[Wireshark-bugs] [Bug 10573] New: Allow to add custom fields based on filters expressions
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10573 Bug ID: 10573 Summary: Allow to add custom fields based on filters expressions Product: Wireshark Version: unspecified Hardware: x86 OS: All Status: UNCONFIRMED Severity: Enhancement Priority: Low Component: TShark Assignee: bugzilla-ad...@wireshark.org Reporter: javibarr...@gmail.com Build Information: $ tshark -v TShark 1.12.1 (Git Rev Unknown from unknown) Copyright 1998-2014 Gerald Combs ger...@wireshark.org and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GLib 2.40.0, with libpcap, with libz 1.2.8, with POSIX capabilities (Linux), with libnl 3, with SMI 0.4.8, with c-ares 1.10.0, with Lua 5.2, without Python, with GnuTLS 3.3.7, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP. Running on Linux 3.16-2-amd64, with locale es_ES.UTF-8, with libpcap version 1.6.2, with libz 1.2.8. Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz Built using gcc 4.9.1. -- Hello, I would like to distinguish frames from the tshark output, see this failed attemp : tshark -r mydump-20141015-185000.dump -Y frame contains a or frame contains b -T fields -e frame.time -e frame contains a -e frame contains b I would like next output: time1 0 1 # not comtains a and contains b time2 1 1 # contains a and contains b time3 1 0 # contains a and not contains b Thank you very much ! PD: From https://ask.wireshark.org/questions/37082/tshark-using-filter-expression-as-field I was asked to open a new enhancemment bug. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 8077] Added: MPLS-TP OAM dissector aligned with Y.1731
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8077 Siddharth Moghe smo...@broadcom.com changed: What|Removed |Added CC||smo...@broadcom.com -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10574] New: Wireshark is unable to understand ethertype 8902 for MPLS TP packets conforming to ITU Y.1731
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10574 Bug ID: 10574 Summary: Wireshark is unable to understand ethertype 8902 for MPLS TP packets conforming to ITU Y.1731 Product: Wireshark Version: 1.12.1 Hardware: x86 OS: Windows Server 2008 R2 Status: UNCONFIRMED Severity: Major Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: smo...@broadcom.com Created attachment 13171 -- https://bugs.wireshark.org/bugzilla/attachment.cgi?id=13171action=edit ethertype Build Information: Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12) Copyright 1998-2014 Gerald Combs ger...@wireshark.org and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0, without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014), with AirPcap. Running on 64-bit Windows Server 2008 R2 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap. Intel(R) Xeon(R) CPU E5620 @ 2.40GHz, with 10227MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- Wireshark is unable to understand ethertype 8902 for MPLS TP packets conforming to ITU Y.1731 As a result it is not possible to easily decode the data part in the mpls tp packets. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10575] New: IPv6 QuickStart option Nonce is read incorrectly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10575 Bug ID: 10575 Summary: IPv6 QuickStart option Nonce is read incorrectly Product: Wireshark Version: 1.12.1 Hardware: x86-64 OS: Windows 7 Status: UNCONFIRMED Severity: Normal Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: boaz.brick...@gmail.com Created attachment 13172 -- https://bugs.wireshark.org/bugzilla/attachment.cgi?id=13172action=edit IPv6 packet with QuickStart option Build Information: Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12) Copyright 1998-2014 Gerald Combs ger...@wireshark.org and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0, without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014), with AirPcap. Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap. Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- Discovered while working on Pcap.Net (http://pcapdot.net). In the attached pcap file, there's a single IPv6 packet. This packet contains Destination Options extension header with several options. The third option is the QuickStart option. In Wireshark, the option's TTL field looks ok, but the [TTL diff] field points to the byte after the TTL field, which is part of the nonce field. The nonce field is being read one byte after where it should be read and so the value being read is incorrect. Moreover, the option data length says 6 but because of the extra byte being read 7 bytes are being read for this option data and the next option is read one byte later incorrectly so the options after the QuickStart option are being read incorrectly. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10576] New: IPv6 Mobility Option IPv6 Address/Prefix marks too many bytes for the address/prefix field
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10576 Bug ID: 10576 Summary: IPv6 Mobility Option IPv6 Address/Prefix marks too many bytes for the address/prefix field Product: Wireshark Version: 1.12.1 Hardware: x86-64 OS: Windows 7 Status: UNCONFIRMED Severity: Normal Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: boaz.brick...@gmail.com Created attachment 13173 -- https://bugs.wireshark.org/bugzilla/attachment.cgi?id=13173action=edit An example IPv6 packet with IPv6 Address/Prefix mobility option Build Information: Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12) Copyright 1998-2014 Gerald Combs ger...@wireshark.org and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0, without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014), with AirPcap. Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap. Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- Discovered while working on Pcap.Net (http://pcapdot.net). In the attached pcap file there's a single IPv6 packet with Mobility Options. One of the mobility options is the IPv6 Address/Prefix. The prefix length of this option is 52. Note that according to RFC 5568, the prefix length is in bits and not in bytes. The IPv6 Address/Prefix field of this option marks 52 bytes. In addition, I'm not sure that the IPv6 Address/Prefix field is a variable size field. RFC 5568 section 6.4.2 has a diagram of this options that shows this field as if it always takes 128 bits, and the prefix length field just says the length of the prefix (not the length of the field). This is at least how I understand the RFC. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10532] E-LMI and Full status
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10532 --- Comment #9 from Maic Groffmann maic.groffm...@t-systems.com --- Created attachment 13174 -- https://bugs.wireshark.org/bugzilla/attachment.cgi?id=13174action=edit another trace This trace has got the same unknown Information Elements. Look in frame 2, 3, 4 and 6. When you have got finished the code review? -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10532] E-LMI and Full status
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10532 --- Comment #10 from Anish Bhatt an...@chelsio.com --- (In reply to Maic Groffmann from comment #9) Created attachment 13174 [details] another trace This trace has got the same unknown Information Elements. Look in frame 2, 3, 4 and 6. When you have got finished the code review? It's already committed, just pick up binaries from the links posted here. Though you trace did maybe show another bug, I will look into it. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10577] New: IPv6 Mobility Option Binding Authorization Data for FMIPv6 Authonticator field is read beyond the option data
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10577 Bug ID: 10577 Summary: IPv6 Mobility Option Binding Authorization Data for FMIPv6 Authonticator field is read beyond the option data Product: Wireshark Version: 1.12.1 Hardware: x86-64 OS: Windows 7 Status: UNCONFIRMED Severity: Normal Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: boaz.brick...@gmail.com Created attachment 13175 -- https://bugs.wireshark.org/bugzilla/attachment.cgi?id=13175action=edit IPv6 packet with Binding Authorization Data for FMIPv6 mobility option. Build Information: Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12) Copyright 1998-2014 Gerald Combs ger...@wireshark.org and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0, without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014), with AirPcap. Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap. Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- Discovered while working on Pcap.Net (http://pcapdot.net). In the attached pcap file, there's a single IPv6 packet with Binding Authorization Data for FMIPv6 mobility option. The option's data length is 14 but and since the SPI takes 4 bytes, the Authenticator field should take 10 bytes. However, the Authenticator field is read until the end of the packet, which is 178 bytes. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10532] E-LMI and Full status
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10532 --- Comment #11 from Anish Bhatt an...@chelsio.com --- It's already committed, just pick up binaries from the links posted here. Though you trace did maybe show another bug, I will look into it. Ah no, I was just using an older code base. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10532] E-LMI and Full status
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10532 --- Comment #12 from Anish Bhatt an...@chelsio.com --- Created attachment 13176 -- https://bugs.wireshark.org/bugzilla/attachment.cgi?id=13176action=edit Screenshot of ELMI dissected with trunk code This is with wireshark built from top of tree code, you can see all elements being dissected -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10578] New: IPv6 Mobility Option Mobile Node Link Layer Identifier Link-layer Identifier field is read beyond the option data
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10578 Bug ID: 10578 Summary: IPv6 Mobility Option Mobile Node Link Layer Identifier Link-layer Identifier field is read beyond the option data Product: Wireshark Version: 1.12.1 Hardware: x86-64 OS: Windows 7 Status: UNCONFIRMED Severity: Normal Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: boaz.brick...@gmail.com Created attachment 13177 -- https://bugs.wireshark.org/bugzilla/attachment.cgi?id=13177action=edit IPv6 packet with Mobile Node Link Layer Identifier mobility option Build Information: Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12) Copyright 1998-2014 Gerald Combs ger...@wireshark.org and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0, without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014), with AirPcap. Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap. Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- Discovered while working on Pcap.Net (http://pcapdot.net). This is very similar to https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10577 In the attached pcap file, there's a single IPv6 packet with Mobile Node Link Layer Identifier mobility option. The option's data length is 9 but and since the Reserved field takes 2 bytes, the Link Layer Identifier field should take 7 bytes. However, the Link Layer Identifier field is read until the end of the packet, which is 519 bytes. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10577] IPv6 Mobility Option Binding Authorization Data for FMIPv6 Authenticator field is read beyond the option data
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10577 boaz.brick...@gmail.com changed: What|Removed |Added Summary|IPv6 Mobility Option|IPv6 Mobility Option |Binding Authorization Data |Binding Authorization Data |for FMIPv6 Authonticator|for FMIPv6 Authenticator |field is read beyond the|field is read beyond the |option data |option data -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10577] IPv6 Mobility Option Binding Authorization Data for FMIPv6 Authenticator field is read beyond the option data
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10577 Alexis La Goutte alexis.lagou...@gmail.com changed: What|Removed |Added CC||alexis.lagou...@gmail.com -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10578] IPv6 Mobility Option Mobile Node Link Layer Identifier Link-layer Identifier field is read beyond the option data
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10578 Alexis La Goutte alexis.lagou...@gmail.com changed: What|Removed |Added CC||alexis.lagou...@gmail.com -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10532] E-LMI and Full status
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10532 Alexis La Goutte alexis.lagou...@gmail.com changed: What|Removed |Added Status|IN_PROGRESS |RESOLVED Resolution|--- |FIXED --- Comment #13 from Alexis La Goutte alexis.lagou...@gmail.com --- Committed in gf7588eaec -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10575] IPv6 QuickStart option Nonce is read incorrectly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10575 Alexis La Goutte alexis.lagou...@gmail.com changed: What|Removed |Added CC||alexis.lagou...@gmail.com -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10576] IPv6 Mobility Option IPv6 Address/Prefix marks too many bytes for the address/prefix field
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10576 Alexis La Goutte alexis.lagou...@gmail.com changed: What|Removed |Added CC||alexis.lagou...@gmail.com -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10579] New: IP header in ICMP error checksum not checked even though all header is available
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10579 Bug ID: 10579 Summary: IP header in ICMP error checksum not checked even though all header is available Product: Wireshark Version: 1.12.1 Hardware: x86-64 OS: Windows 7 Status: UNCONFIRMED Severity: Normal Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: boaz.brick...@gmail.com Created attachment 13178 -- https://bugs.wireshark.org/bugzilla/attachment.cgi?id=13178action=edit A packet with full IP within ICMP error Build Information: Version 1.12.1 (v1.12.1-0-g01b65bf from master-1.12) Copyright 1998-2014 Gerald Combs ger...@wireshark.org and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0, without Kerberos, with GeoIP, with PortAudio V19-devel (built Sep 16 2014), with AirPcap. Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap. Intel(R) Core(TM) i5-3550 CPU @ 3.30GHz, with 16345MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- Discovered while working on Pcap.Net (http://pcapdot.net). In the attached pcap file, there is a single IPv4 packet with ICMP Destination Unreachable message that contains the first 32 bytes of original IPv4 data. The first 32 bytes of the original IPv4 data contains the full IPv4 header (since Header Length is 24) but Wireshark still doesn't check whether the Checksum is good or bad and marks both the Good and Bad fields as False. The checksum is marked with In ICMP error packet, which is correct, but doesn't explain why the checksum isn't checked in this case. -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 10580] New: Changing diplay filters on a 20MB file takes time to redisplay
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10580 Bug ID: 10580 Summary: Changing diplay filters on a 20MB file takes time to redisplay Product: Wireshark Version: Git Hardware: All OS: All Status: UNCONFIRMED Severity: Major Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-ad...@wireshark.org Reporter: m...@matws.net Build Information: Paste the COMPLETE build information from Help-About Wireshark, wireshark -v, or tshark -v. -- The file has a lot of encrypted DCE-RPC it seems that every time a filter is applied or cleared or changed the decryption seems to be done again and again. When the capture is big it takes a lot of time, can't something be done ? -- You are receiving this mail because: You are watching all bug changes. ___ Sent via:Wireshark-bugs mailing list wireshark-bugs@wireshark.org Archives:http://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe