https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15999

            Bug ID: 15999
           Summary: Packet Bytes highlight for dns.qry.name.len and
                    dns.count.labels off by one
           Product: Wireshark
           Version: 3.0.2
          Hardware: x86
                OS: Windows 7
            Status: UNCONFIRMED
          Severity: Minor
          Priority: Low
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: bubbas...@gmail.com
  Target Milestone: ---

Build Information:
Version 3.0.2 (v3.0.2-0-g621ed351d5c9) 
Copyright 1998-2019 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software;
see the source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 
Compiled (32-bit) with Qt 5.12.3, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with
libxml2 2.9.9, with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with
bcg729. 
Running on 32-bit Windows 7 Service Pack 1, build 7601, with Intel(R) Core(TM)2
Duo CPU P7570 @ 2.26GHz, with 3032 MB of physical memory, with locale
English_United States.1252, with Npcap version 0.995, based on libpcap version
1.9.1-PRE-GIT, with GnuTLS 3.6.3, with Gcrypt 1.8.3, without AirPcap, binary
plugins supported (14 loaded). Built using Microsoft Visual Studio 2017 (VC++
14.16, build 27030). 
Wireshark is Open Source Software released under the GNU General Public
License. 
Check the man page and http://www.wireshark.org for more information. 
--
When selecting dns.qry.name.len or dns.count.labels, the highlighted bytes
should start after the first length octet.

Name: www.SYN-bit.nl
0000   03 77 77 77 07 53 59 4e 2d 62 69 74 02 6e 6c 00   .www.SYN-bit.nl.

[Name Length: 14]
0000   03 77 77 77 07 53 59 4e 2d 62 69 74 02 6e         .www.SYN-bit.n

[Label Count: 3]
0000   03 77 77 77 07 53 59 4e 2d 62 69 74 02 6e         .www.SYN-bit.n


Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface
0
Ethernet II, Src: Vmware_ef:28:d8 (00:0c:29:ef:28:d8), Dst: Vmware_c8:88:bd
(00:0c:29:c8:88:bd)
Internet Protocol Version 4, Src: 192.168.21.1, Dst: 192.168.21.250
User Datagram Protocol, Src Port: 34287, Dst Port: 53
Domain Name System (query)
    Transaction ID: 0x8605
    Flags: 0x0100 Standard query
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        www.SYN-bit.nl: type A, class IN
            Name: www.SYN-bit.nl
            [Name Length: 14]
            [Label Count: 3]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    [Response In: 35]
TRANSUM RTE Data

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
https://www.ietf.org/rfc/rfc1035.txt
3.1. Name space definitions

Domain names in messages are expressed in terms of a sequence of labels.
Each label is represented as a one octet length field followed by that
number of octets.  Since every domain name ends with the null label of
the root, a domain name is terminated by a length byte of zero.

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to