[Wireshark-bugs] [Bug 16772] EPL: timestamp format in error code list
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16772 christian.kr...@br-automation.com changed: What|Removed |Added Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15010] eapol malformed packets
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15010 Guy Harris changed: What|Removed |Added Resolution|--- |NOTOURBUG Status|CONFIRMED |RESOLVED -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15010] eapol malformed packets
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15010 --- Comment #16 from Jaap Keuter --- Then we might close this as notourbug. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15010] eapol malformed packets
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15010 --- Comment #15 from Guy Harris --- (In reply to Jaap Keuter from comment #14) > Guy, is there more to be done than waiting/hoping for the Npcap issues to be > fixed? Nope. Those may be hard to fix - and it's not clear whether Microsoft will continue to support the "Native 802.11" mechanism, or what it's called, upon which the monitor-mode capture depends. I think they've dropped support for it, so I don't know how well this works in Windows 10 or, if it currently works, whether it will continue to work. Wi-Fi driver writers for Windows didn't do a very good job of supporting monitor mode; see, for example: https://www.tamos.com/blog/index.php/2018/10/09/all-you-wanted-to-know-about-testing-wi-fi-adapters-but-were-afraid-to-ask/ so monitor mode captures on Windows are probably never going to be as good as one might like. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13207] enhancement : add 802.11ax Frame support in wireshark
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13207 --- Comment #32 from Richard Sharpe --- (In reply to Jaap Keuter from comment #31) > Hi Richard, I assume this is still pending...? I will try to add what I have this weekend. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15010] eapol malformed packets
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15010 --- Comment #14 from Jaap Keuter --- Guy, is there more to be done than waiting/hoping for the Npcap issues to be fixed? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16771] dicom object extraction: discrepancy between tshark and wireshark
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16771 --- Comment #2 from Chuck Craft --- pcap here: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16748 And resulting file names for tshark --export-objects: tshark 3.0.12 - 3_0_12/000453-1-C-STORE-RQ-DATA.dcm 3_0_12/000925-1-1.3.12.2.1107.5.1.7.123018.301812031602269280561.dcm 3_0_12/001393-1-1.3.12.2.1107.5.1.7.123018.301812031602269280562.dcm 3_0_12/001860-1-1.3.12.2.1107.5.1.7.123018.301812031602269280563.dcm 3_0_12/002328-1-1.3.12.2.1107.5.1.7.123018.301812031602269280564.dcm 3_0_12/002799-1-1.3.12.2.1107.5.1.7.123018.301812031602269280565.dcm 3_0_12/003267-1-1.3.12.2.1107.5.1.7.123018.301812031602269280566.dcm 3_0_12/003736-1-1.3.12.2.1107.5.1.7.123018.301812031602269280567.dcm filename = wmem_strdup_printf(wmem_packet_scope(), "%06d-%d-%s.dcm", pinfo->num, cnt_same_pkt, g_strcanon(pdv_curr->sop_instance_uid, G_CSET_A_2_Z G_CSET_a_2_z G_CSET_DIGITS "-.", '-')); tshark 3.2.6 3_2_6/000453-1-C-STORE-RQ-DATA.dcm 3_2_6/000925-1-CT-Image-Storage.dcm 3_2_6/001393-1-CT-Image-Storage.dcm 3_2_6/001860-1-CT-Image-Storage.dcm 3_2_6/002328-1-CT-Image-Storage.dcm 3_2_6/002799-1-CT-Image-Storage.dcm 3_2_6/003267-1-CT-Image-Storage.dcm 3_2_6/003736-1-CT-Image-Storage.dcm /* Make sure filename does not contain invalid character. Rather conservative.*/ filename = wmem_strdup_printf(wmem_packet_scope(), "%06d-%d-%s.dcm", pinfo->num, cnt_same_pkt, g_strcanon(pdv->desc, G_CSET_A_2_Z G_CSET_a_2_z G_CSET_DIGITS "-.", '-')); -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14659] NTP Analysis: Delta time between Client-Server
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14659 --- Comment #15 from Jaap Keuter --- With the original issue resolved, can we close this bug and move the field renaming question to a new issue? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14621] Make the selected packet in the packet list more clear.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14621 --- Comment #16 from Jaap Keuter --- What's the status of this bug? The last comment on the commit was: Paul Zander May 9, 2018 Patch Set 6: I will make it configurable. The default behaviour will be the previous settings, so nothing gets roken. Was this implemented? Which change was that? If so, this bug can be closed? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14609] Hang on load .pcapng file from directory with 10k files
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14609 --- Comment #9 from Jaap Keuter --- Jim, what's your current take on this issue? Is it still present, or can this no longer be reproduced with current versions of Wireshark? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14433] Support DNS Queries over HTTPS (DOH)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14433 --- Comment #6 from Jaap Keuter --- Peter, what is the status here? Can we close this, or is there still more work? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 14141] Crash (heap-use-after-free) after opening Service Response Time dialog
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14141 Jaap Keuter changed: What|Removed |Added Resolution|--- |FIXED Status|CONFIRMED |RESOLVED --- Comment #9 from Jaap Keuter --- Closing bug since the main issue has been resolved and this versions is EOL. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13906] RTP Player Format Error
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13906 Jaap Keuter changed: What|Removed |Added Resolution|--- |FIXED Status|CONFIRMED |RESOLVED --- Comment #19 from Jaap Keuter --- Closing this bug since this version is EOL. If this issue comes up on current versions please file a new bug report. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13540] Apply as Column should always add the new column to the left of the Info column, if it exists, or to the far right if it doesn't.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13540 --- Comment #17 from Christopher Maynard --- (In reply to Jaap Keuter from comment #16) > Pending the remaining issue of positioning the added column, is there the > intention of implementing this or should this bug be closed since the main > issues are resolved? If nobody else thinks it's worth changing the placement of new columns to the left of the Info column if there is one, or to the far right if there isn't, then feel free to close the bug. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13769] Wireless Timeline issues
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13769 --- Comment #14 from Jaap Keuter --- Again, what are we doing with this bug? Close this and open new issues later? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13766] Dissector for WSMP (IEEE 1609.3) not current
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13766 Jaap Keuter changed: What|Removed |Added Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #48 from Jaap Keuter --- The main work seems to have been completed. If there's follow up work in Wireshark to be done this can be filed as separate bugs. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16771] dicom object extraction: discrepancy between tshark and wireshark
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16771 Chuck Craft changed: What|Removed |Added CC||bubbas...@gmail.com --- Comment #1 from Chuck Craft --- tl;dr: header fields (and filename) for export are set from tags, if available. Prior to https://code.wireshark.org/review/#/c/31973/, tags were dissected and available before export. Wireshark makes a pass through the file to display fields before File->Export Objects->DICOM... epan/dissectors/packet-dcm.c: If the UIDs are not set, then copy in Wireshark boilerplate values --- dcm_export_create_object() if (pdv->is_storage && pdv_curr->sop_class_uid&& strlen(pdv_curr->sop_class_uid)>0 && pdv_curr->sop_instance_uid && strlen(pdv_curr->sop_instance_uid)>0) else { /* No SOP Instance or SOP Class UID found in PDV. Use wireshark ones */ 3.0.12 - packet-dcm.c: "UIDs" populated by dissect_dcm_pdv_body() before dcm_export_create_object() if (tree || have_tap_listener(dicom_eo_tap)) { /* The performance optimization now starts at tag level. During, tree can be NULL, but we need a few tags to be decoded, i.e Class & Instance UID, so the export dialog has all information and that the dicom header is complete */ offset += dissect_dcm_pdv_body(next_tvb, pinfo, tree, pdv, 0, next_tvb_length, pdv_description); } if (have_tap_listener(dicom_eo_tap)) { /* Copy pure DICOM data to buffer, no PDV flags */ pdv->data = wmem_alloc(wmem_packet_scope(), next_tvb_length); tvb_memcpy(next_tvb, pdv->data, 0, next_tvb_length); pdv->data_len = next_tvb_length; /* Copy to export buffer */ dcm_export_create_object(pinfo, assoc, pdv); } } Current - packet-dcm.c: dcm_export_create_object() called before dissect_dcm_tag() - if ((pdv_body_len > 0) && (pdv->is_last_fragment)) { /* At the last segment, merge all related previous PDVs and copy to export buffer */ dcm_export_create_object(pinfo, assoc, pdv); } } if (pdv->is_command || tree) { /* Performance optimization starts here. Don't put any COL_INFO related stuff in here */ if (pdv->syntax == DCM_UNK) { /* Eventually, we will have a syntax detector. Until then, don't decode */ proto_tree_add_bytes_format(tree, hf_dcm_data_tag, tvb, offset, pdv_body_len, NULL, "(%04x,%04x) %-8x Unparsed data", 0, 0, pdv_body_len); } else { gboolean is_first_tag = TRUE; /* Treat the left overs */ offset = dissect_dcm_tag_open(tvb, pinfo, tree, pdv, offset, endpos, _first_tag); /* Decode all tags, sequences and items in this PDV recursively */ while (offset < endpos) { offset = dissect_dcm_tag(tvb, pinfo, tree, pdv, offset, endpos, is_first_tag, _value, ); is_first_tag = FALSE; } } } -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13585] IO Graph entry line won't return to default focus after edit
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13585 Jaap Keuter changed: What|Removed |Added Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED --- Comment #8 from Jaap Keuter --- These versions are EOL, therefore closing the bug. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13540] Apply as Column should always add the new column to the left of the Info column, if it exists, or to the far right if it doesn't.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13540 --- Comment #16 from Jaap Keuter --- Pending the remaining issue of positioning the added column, is there the intention of implementing this or should this bug be closed since the main issues are resolved? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13213] RPC dissector doesn't match Replies to Calls with RPC-over-RDMA transports
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13213 Jaap Keuter changed: What|Removed |Added Resolution|--- |FIXED Status|INCOMPLETE |RESOLVED --- Comment #20 from Jaap Keuter --- With the primary issue resolved, closing this bug. If handling of missing CREQ is crucial this can be handled through a separate bug. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13207] enhancement : add 802.11ax Frame support in wireshark
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13207 --- Comment #31 from Jaap Keuter --- Hi Richard, I assume this is still pending...? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 13122] "Decode as" on a packet isn't working for DCERPC/SPOOLSS with the Qt frontend
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13122 Jaap Keuter changed: What|Removed |Added Resolution|--- |FIXED Status|CONFIRMED |RESOLVED -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16672] Buildbot crash output: fuzz-2020-07-01-11491.pcap
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672 Gerald Combs changed: What|Removed |Added See Also||http://cve.mitre.org/cgi-bi ||n/cvename.cgi?name=CVE-2020 ||-17498 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16773] tshark filtering with SCTP segmentation not working
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16773 --- Comment #4 from Amit --- (In reply to Anders Broman from comment #1) > That is an ancient version of Wireshark I think it will work on a more > recent version. Can you try? I double checked this. I mentioned the wrong tshark version in description and earlier comment. I tried this both on tshark version 3.2.3 and 3.2.5. I see this issue in latest tshark. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16773] tshark filtering with SCTP segmentation not working
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16773 --- Comment #3 from Amit --- (In reply to Amit from comment #2) > (In reply to Anders Broman from comment #1) > > That is an ancient version of Wireshark I think it will work on a more > > recent version. Can you try? > > Wireshark v3.2.3 release notes are dated April-2020. That does not seem like > too old. > Tshark v1.10.14 came with wireshark v3.2.3. > > Can you please clarify? Sorry I think this was wrong information. I am collecting the right one and sharing it in next comment. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16773] tshark filtering with SCTP segmentation not working
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16773 --- Comment #2 from Amit --- (In reply to Anders Broman from comment #1) > That is an ancient version of Wireshark I think it will work on a more > recent version. Can you try? Wireshark v3.2.3 release notes are dated April-2020. That does not seem like too old. Tshark v1.10.14 came with wireshark v3.2.3. Can you please clarify? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16772] EPL: timestamp format in error code list
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16772 --- Comment #2 from Gerrit Code Review --- Change 38142 merged by Anders Broman: EPL: modified timestamp format of errorcodelist https://code.wireshark.org/review/38142 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16773] tshark filtering with SCTP segmentation not working
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16773 --- Comment #1 from Anders Broman --- That is an ancient version of Wireshark I think it will work on a more recent version. Can you try? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16773] tshark filtering with SCTP segmentation not working
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16773 Amit changed: What|Removed |Added Priority|Low |High -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16773] New: tshark filtering with SCTP segmentation not working
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16773 Bug ID: 16773 Summary: tshark filtering with SCTP segmentation not working Product: Wireshark Version: 3.2.3 Hardware: x86 OS: Linux Status: UNCONFIRMED Severity: Critical Priority: Low Component: TShark Assignee: bugzilla-ad...@wireshark.org Reporter: msg2...@gmail.com Target Milestone: --- Created attachment 17939 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17939=edit pcapng file Build Information: TShark 1.10.14 (Git Rev Unknown from unknown) Copyright 1998-2015 Gerald Combs and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GLib 2.56.1, with libpcap, with libz 1.2.7, with POSIX capabilities (Linux), without libnl, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.1, without Python, with GnuTLS 3.3.29, with Gcrypt 1.5.3, with MIT Kerberos, without GeoIP. Running on Linux 3.10.0-1062.18.1.el7.x86_64, with locale en_US.UTF-8, with libpcap version 1.5.3, with libz 1.2.7. Intel(R) Xeon(R) CPU E5-2699A v4 @ 2.40GHz Built using gcc 4.8.5 20150623 (Red Hat 4.8.5-39). -- Hello all, I am facing an issue using tshark for SCTP segmented frames. I have SIP traffic coming over SCTP. SIP packet is segmented into 2 SCTP data chunks. I have it stored into a input.pcapng file. I use the following command to filter this: tshark -2 -Y 'sip.r-uri.host == "aa.a.com"' -o sctp.reassembly:TRUE -r input.pcapng -w output.pcapng Or tshark -2 -Y 'sip.r-uri.host == "aa.a.com"' -r input.pcapng -w output.pcapng But the output file contains only the SCTP segment in which the packet is reassembled. Problems: 1. Output file does not contain the correct frame containing segment which has matching filter. It shows the segment which did the reassembly. 2. It does not show both the segments in output file. Questions: What can be the reason and how can I resolve above problems? Note: I tried the same with IP fragmentation (I have a SIP packet fragmented into 2 IP fragments) and after SIP header based filtering, I see the both fragments are written to output file. So this seems to be working for IP fragmentation. I tried SIP with TCP segmentation and tshark filtering outputs all TCP segments corresponding to SIP packet. I also tried Diameter with TCP segmentation and tshark filtering outputs all TCP segments corresponding to that Diameter packet. Hence the above problem looks to be specific to SCTP segmentation. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16772] EPL: timestamp format in error code list
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16772 --- Comment #1 from Gerrit Code Review --- Change 38142 had a related patch set uploaded by Christian Krump: EPL: modified timestamp format of errorcodelist https://code.wireshark.org/review/38142 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 9069] HTTP dissector fail to display correct utf-16 XML
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9069 David Perry changed: What|Removed |Added Resolution|--- |FIXED Status|IN_PROGRESS |RESOLVED -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16772] New: EPL: timestamp format in error code list
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16772 Bug ID: 16772 Summary: EPL: timestamp format in error code list Product: Wireshark Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: Normal Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: christian.kr...@br-automation.com Target Milestone: --- Created attachment 17938 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17938=edit sample trace, with a SOC frame and an Asnd frame (with error code list) Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- The EPL ASnd frame could include an error code list, each error code entry includes a timestamp. The timestamp in the error code list is dissected as standard 64bit value. The timestamp value is referenced to the nettime which is transported inside the EPL SOC frame. This nettime in the SOC frame is dissected in a more readable format (Date, Time,...) Request: The timestamps of the error code entries (transported in the Asnd frame) should be dissected in the same way, as the nettime in the SOC frame. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16772] EPL: timestamp format in error code list
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16772 christian.kr...@br-automation.com changed: What|Removed |Added Ever confirmed|0 |1 Status|UNCONFIRMED |IN_PROGRESS -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16760] Installer is improperly forcibly terminating Windows Shell
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16760 --- Comment #2 from Anders Broman --- The strategy of abusing the people who offer their spare time to work on this project seems a bit contra productive if you want them to fix something in the code in my humble opinion. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 16771] New: dicom object extraction: discrepancy between tshark and wireshark
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16771 Bug ID: 16771 Summary: dicom object extraction: discrepancy between tshark and wireshark Product: Wireshark Version: 3.2.3 Hardware: x86 OS: Windows 10 Status: UNCONFIRMED Severity: Normal Priority: Low Component: TShark Assignee: bugzilla-ad...@wireshark.org Reporter: rosa.ri...@seppmed.de Target Milestone: --- Build Information: Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v". -- https://ask.wireshark.org/question/18322/dicom-object-extraction-discrepancy-between-tshark-and-wireshark/ -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 9069] HTTP dissector fail to display correct utf-16 XML
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9069 --- Comment #4 from Gerrit Code Review --- Change 38076 merged by Anders Broman: packet_xml: detect and handle UTF-16 BOM https://code.wireshark.org/review/38076 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe