https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13791
Bug ID: 13791
Summary: Ranap: false positives on heuristic algorithm
Product: Wireshark
Version: 2.2.6
Hardware: x86-64
OS: Ubuntu
Status: UNCONFIRMED
Severity: Minor
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: nardi.i...@gmail.com
Target Milestone: ---
Created attachment 15626
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=15626&action=edit
Pcap to reproduce the issue
Build Information:
Version 2.2.6 (Git Rev Unknown from unknown)
Copyright 1998-2017 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.5.1, with libpcap, with POSIX capabilities (Linux),
with libnl 3, with GLib 2.48.0, with zlib 1.2.8, with SMI 0.4.8, with c-ares
1.10.0, with Lua 5.2.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with MIT
Kerberos, with GeoIP, with nghttp2 1.7.1, with QtMultimedia, without AirPcap.
Running on Linux 4.4.0-79-generic, with locale LC_CTYPE=en_US.UTF-8,
LC_NUMERIC=it_IT.UTF-8, LC_TIME=it_IT.UTF-8, LC_COLLATE=en_US.UTF-8,
LC_MONETARY=it_IT.UTF-8, LC_MESSAGES=en_US.UTF-8, LC_PAPER=it_IT.UTF-8,
LC_NAME=it_IT.UTF-8, LC_ADDRESS=it_IT.UTF-8, LC_TELEPHONE=it_IT.UTF-8,
LC_MEASUREMENT=it_IT.UTF-8, LC_IDENTIFICATION=it_IT.UTF-8, with libpcap version
1.7.4, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with zlib 1.2.8.
Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz (with SSE4.2)
Built using gcc 5.4.0 20160609.
--
Hi all
Heuristic logic may leads to false positives
You can reproduce the issue with the attached pcap, where there is a valid
BSSMAP/DTAP/MM-Authentication-Response msg
--
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe