On Fri, Oct 1, 2010 at 2:18 PM, Sake Blok <[email protected]> wrote: > On 1 okt 2010, at 19:53, Fulko Hew wrote: > > > Imagine my surprise when Wireshark failed to decode the > > AgentX protocol inside some captured packets. It all > > depends on where the packets originated from (which OS). > > > > Attached are two capture sessions of AgentX traffic. > > > > One decodes... Between a Linux box and a Linux box. > > One doesn't... Between a Windows box and a Linux box. > > > > I'm not sure what triggers the failure, but in one case > > Wireshark successfully decodes the AgentX traffic inside > > the TCP PDU and in the other case it doesn't. The top > > protocol window (when it doesn't decode) also tags the > > packets as '[TCP segment of a reassembled PDU]' > > The difference is that in the non-working example, there is a flag that > indicates that multibyte values are in BigEndian representation and the > agentX dissector does not seem to honor this. When it then sees "00 00 00 > 20" as length, it does not interpret this as 32 bytes, but as 536870912. So > then it tries to read that many bytes to reassemble the PDU. Of course it > fails at that. > > Could you please open a bug report at http://bugs.wireshark.org and attach > the two tracefiles so that we don't lose track of it? >
Done, bugzilla entry #5269 submitted. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5269
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
