[Wireshark-bugs] [Bug 14262] SOCKS pseudo header displays incorrect Version value

2017-12-08 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14262

Uli Heilmeier  changed:

   What|Removed |Added

   Hardware|x86-64  |All
 OS|Linux   |All

--- Comment #2 from Uli Heilmeier  ---
Bug exists in master, master-2.4 and master-2.2

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14262] SOCKS pseudo header displays incorrect Version value

2017-12-08 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14262

--- Comment #1 from Gerrit Code Review  ---
Change 24741 had a related patch set uploaded by Uli Heilmeier:
SOCKS: Display right version in pseudo header

https://code.wireshark.org/review/24741

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14262] SOCKS pseudo header displays incorrect Version value

2017-12-08 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14262

Uli Heilmeier  changed:

   What|Removed |Added

 CC||u...@heilmeier.eu
 Ever confirmed|0   |1
 Status|UNCONFIRMED |IN_PROGRESS

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14263] New: tshark nfsv4 dissector produces corrupt/missing output for frame with multiple compound requests

2017-12-08 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14263

Bug ID: 14263
   Summary: tshark nfsv4 dissector produces corrupt/missing output
for frame with multiple compound requests
   Product: Wireshark
   Version: 2.4.3
  Hardware: x86-64
OS: Linux
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: TShark
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: t...@splhi.com
  Target Milestone: ---

Created attachment 16002
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16002=edit
Minimal capture to show the problem.

Build Information:
TShark (Wireshark) 2.4.3 (v2.4.3)

Copyright 1998-2017 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, without POSIX capabilities, without libnl, with
GLib 2.48.2, with zlib 1.2.8, without SMI, without c-ares, without Lua, with
GnuTLS 3.4.10, with Gcrypt 1.6.5, with MIT Kerberos, without GeoIP, without
nghttp2, with LZ4, with Snappy, with libxml2 2.9.3.

Running on Linux 3.13.0-85-generic, withIntel(R) Xeon(R) CPU E5-2630 0
@
2.30GHz (with SSE4.2), with 3953 MB of physical memory, with locale
en_US.UTF-8,
with libpcap version 1.7.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with zlib
1.2.8.

Built using gcc 5.4.0 20160609.

--
Using TShark to dissect a packet capture for additional analysis, it was
noticed that the tshark output is missing fields that were requested when the
request is a compound NFS request. For instance, TShark is being invoked with a
large set of "-z" options to add fields to the output including
-z "proto,colinfo,nfs.write.stable,nfs.write.stable"

The frame in question is 278 bytes long. The first RPC contains a compound
request of PUTFH, WRITE, GETATTR, and the second contains a compound request of
PUTFH and READ:
Frame 30638: 278 bytes on wire (2224 bits), 278 bytes captured (2224 bits)
Ethernet II, Src: IntelCor_d1:c3:c9 (00:1b:21:d1:c3:c9), Dst: ChelsioC_07:92:ef
(00:07:43:07:92:ef)
Internet Protocol Version 4, Src: 172.16.183.7, Dst: 172.16.183.184
Transmission Control Protocol, Src Port: 864 (864), Dst Port: nfs (2049), Seq:
482604493, Ack: 5631173, Len: 212
[2 Reassembled TCP Segments (11616 bytes): #30634(11584), #30638(32)]
Remote Procedure Call, Type:Call XID:0x67f31b30
Network File System, Ops(3): PUTFH, WRITE, GETATTR
Remote Procedure Call, Type:Call XID:0x68f31b30
Network File System, Ops(2): PUTFH, READ

The output for one of the compound packets that is correctly displayed in
Wireshark:
Operations (count: 3): PUTFH, WRITE, GETATTR
Opcode: PUTFH (22)
FileHandle
length: 53
[hash (CRC-32): 0x2c3635aa]
FileHandle: 011f00e7b1df04010002...
Opcode: WRITE (38)
stateid
[StateID Hash: 0x9859]
seqid: 0x0001
Data: 016ad0c4c5017700
[Data hash (CRC-32): 0x8ae84373]
offset: 0
stable: FILE_SYNC4 (2)
Write length: 11416
Data: 
Opcode: GETATTR (9)
and
Operations (count: 2): PUTFH, READ
Opcode: PUTFH (22)
FileHandle
Opcode: READ (25)
stateid
offset: 7340032
count: 1048576

Is output thus in tshark:
30638 1511292745.390690 172.16.183.7 → 172.16.183.184 NFS 278 V4 Call WRITE
StateID: 0x9859 Offset: 0 Len: 11416V4 Call READ StateID: 0x9859 Offset:
7340032 Len: 1048576  nfs.fh.hash == 0x2c3635aa  nfs.fh.hash == 0xb826a6eb 
nfs.count4 == 1048576  nfs.offset4 == 0  nfs.offset4 == 7340032  nfs.fh.hash ==
0x2c3635aa  nfs.fh.hash == 0xb826a6eb

The READ information seems to have stomped all over the WRITE information.
I will attach the minimal packet and invocation information.

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14263] tshark nfsv4 dissector produces corrupt/missing output for frame with multiple compound requests

2017-12-08 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14263

--- Comment #1 from Tim Wright  ---
Created attachment 16003
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=16003=edit
one-line script to invoke tshark with the appropriate options

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

[Wireshark-bugs] [Bug 14264] New: wireshark crashes when capture ring buffer set

2017-12-08 Thread bugzilla-daemon 
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14264

Bug ID: 14264
   Summary: wireshark crashes when capture ring buffer set
   Product: Wireshark
   Version: 2.4.2
  Hardware: x86-64
OS: Windows Server 2012 R2
Status: UNCONFIRMED
  Severity: Major
  Priority: Low
 Component: Dissection engine (libwireshark)
  Assignee: bugzilla-ad...@wireshark.org
  Reporter: larry.r...@relayhealth.com
  Target Milestone: ---

Build Information:
Downloaded today via "update"

Version 2.4.2 (v2.4.2-0-gb6c63ae086)

Copyright 1998-2017 Gerald Combs  and contributors.
License GPLv2+: GNU GPL version 2 or later

This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.6.3, with WinPcap (4_1_3), with GLib 2.42.0, with
zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS
3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with GeoIP, with nghttp2 1.14.0,
with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap,
with
SBC, with SpanDSP.

Running on 64-bit Windows Server 2012 R2, build 9600, withIntel(R)
Xeon(R) CPU E5-2665 0 @ 2.40GHz (with SSE4.2), with 4095 MB of physical memory,
with locale English_United States.1252, with WinPcap version 4.1.3 (packet.dll
version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
with GnuTLS 3.4.11, with Gcrypt 1.7.6, without AirPcap.

Built using Microsoft Visual C++ 14.0 build 24215

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
whether GUI or command line..
will write a few files then crash.
C:\Program Files\Wireshark .\wireshark.exe -i SNIFFER -f "!(tcp port 3389)" -k
-b filesize:10 -b files:2680 -n -w d:\captures\all.pcap

"problem details:"
Problem signature:
  Problem Event Name:   APPCRASH
  Application Name: Wireshark.exe
  Application Version:  2.4.2.0
  Application Timestamp:59dd16b8
  Fault Module Name:libwireshark.dll
  Fault Module Version: 2.4.2.0
  Fault Module Timestamp:   59dd15f4
  Exception Code:   c005
  Exception Offset: 00015987
  OS Version:   6.3.9600.2.0.0.272.7
  Locale ID:1033
  Additional Information 1: 8664
  Additional Information 2: 8664b07c8002cb434f5b9745d3c21cce
  Additional Information 3: 6cbb
  Additional Information 4: 6cbbd054ff5c2d6d3cd6b884920fd671

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=280262

If the online privacy statement is not available, please read our privacy
statement offline:
  C:\Windows\system32\en-US\erofflps.txt


Let me know what you need/want from me.
Thanks
Larry
678-984-12686

-- 
You are receiving this mail because:
You are watching all bug changes.___
Sent via:Wireshark-bugs mailing list 
Archives:https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
 mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe