https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15258
Bug ID: 15258
Summary: ntpdc sent mode 7 packet wireshark parsing error
Product: Wireshark
Version: 2.6.3
Hardware: x86
OS: Linux
Status: UNCONFIRMED
Severity: Normal
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: tttta...@protonmail.com
Target Milestone: ---
Build Information:
Wireshark 2.6.3 (Git v2.6.3 packaged as 2.6.3-1)
Copyright 1998-2018 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.11.1, with libpcap, with POSIX capabilities
(Linux),
with libnl 3, with GLib 2.56.1, with zlib 1.2.11, with SMI 0.4.8, with c-ares
1.14.0, with Lua 5.2.4, with GnuTLS 3.5.19, with Gcrypt 1.8.3, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.32.0, with LZ4, with Snappy,
with libxml2 2.9.4, with QtMultimedia, with SBC, with SpanDSP, without bcg729.
Running on Linux 4.18.0-kali1-amd64, with Intel(R) Core(TM) i5-2500K CPU
@ 3.30GHz (with SSE4.2), with 7887 MB of physical memory, with locale
zh_CN.UTF-8, with libpcap version 1.8.1, with GnuTLS 3.5.19, with Gcrypt 1.8.3,
with zlib 1.2.11, binary plugins supported (0 loaded).
Built using gcc 8.2.0.
--
* 0 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* |R|M| VN | Mode|A| Sequence | Implementation| Req Code |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Err | Number of data items | MBZ | Size of data item |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | |
* | Data (Minimum 0 octets, maximum 500 octets) |
* | |
* [...]
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Encryption Keyid (when A bit set) |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | |
* | Message Authentication Code (when A bit set) |
* | |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*
The above is the packet format under mode 7.
struct req_pkt {
u_char rm_vn_mode; /* response, more, version, mode */
u_char auth_seq; /* key, sequence number */
u_char implementation; /* implementation number */
u_char request; /* request number */
u_short err_nitems; /* error code/number of data items */
u_short mbz_itemsize; /* item size */
char data[MAXFILENAME + 48]; /* data area [32 prev](176 byte max) */
/* struct conf_peer must fit */
l_fp tstamp; /* time stamp, for authentication */
keyid_t keyid; /* (optional) encryption key */
char mac[MAX_MAC_LEN-sizeof(keyid_t)]; /* (optional) auth code */
};
The above is the data structure in C language
|R|M| VN | Mode| Fields and | A | Sequence | Fields are resolved to the same
byte in wireshark, but they are not in the same byte.
Due to the above parsing error Data, Encryption Keyid, Message Authentication
Code,tstamp can not be parsed
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
