Your message dated Fri, 12 Sep 2008 14:47:10 +0000 with message-id <[EMAIL PROTECTED]> and subject line Bug#496768: fixed in wireshark 1.0.3-1 has caused the Debian Bug report #496768, regarding wireshark: "Follow TCP stream" is not "Port numbers reused"-aware to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 496768: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496768 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: wireshark Version: 1.0.2-3 Severity: normal "TCP Port numbers reused" happens every now and then, especially if the capture is run over a longer time and the client OS does not use a wide range of local ports. Now I noticed that at least for HTTP the extremely useful "Follow TCP stream" function ignores all data in the second TCP stream. This hides potentially interesting data. How to repeat ------------- Use the following Perl script that does two HTTP GET request using the same local port number. Insert a web server in the $host variable, and capture the traffic. ----------------------------------------------------------- #!/usr/bin/perl -w use IO::Socket; use strict; my $host = 'a.web.server'; for my $i (1..2) { my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => 80, Proto => 'tcp', LocalPort => 9999, ReuseAddr => 1, ) || die ("Cannot create socket: $!.\n"); print $sock "GET / HTTP/1.0\r\n" . "Host: $host\r\n" . "X-Round: $i\r\n" . "\r\n"; while (defined (my $line = <$sock>)) { ; } undef $sock; last if ($i == 2); sleep (1); } exit 0; ----------------------------------------------------------- Open the capture file in wireshark and select "Follow TCP stream". Expected behaviour: wireshark shows both request/response pairs. Seen behaviour: wireshark always only shows the first pair, identified by the "X-Round: 1" header. Selecting a packet of the second pair before doing the "Follow TCP stream" does not help. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages wireshark depends on: ii libadns1 1.4-0.1 Asynchronous-capable DNS client li ii libatk1.0-0 1.22.0-1 The ATK accessibility toolkit ii libc6 2.7-13 GNU C Library: Shared libraries ii libcairo2 1.6.4-6 The Cairo 2D vector graphics libra ii libcomerr2 1.41.0-3 common error description library ii libgcrypt11 1.4.1-1 LGPL Crypto library - runtime libr ii libglib2.0-0 2.16.4-2 The GLib library of C routines ii libgnutls26 2.4.1-1 the GNU TLS library - runtime libr ii libgtk2.0-0 2.12.11-3 The GTK+ graphical user interface ii libkrb53 1.6.dfsg.4~beta1-3 MIT Kerberos runtime libraries ii libpango1.0-0 1.20.5-1 Layout and rendering of internatio ii libpcap0.8 0.9.8-5 system interface for user-level pa ii libpcre3 7.6-2.1 Perl 5 Compatible Regular Expressi ii libportaudio2 19+svn20071022-2 Portable audio I/O - shared librar ii wireshark-common 1.0.2-3 network traffic analyser (common f ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages wireshark recommends: ii gksu 2.0.0-5 graphical frontend to su wireshark suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: wireshark Source-Version: 1.0.3-1 We believe that the bug you reported is fixed in the latest version of wireshark, which is due to be installed in the Debian FTP archive: tshark_1.0.3-1_i386.deb to pool/main/w/wireshark/tshark_1.0.3-1_i386.deb wireshark-common_1.0.3-1_i386.deb to pool/main/w/wireshark/wireshark-common_1.0.3-1_i386.deb wireshark-dev_1.0.3-1_i386.deb to pool/main/w/wireshark/wireshark-dev_1.0.3-1_i386.deb wireshark_1.0.3-1.diff.gz to pool/main/w/wireshark/wireshark_1.0.3-1.diff.gz wireshark_1.0.3-1.dsc to pool/main/w/wireshark/wireshark_1.0.3-1.dsc wireshark_1.0.3-1_i386.deb to pool/main/w/wireshark/wireshark_1.0.3-1_i386.deb wireshark_1.0.3.orig.tar.gz to pool/main/w/wireshark/wireshark_1.0.3.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Joost Yervante Damad <[EMAIL PROTECTED]> (supplier of updated wireshark package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 12 Sep 2008 15:05:58 +0200 Source: wireshark Binary: wireshark-common wireshark tshark wireshark-dev Architecture: source i386 Version: 1.0.3-1 Distribution: unstable Urgency: high Maintainer: Frederic Peters <[EMAIL PROTECTED]> Changed-By: Joost Yervante Damad <[EMAIL PROTECTED]> Description: tshark - network traffic analyzer (console) wireshark - network traffic analyzer wireshark-common - network traffic analyser (common files) wireshark-dev - network traffic analyser (development tools) Closes: 496768 497878 Changes: wireshark (1.0.3-1) unstable; urgency=high . * New upstream release 1.0.3 (Closes: #497878) - release notes: http://www.wireshark.org/docs/relnotes/wireshark-1.0.3.html - security fixes: - The NCP dissector was susceptible to a number of problems, including buffer overflows and an infinite loop (CVE-2008-3146, CVE-2008-3932) - Wireshark could crash while uncompressing zlib-compressed packet data (CVE-2008-3933) - Wireshark could crash while reading a Tektronix .rf5 file (CVE-2008-3934) - other fixes: - Following a TCP stream could incorrectly reassemble packets (Closes: #496768) Checksums-Sha1: e827500609cb31167684ee30565603cf86af1bf4 1470 wireshark_1.0.3-1.dsc 160c8be5700aa045d85c07ab52bf8089c21bef2d 16782097 wireshark_1.0.3.orig.tar.gz 796cd9b5eb0fe13c5c7d61ec3cc78dcd53f48865 47966 wireshark_1.0.3-1.diff.gz 4069adcf9ebae2a627c65b8c9f3f05a81cf2c98d 10124450 wireshark-common_1.0.3-1_i386.deb bcee2c8296e0f63d0d1872b49109ac4ac631a05b 619504 wireshark_1.0.3-1_i386.deb 6bc5d436e06143496a16b3dae72f00c961da491e 112054 tshark_1.0.3-1_i386.deb 60ddbed00cfa85f93ebf8f5ab8d49e79e728a77f 570440 wireshark-dev_1.0.3-1_i386.deb Checksums-Sha256: 24b3273a0553424fa70d43163d869f8ce9c6beb245b8ed11131314386ad443bb 1470 wireshark_1.0.3-1.dsc 640bf50f7c05b627cfd86e78d8742050fc023c0c2931f14324d4b103cdde1ced 16782097 wireshark_1.0.3.orig.tar.gz 724389ea520ebae7b438d0dd337558c5951b3d6d7f971427ef711cfe74f2bbfe 47966 wireshark_1.0.3-1.diff.gz cb041912d1afa7277e043b5d0abff23b1610bba32425208dbcb6bb6fd0bdd3e1 10124450 wireshark-common_1.0.3-1_i386.deb cea07776221b1fb9c657d177424a24ab843cd98829c8436b433dd05da2a2839d 619504 wireshark_1.0.3-1_i386.deb e765ec5a7d0f0d4a7822abe06051743307408266a1b3467b0ffec1470a6147c9 112054 tshark_1.0.3-1_i386.deb 22dbc1fe28c0d616e894a42bfacf282940898cbc19b57fd038e2d5aaaaf057fd 570440 wireshark-dev_1.0.3-1_i386.deb Files: afbf7901ef1ae29d44db50999c78fa0c 1470 net optional wireshark_1.0.3-1.dsc ca48718f71d9bc1838fb44da872c1d14 16782097 net optional wireshark_1.0.3.orig.tar.gz 6518ab8608d6f55341f55f32b0bdc56a 47966 net optional wireshark_1.0.3-1.diff.gz 40dd1e57d732a68ce17101c6384154ab 10124450 net optional wireshark-common_1.0.3-1_i386.deb f043dda7e5e299e6482ea5e7eb496c15 619504 net optional wireshark_1.0.3-1_i386.deb d17de9e913197829c0de28def28ded06 112054 net optional tshark_1.0.3-1_i386.deb 2bbd083957aaca696723c2f4f1ceff8b 570440 devel optional wireshark-dev_1.0.3-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkjKd/gACgkQ0/r2+3z8lN0/GgCfRFVh+TiUaPcwnIPVq5+QEFhC YgUAn1cBH1mgGXt5HmpNDTG6C4wHhAhm =R7HL -----END PGP SIGNATURE-----
--- End Message ---
