR-Flags(1405) l=16 f=VM- vnd=TGPP val=18
AVP: Visited-PLMN-Id(1407) l=15 f=VM- vnd=TGPP val=MCC 1 , MNC 01 
AVP Code: 1407 Visited-PLMN-Id
AVP Flags: 0xc0, Vendor-Specific: Set, Mandatory: Set
AVP Length: 15
AVP Vendor Id: 3GPP (10415)
Visited-PLMN-Id: 00f110
Mobile Country Code (MCC): Unknown (1)
Mobile Network Code (MNC): Unknown (01)

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16584] New: The "isakmp.spi" filter doesn't work

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16584

Bug ID: 16584
   Summary: The "isakmp.spi" filter doesn't work
   Product: Wireshark
   Version: 3.2.4
  Hardware: x86
OS: macOS 10.15
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: xn212...@163.com
  Target Milestone: ---

Created attachment 17766
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17766&action=edit
The pacp file for testing and verifying.

Build Information:
Version 3.2.4 (v3.2.4-0-g893b5a5e1e3e) 
Copyright 1998-2020 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later
 This is free software; see the
source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (64-bit) with Qt 5.12.6, with libpcap, without POSIX capabilities,
with GLib 2.37.6, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with
Lua 5.2.4, with GnuTLS 3.4.17, with Gcrypt 1.8.5, with MIT Kerberos, with
MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic
updates using Sparkle, with SpeexDSP (using system library), with SBC, with
SpanDSP, with bcg729. 
Running on Mac OS X 10.15.4, build 19E287 (Darwin 19.4.0), with Intel(R)
Core(TM) i5-8279U CPU @ 2.40GHz (with SSE4.2), with 16384 MB of physical
memory, with locale C/UTF-8/C/C/C/C, with dark display mode, with HiDPI, with
libpcap version 1.9.1, with GnuTLS 3.4.17, with Gcrypt 1.8.5, with brotli
1.0.7, with zlib 1.2.11, binary plugins supported (19 loaded). Built using
clang 4.2.1 Compatible Apple LLVM 11.0.0 (clang-1100.0.33.16). 
Wireshark is Open Source Software released under the GNU General Public
License. 
Check the man page and https://www.wireshark.org for more information. 
--
For the attached pcap file, using "isakmp.ispi == 86:43:30:ac:30:e6:56:4d" as
filter can get wanted packet, but using "isakmp.spi ==
86:43:30:ac:30:e6:56:4d", nothing is obtained. I misunderstood "isakmp.spi"
meaning? Thanks very much in advance!

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16335] PVS-Studio analyser long list of issues

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16335

--- Comment #89 from Balling  ---
https://github.com/wireshark/wireshark/blob/f94fed601098aaa93cfd1c49574a3ac37e006c7a/epan/dissectors/packet-btbredr_rf.c#L489
Here you can delete payload_and_transport == (TRANSPORT_ACL | PAYLOAD_EDR_3) as
its place only on line 477
https://github.com/wireshark/wireshark/blob/f94fed601098aaa93cfd1c49574a3ac37e006c7a/epan/dissectors/packet-bthci_vendor.c#L2352
Why is this the same as on line 2427?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16443] CIP dissector for DLR & TCP/IP Interface, new attributes not decoded

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16443

--- Comment #4 from Alfredo_Quintero  ---
Just downloaded latest Wireshark version 3.2.4 and confirmed that the issue
with the TCP/IP object Status attribute that I reported at the start of this
thread has not been added to this version. Will test again whenever a new
release is out and will report back here.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16496] HTTP2: headers are not dissected when earlier HEADERS frames are missing

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16496

Peter Wu  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|CONFIRMED   |RESOLVED

--- Comment #9 from Peter Wu  ---
Fixed in v3.3.0rc0-1265-g06f06eec3c

Let me know if you have any other partial captures where the workaround does
not help and I can try to tweak it. A deep analysis of reasons why nghttp2
might fail can be found in
https://github.com/nghttp2/nghttp2/issues/1389#issuecomment-632454387

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16585] Update OSCORE dissector to RFC8613

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16585

--- Comment #1 from Gerrit Code Review  ---
Change 37314 had a related patch set uploaded by Mališa Vučinić:
oscore: Update to RFC8613.

https://code.wireshark.org/review/37314

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16334] ICMP: No response if ICMP reply packet has an ICMP checksum of 0x0000

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16334

Balling  changed:

   What|Removed |Added

 Resolution|FIXED   |REMIND
 Status|RESOLVED|VERIFIED
 CC||valery.zapo...@gmail.com

--- Comment #20 from Balling  ---
Dunno, it is still saying that checksum 0x is correct, even though
https://tools.ietf.org/html/rfc1624 outright says that "the checksum field can
never contain ~(+0), which is -0 (0x). It can, however, contain ~(-0),
which is +0 (0x)". Lets apply 
2) For now*, add the following immediately after reading the checksum from the
reply packet:

if (conv_key[0] == 0x) {
conv_key[0] = 0;
}

*If Wireshark is later changed so that it indicates a checksum of 0x is
invalid as I mentioned in comment 9, then this could be removed since the
packet is essentially malformed if it carries this invalid checksum of 0x.

Though should it still consider that packet for response?

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16335] PVS-Studio analyser long list of issues

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16335

--- Comment #91 from Balling  ---
In the first case it is else if, so it will never happen, in the second, okay,
well, I do not know you API ;(

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16443] CIP dissector for DLR & TCP/IP Interface, new attributes not decoded

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16443

--- Comment #5 from Dylan  ---
It will be in Wireshark 3.4.

Until it's released, you can try the latest version in this folder
(https://www.wireshark.org/download/automated/win64/?C=M;O=D), that starts with
"Wireshark-win64-3.3.0". (Assuming you're on Windows)

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16586] MNC not displayed correctly in some places if length is 2 digits vs 3

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16586

Mike Oliveras  changed:

   What|Removed |Added

Summary|MNC not displayed correctly |MNC not displayed correctly
   |in in some places if|in some places if  length
   |length is 2 digits vs 3 |is 2 digits vs 3

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16335] PVS-Studio analyser long list of issues

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16335

--- Comment #92 from Martin Mathieson  ---
(In reply to Balling from comment #91)
> In the first case it is else if, so it will never happen, in the second,
> okay, well, I do not know you API ;(

I am not motivated to change the first one.

For the 2nd, it has more to do with the protocol than the API.  Both cases
involve a single status field, but I understand why they were duplicated rather
than combined - doesn't mean its a bug.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16587] New: Typing after Display Filter Macro crashes gui

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16587

Bug ID: 16587
   Summary: Typing after Display Filter Macro crashes gui
   Product: Wireshark
   Version: 3.2.4
  Hardware: x86
OS: Windows 10
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Qt UI
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: bubbas...@gmail.com
  Target Milestone: ---

Build Information:
3.2.4 (v3.2.4-0-g893b5a5e1e3e)

Compiled (64-bit) with Qt 5.12.8, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic
updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled
resampler), with SBC, with SpanDSP, with bcg729.

Running on 64-bit Windows 10 (1903), build 18362, with Intel(R) Core(TM)
i5-4300U CPU @ 1.90GHz (with SSE4.2), with 12193 MB of physical memory, with
locale English_United States.1252, with light display mode, without HiDPI, with
Npcap version 0.9988, based on libpcap version 1.9.1, with GnuTLS 3.6.3, with
Gcrypt 1.8.3, with brotli 1.0.2, without AirPcap, binary plugins supported (19
loaded).

Built using Microsoft Visual Studio 2019 (VC++ 14.25, build 28614).

