[Wireshark-bugs] [Bug 13791] New: Ranap: false positives on heuristic algorithm

Sun, 11 Jun 2017 08:18:06 -0700 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13791

            Bug ID: 13791
           Summary: Ranap: false positives on heuristic algorithm
           Product: Wireshark
           Version: 2.2.6
          Hardware: x86-64
                OS: Ubuntu
            Status: UNCONFIRMED
          Severity: Minor
          Priority: Low
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: nardi.i...@gmail.com
  Target Milestone: ---

Created attachment 15626
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15626&action=edit
Pcap to reproduce the issue

Build Information:
Version 2.2.6 (Git Rev Unknown from unknown)

Copyright 1998-2017 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.5.1, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.48.0, with zlib 1.2.8, with SMI 0.4.8, with c-ares
1.10.0, with Lua 5.2.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with MIT
Kerberos, with GeoIP, with nghttp2 1.7.1, with QtMultimedia, without AirPcap.

Running on Linux 4.4.0-79-generic, with locale LC_CTYPE=en_US.UTF-8,
LC_NUMERIC=it_IT.UTF-8, LC_TIME=it_IT.UTF-8, LC_COLLATE=en_US.UTF-8,
LC_MONETARY=it_IT.UTF-8, LC_MESSAGES=en_US.UTF-8, LC_PAPER=it_IT.UTF-8,
LC_NAME=it_IT.UTF-8, LC_ADDRESS=it_IT.UTF-8, LC_TELEPHONE=it_IT.UTF-8,
LC_MEASUREMENT=it_IT.UTF-8, LC_IDENTIFICATION=it_IT.UTF-8, with libpcap version
1.7.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with zlib 1.2.8.
Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz (with SSE4.2)

Built using gcc 5.4.0 20160609.

--
Hi all
Heuristic logic may leads to false positives
You can reproduce the issue with the attached pcap, where there is a valid
BSSMAP/DTAP/MM-Authentication-Response msg

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to