[Wireshark-bugs] [Bug 15258] ntpdc sent mode 7 packet wireshark parsing error
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15258 --- Comment #10 from Pascal Quantin --- The latest patch iteration makes the assumption that the Encryption Keyid and MAC fields (if present) are right after the Number of data items * Size of data item data bytes. If there is padding in the data bytes after the last data item and the Encryption Keyid field, then the decoding will be wrong (as there does not seem to be a length of the data field indicated somewhere). Hopefully this will work as-is. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15236] ISUP (ANSI) packets malformed in WS versions later than 2.4.8
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15236 --- Comment #12 from Gerrit Code Review --- Change 30515 had a related patch set uploaded by Anders Broman: Add dissector for ANSI Local Number Portability Database Query Protocol. https://code.wireshark.org/review/30515 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15258] ntpdc sent mode 7 packet wireshark parsing error
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15258 --- Comment #9 from Pascal Quantin --- (In reply to Gerrit Code Review from comment #8) > Change 30514 had a related patch set uploaded by Pascal Quantin: > [WIP] NTP: fix parsing of NTP mode 7 messages > > https://code.wireshark.org/review/30514 This patch set fixes the parsing errors you reported, but do not yet adds the dissection of Encryption Keyid and MAC fields. My understanding of the header file you shared is that: - if A bit is sent in a request message, Encryption Keyid is present and MAC is eventually present if there is 4 remining bytes in the message - if A bit is sent in a response message, Encryption Keyid is present and MAC is always absent Is my understanding correct? It would be great if you had a capture file to verify this. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15258] ntpdc sent mode 7 packet wireshark parsing error
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15258 --- Comment #8 from Gerrit Code Review --- Change 30514 had a related patch set uploaded by Pascal Quantin: [WIP] NTP: fix parsing of NTP mode 7 messages https://code.wireshark.org/review/30514 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15236] ISUP (ANSI) packets malformed in WS versions later than 2.4.8
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15236 --- Comment #11 from Gerrit Code Review --- Change 30513 merged by Anders Broman: ansi tcap: Fix faulty mask for AMSI MAP "family" in Operation code https://code.wireshark.org/review/30513 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15258] ntpdc sent mode 7 packet wireshark parsing error
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15258 Pascal Quantin changed: What|Removed |Added Status|INCOMPLETE |CONFIRMED --- Comment #7 from Pascal Quantin --- (In reply to abcd from comment #3) > Created attachment 16692 [details] > ntpdc mode 7 capture packet example > > This is an example of a monlist request with two versions, MON_GETLIST_1 and > MON_GETLIST > > As you can see in this example, |R|M| VN | Mode| Fields and | A | Sequence > | Fields are resolved to the same byte in wireshark I agree, but none of the packets in this capture have the A bit set, so it does not help testing the decoding of the Encryption Keyid and MAC > > As you can see in the No. 2 package, the IPv6 address will be parsed > incorrectly. In fact, the remote address is fe80::da50:e6ff:fe4f:2982, and > the local address is fe80::2ac2:ddff:fe84:3041 Which is not related to the A bit, it simply shows that mode 7 parsing for MON_GETLIST_1 is wrongly implemented > > In the No.5 package, you can see that the returned message requested by > MON_GETLIST is not correctly parsed, but the packet format is actually > correct by manual analysis. MON_GETLIST is not incorrectly parsed, it's not parsed at all as only MON_GETLIST_1 is implemented. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15260] ANSI E800 messages are not dissected properly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15260 --- Comment #4 from ProdM --- (In reply to Anders Broman from comment #3) > Top of trunk dissects AIN messages. > https://code.wireshark.org/review/#/c/30513/ fixes a related problem. The > trace only cover the last case, right? Hi Anders, Bug 15236 was ISUP dissection issue, I think it's related to 15108. It needs dissection based on ANSI T1.114. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15260] ANSI E800 messages are not dissected properly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15260 --- Comment #3 from Anders Broman --- Top of trunk dissects AIN messages. https://code.wireshark.org/review/#/c/30513/ fixes a related problem. The trace only cover the last case, right? -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15236] ISUP (ANSI) packets malformed in WS versions later than 2.4.8
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15236 --- Comment #10 from Gerrit Code Review --- Change 30513 had a related patch set uploaded by Anders Broman: ansi tcap: Fix faulty mask for AMSI MAP "family" in Operation code https://code.wireshark.org/review/30513 -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
[Wireshark-bugs] [Bug 15260] ANSI E800 messages are not dissected properly
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15260 --- Comment #2 from ProdM --- (In reply to Alexis La Goutte from comment #1) > Hi, > > Do you have a link to spec ? Hi, I need to check which standard is required. Please stand-by. -- You are receiving this mail because: You are watching all bug changes.___ Sent via:Wireshark-bugs mailing list Archives:https://www.wireshark.org/lists/wireshark-bugs Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
