https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15293
Jason Cohen <kryojen...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |IN_PROGRESS
Ever confirmed|0 |1
--- Comment #3 from Jason Cohen <kryojen...@gmail.com> ---
Same think on branch master:
$ ./run/tshark -v
TShark (Wireshark) 2.9.0 (v2.9.0rc0-2613-g57a4e7ad)
Copyright 1998-2018 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with libpcap, without POSIX capabilities, with GLib 2.58.1,
with zlib 1.2.11, with SMI 0.5.0, with c-ares 1.15.0, without Lua, with GnuTLS
3.5.19, with Gcrypt 1.8.4, with MIT Kerberos, without MaxMind DB resolver, with
nghttp2 1.34.0, with LZ4, with Snappy, with libxml2 2.9.4.
Running on Mac OS X 10.13.6, build 17G3025 (Darwin 17.7.0), with Intel(R)
Core(TM) i7-7920HQ CPU @ 3.10GHz (with SSE4.2), with 16384 MB of physical
memory, with locale en_US.UTF-8, with libpcap version 1.8.1 -- Apple version
79.20.1, with GnuTLS 3.5.19, with Gcrypt 1.8.4, with zlib 1.2.11, binary
plugins
supported (13 loaded).
Built using clang 4.2.1 Compatible Apple LLVM 10.0.0 (clang-1000.10.44.4).
$ ./run/tshark -r ~/tacplus.pcap -Y "tacplus or tcp.stream eq 4" -T fields -e
frame.number -e tacplus.session_id -e tacplus.packet_len -e _ws.col.Info
6 1852441062 27 Q: Authentication
8 1852441062 6 R: Authentication
18 2642242017 45 Q: Authorization
20 2642242017 6 R: Authorization
28 4065243759 387 Q: Accounting
30 4065243759 5 R: Accounting
38 1700602734 387 Q: Accounting
40 1700602734 5 R: Accounting
46 48339 → 49 [SYN] Seq=3926118148 Win=14600 Len=0
MSS=1460 SACK_PERM=1 TSval=279897986 TSecr=0 WS=128
47 49 → 48339 [SYN, ACK] Seq=454839632 Ack=3926118149
Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=3046265020 TSecr=279897986 WS=128
48 48339 → 49 [ACK] Seq=3926118149 Ack=454839633 Win=14720
Len=0 TSval=279897987 TSecr=3046265020
49 48339 → 49 [ACK] Seq=3926118149 Ack=454839633 Win=14720
Len=4344 TSval=279897989 TSecr=3046265020 [TCP segment of a reassembled PDU]
50 48339 → 49 [PSH, ACK] Seq=3926122493 Ack=454839633
Win=14720 Len=646 TSval=279897989 TSecr=3046265020 [TCP segment of a
reassembled PDU]
51 49 → 48339 [ACK] Seq=454839633 Ack=3926119597 Win=31872
Len=0 TSval=3046265023 TSecr=279897989
52 49 → 48339 [ACK] Seq=454839633 Ack=3926123139 Win=39040
Len=0 TSval=3046265023 TSecr=279897989
53 2786296895 5 R: Accounting
54 48339 → 49 [ACK] Seq=3926123139 Ack=454839650 Win=14720
Len=0 TSval=279897990 TSecr=3046265024
55 49 → 48339 [FIN, ACK] Seq=454839650 Ack=3926123139
Win=39040 Len=0 TSval=3046265024 TSecr=279897989
56 48339 → 49 [FIN, ACK] Seq=3926123139 Ack=454839651
Win=14720 Len=0 TSval=279897992 TSecr=3046265024
57 49 → 48339 [ACK] Seq=454839651 Ack=3926123140 Win=39040
Len=0 TSval=3046265029 TSecr=279897992
Patch in https://code.wireshark.org/review/30748 now reassembles and recognizes
the large accounting message.
$ ./run/tshark -r ~/tacplus.pcap -Y "tacplus" -T fields -e frame.number -e
tacplus.session_id -e tacplus.packet_len -e _ws.col.Info
6 1852441062 27 Q: Authentication
8 1852441062 6 R: Authentication
18 2642242017 45 Q: Authorization
20 2642242017 6 R: Authorization
28 4065243759 387 Q: Accounting
30 4065243759 5 R: Accounting
38 1700602734 387 Q: Accounting
40 1700602734 5 R: Accounting
50 2786296895 4978 Q: Accounting
53 2786296895 5 R: Accounting
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