--
No capture required to recreate.
Can you macro in User's Guide
(https://www.wireshark.org/docs/wsug_html_chunked/ChDisplayFilterMacrosSection.html
or shorter macro to test.


Text before macro is accepted:

ip and ${tcp_conv:10.1.1.2;10.1.1.3;1200;1400}

Typing after macro crashes gui:

${tcp_conv:10.1.1.2;10.1.1.3;1200;1400} "any text"

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16559] Add expert info for ignored TCP Fast Open data

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16559

--- Comment #2 from Gerrit Code Review  ---
Change 37161 merged by Peter Wu:
TCP: Add expert info for ignored TCP Fast Open data

https://code.wireshark.org/review/37161

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16335] PVS-Studio analyser long list of issues

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16335

--- Comment #90 from Martin Mathieson  ---
(In reply to Balling from comment #89)
> https://github.com/wireshark/wireshark/blob/
> f94fed601098aaa93cfd1c49574a3ac37e006c7a/epan/dissectors/packet-btbredr_rf.
> c#L489
> Here you can delete payload_and_transport == (TRANSPORT_ACL | PAYLOAD_EDR_3)
> as its place only on line 477

It could be missed out, but I'm not sure it makes it more readable (vs whatever
standard describes the format).  There are no documentation links from the
dissector, I think
https://github.com/greatscottgadgets/ubertooth/wiki/Bluetooth-Captures-in-PCAP#BREDR
may be the most relevant. I might want to add the documentation link to the
file, but I find this code isn't that easy to line up with the wiki page, so I
don't really want to change it. Some comments there could go a long way.

> https://github.com/wireshark/wireshark/blob/
> f94fed601098aaa93cfd1c49574a3ac37e006c7a/epan/dissectors/packet-bthci_vendor.
> c#L2352
> Why is this the same as on line 2427?

I guess both/several/all 'complete' messages have the same status field.  They
could have been combined under the same case handling, but the author obviously
prefers to list all of the event codes in numerical order - their choice.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16585] Update OSCORE dissector to RFC8613

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16585

Mališa Vučinić  changed:

   What|Removed |Added

 Status|UNCONFIRMED |IN_PROGRESS
 Ever confirmed|0   |1

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16578] Editcap time adjustment doesn't work when both infile and outfile are ERF

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16578

Phan Duc Nhat Minh  changed:

   What|Removed |Added

 Status|UNCONFIRMED |CONFIRMED
 Ever confirmed|0   |1

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16586] MNC not displayed correctly in some places if length is 2 digits vs 3

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16586

Uli Heilmeier  changed:

   What|Removed |Added

 CC||u...@heilmeier.eu

--- Comment #1 from Uli Heilmeier  ---
As far as I see it the length (2 or 3 bytes) of MNC depends on the MCC (s.
https://www.itu.int/rec/T-REC-E.212). As the MCC (001) is unknown in your
sample capture, the length of MNC is unknown too.

https://www.numberingplans.com/ lists your IMSI also as invalid.

The MNC is decoded as 2 bytes for Visited-PLNM-Id as the "starting" value is
different (IMSI vs. Vistited-PLMN-Id).

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16585] New: Update OSCORE dissector to RFC8613

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16585

Bug ID: 16585
   Summary: Update OSCORE dissector to RFC8613
   Product: Wireshark
   Version: Git
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Enhancement
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: malis...@gmail.com
  Target Milestone: ---

Created attachment 17767
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17767&action=edit
aiocoap plugtest dump

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
The implemented version of the OSCORE dissector is compliant with
draft-ietf-core-object-security-07. In the meantime, RFC8613 has been
published. This issue aims at updating the code base of the OSCORE dissector to
RFC8613.

A dump of RFC8613-compliant implementation is attached. The test spec is
available at: https://ericssonresearch.github.io/OSCOAP/test-spec5.html

OSCORE security contexts used by the test spec are given below:
"","01","0102030405060708090a0b0c0d0e0f10","9e7ca92223786340","37cbf3210017a2d3","AES-CCM-16-64-128
(CCM*)"
"","01","0102030405060708090a0b0c0d0e0f10","9e7ca92223786340","","AES-CCM-16-64-128
(CCM*)"

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16584] The "isakmp.spi" filter doesn't work

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16584

Uli Heilmeier  changed:

   What|Removed |Added

 CC||u...@heilmeier.eu
 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |NOTABUG

--- Comment #1 from Uli Heilmeier  ---
isakmp.spi lists the SPI of a ISKMP proposal payload (see
ishttps://tools.ietf.org/html/rfc2408#section-3.5).
Your attached capture file does not include any proposal payload. Therefore,
there is no packet when filtering for isakmp.spi.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16467] Documentation - ${parameter} overloading of Display Filter Macro syntax

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16467

Chuck Craft  changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution|--- |FIXED

--- Comment #1 from Chuck Craft  ---
Documentation added to wiki: https://wiki.wireshark.org/DFilterMacro

Potentially added to User's Guide: https://code.wireshark.org/review/37271

-

History of the feature:
https://www.wireshark.org/lists/wireshark-dev/200707/msg00314.html

Code commit:
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9865b6346f6442bc8326cde55e5f012250748131

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16581] New: Wireshark User guide and developer guide PDFs do not have table of contents

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16581

Bug ID: 16581
   Summary: Wireshark User guide and developer guide PDFs do not
have table of contents
   Product: Wireshark
   Version: Git
  Hardware: All
OS: All
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Documentation
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: m...@moshekaplan.com
  Target Milestone: ---

Build Information:
N/A
--
Both the Wireshark User Guide and Wireshark Developer Guide do not have a table
of contents at the top of the PDF:

https://www.wireshark.org/download/docs/user-guide.pdf

https://www.wireshark.org/download/docs/developer-guide.pdf

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16579] IEEE 802.11: Support entering and decrypting using TK

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16579

Mikael Kanstrup  changed:

   What|Removed |Added

 Ever confirmed|0   |1
 Status|UNCONFIRMED |IN_PROGRESS

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16571] Wireshark on Fedora segfaults on startup

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16571

--- Comment #7 from Michal Ruprich  ---
Resolved in Fedroa with the latest adwaita-qt package. Feel free to close this
bug.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16579] New: IEEE 802.11: Support entering and decrypting using TK

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16579

Bug ID: 16579
   Summary: IEEE 802.11: Support entering and decrypting using TK
   Product: Wireshark
   Version: Git
  Hardware: x86
OS: Linux
Status: UNCONFIRMED
  Severity: Enhancement
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: mikael.kanst...@gmail.com
  Target Milestone: ---

Build Information:
Wireshark 3.3.0 (v3.3.0rc0-1254-gd34a806e86bc)

Copyright 1998-2020 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.9.5, with libpcap, without POSIX capabilities, with
libnl 3, with GLib 2.56.4, with zlib 1.2.11, without SMI, with c-ares 1.14.0,
with Lua 5.2.4, with GnuTLS 3.5.18 and PKCS #11 support, with Gcrypt 1.8.1,
without Kerberos, without MaxMind DB resolver, without nghttp2, without brotli,
without LZ4, without Zstandard, without Snappy, with libxml2 2.9.4, with
QtMultimedia, without automatic updates, with SpeexDSP (using bundled
resampler).

Running on Linux 5.4.23-050423-generic, with Intel(R) Xeon(R) W-2135 CPU @
3.70GHz (with SSE4.2), with 64047 MB of physical memory, with locale
en_US.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.5.18, with Gcrypt 1.8.1,
with zlib 1.2.11, binary plugins supported (0 loaded).

--
Wireshark currently derive session keys (TK/GTK) from user entered
PSK/PMK/passphrase and the 4-way handshake that happens on association.

These session keys are then used to decrypt encrypted IEEE 802.11 frames.

For Wireshark to successfully decrypt frames it both has to support the key
derivation scheme and need a packet capture containing the 4-way handshake
messages.

To support decrypting additional captures, including captures that contain IEEE
802.11r / Fast BSS transition and captures where 4-way handshake messages are
missing this bug requests adding support to directly enter the session keys
(TKs) and use these for decryption.

Refer to the question on the dev mailing list about decrypting 802.11r
captures: https://www.wireshark.org/lists/wireshark-dev/202005/msg00048.html

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16578] Editcap time adjustment doesn't work when both infile and outfile are ERF

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16578

--- Comment #1 from Gerrit Code Review  ---
Change 37301 had a related patch set uploaded by Phan Duc Nhat Minh:
editcap: fix time adjustment for ERF

https://code.wireshark.org/review/37301

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16577] Google

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16577

Great  changed:

   What|Removed |Added

   Assignee|bugzilla-ad...@wireshark.or |serge...@gmail.com
   |g   |
 CC||serge...@gmail.com

--- Comment #1 from Great  ---
Created attachment 17765
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17765&action=edit
Goo

sshusername@hostname

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16577] Google

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16577

--- Comment #2 from Great  ---
Comment on attachment 17765
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17765
Goo

Hd

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16578] New: Editcap time adjustment doesn't work when both infile and outfile are ERF

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16578

Bug ID: 16578
   Summary: Editcap time adjustment doesn't work when both infile
and outfile are ERF
   Product: Wireshark
   Version: 3.2.3
  Hardware: x86
OS: Ubuntu
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Extras
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: phanducnhatm...@gmail.com
  Target Milestone: ---

Build Information:
Wireshark 3.2.3 (Git v3.2.3 packaged as 3.2.3-1)

Copyright 1998-2020 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.12.8, with libpcap, with POSIX capabilities
(Linux),
with libnl 3, with GLib 2.64.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.15.0, with Lua 5.2.4, with GnuTLS 3.6.13 and PKCS #11 support, with Gcrypt
1.8.5, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.40.0, with
brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.10, with
QtMultimedia, without automatic updates, with SpeexDSP (using system library),
with SBC, with SpanDSP, without bcg729.

Running on Linux 4.19.84-microsoft-standard, with Intel(R) Core(TM) i5-8250U
CPU
@ 1.60GHz (with SSE4.2), with 6237 MB of physical memory, with locale C.UTF-8,
with libpcap version 1.9.1 (with TPACKET_V3), with GnuTLS 3.6.13, with Gcrypt
1.8.5, with brotli 1.0.7, with zlib 1.2.11, binary plugins supported (0
loaded).

Built using gcc 9.3.0.
--
Editcap time adjustment doesn't work when both infile and outfile are ERF.

The erf_dump function in erf.c keeps the header intact and ignores the adjusted
time.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15548] Error while capturing packets: Cannot start capture: local capture already running

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15548

Great  changed:

   What|Removed |Added

 CC||serge...@gmail.com

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 16577] New: Google

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16577

Bug ID: 16577
   Summary: Google
   Product: Web sites
   Version: N/A
  Hardware: ARM
OS: Mac OS X 10.3
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Automated builds - buildbot.wireshark.org
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: serge...@gmail.com
  Target Milestone: ---

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14677] Not all packets could be written to file during google update on android emulator

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14677

Great  changed:

   What|Removed |Added

 CC||serge...@gmail.com

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 15219] UNISTIM dissector - Display Data Write - incorrect address data size for Line / Soft Label Key

2020-05-27 Thread bugzilla-daemon

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15219

--- Comment #5 from Gerrit Code Review  ---
Change 37190 merged by Anders Broman:
UNISTIM: Refactor display address/control/tag handling

https://code.wireshark.org/review/37190

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

58 matches

Mail list logo