Ethereal-dev: Re: [Ethereal-dev] (no subject)
Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.
From: David Frascone <dave@xxxxxxxxxxxx>
Date: Fri, 23 Feb 2001 17:56:54 -0600
Here is the output of the new dissector on that packet (with tethereal) chaos[chaos]: chaos$ tethereal -Vx -r ~/newman/HAAdump Frame 1 (418 on wire, 418 captured) Arrival Time: Feb 23, 2001 16:03:44.3737 Time delta from previous packet: 0.000000 seconds Time relative to first packet: 0.000000 seconds Frame Number: 1 Packet Length: 418 bytes Capture Length: 418 bytes Ethernet II Destination: 00:90:27:1b:e2:a6 (Intel_1b:e2:a6) Source: 00:a0:c9:af:85:41 (Intel_af:85:41) Type: IP (0x0800) Internet Protocol Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 404 Identification: 0xd688 Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: TCP (0x06) Header checksum: 0x837e (correct) Source: 192.168.175.5 (192.168.175.5) Destination: 192.168.175.6 (192.168.175.6) Transmission Control Protocol, Src Port: 1393 (1393), Dst Port: radius (1812), Seq: 2572762877, Ack: 2576499523 Source port: 1393 (1393) Destination port: radius (1812) Sequence number: 2572762877 Next sequence number: 2572763229 Acknowledgement number: 2576499523 Header length: 32 bytes Flags: 0x0018 (PSH, ACK) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Window size: 32120 Checksum: 0x02ab (correct) Options: (12 bytes) NOP NOP Time stamp: tsval 189124625, tsecr 189144488 Diameter Protocol Reserved: 0x09 Packet flags: 0x00 E:0 I:0 R:0 (Indication) .... .000 = Version: 0x00 Length: 0 Identifier: 0x30d832a1 Command Code: Home-Agent-MIP-Answer (263) VendorId: 0 0 0090 271b e2a6 00a0 c9af 8541 0800 4500 ..'........A..E. 10 0194 d688 4000 4006 837e c0a8 af05 c0a8 ....@.@..~...... 20 af06 0571 0714 9959 3efd 9992 4343 8018 ...q...Y>...CC.. 30 7d78 02ab 0000 0101 080a 0b45 d011 0b46 }x.........E...F 40 1da8 0900 0000 30d8 32a1 0000 0107 0000 ......0.2....... 50 0000 0000 0107 001a 0001 6661 3140 636f ..........fa1@co 60 7270 2e63 6f6d 0714 30d8 32a1 0000 0000 rp.com..0.2..... 70 0125 0014 0000 6661 3140 636f 7270 2e63 .%[email protected] 80 6f6d 0000 010c 000c 0001 0000 07d1 0000 om.............. 90 0141 00a4 0001 0300 0807 c0a8 afc8 c0a8 .A.............. a0 af05 3a96 dcb9 3a96 dd0e 830c 6b65 7640 ..:...:.....kev@ b0 636f 7270 2e63 6f6d 2a01 001c 0000 0708 corp.com*....... c0 0000 0002 0000 012e 8a29 8d91 c043 0db9 .........)...C.. d0 1f2d ae46 ac5b 1b5e 2807 0018 0000 0002 .-.F.[.^(....... e0 0000 012c b39a 84c0 2210 788e 92fd 8f40 ...,....".x....@ f0 789c 5772 2014 0000 012e bd50 a41b 9560 x.Wr ......P...` 100 93e3 248d 390d 8a2c 33b6 8410 c5e7 94ef ..$.9..,3....... 110 bbd2 13b4 51ae 198c 02c9 ee77 2214 0000 ....Q......w"... 120 012d 11fe 25b0 22a2 eec0 48e0 c180 8d30 .-..%."...H....0 130 d424 0000 014d 000c 0001 c0a8 afc8 0000 .$...M.......... 140 014e 000c 0001 c0a8 af05 0000 0103 0058 .N.............X 150 0000 0000 0105 0018 0000 7346 1b43 2b06 ..........sF.C+. 160 8d54 95dc a465 16c5 5bcb 0000 0106 000c .T...e..[....... 170 0000 be41 5cc0 0000 011d 000c 0000 0000 ...A\........... 180 0001 0000 011e 000c 0000 0000 0000 0000 ................ 190 011f 0014 0000 5602 4063 20b0 a976 799d ......V.@c ..vy. 1a0 4888 H. Basically, it looks like a bad packet. The length is zero, some reserved bits are set, etc. But, at least it doesn't crash the new dissector :) On Fri, Feb 23, 2001 at 02:54:31PM -0800, Kevin Purser wrote: > Hello All, > > When using ethereal to parse Diameter messages, a couple of bugs have been noticed: > > As a minor issue, a number of AVP codes are unrecognized... > (257) Host IP address > (264) Host name > (291) Authorization lifetime > (293) Destination NAI > > A slightly more important issue relates to the parsing of Home-Agent-MIP-Answer messages. The Diameter header is parsed fully, but the Attribute value pairs list is not expandable. The hex dump does show the AVPs, which appear to be correct, but it seems as though ethereal is unable to begin parsing the AVP data. I have attached the dump in (in libpcap format) for assistance. > > Thanks, > +++++++++++++++++++++++++++++++++++++++ > Kevin Purser, Software Engineer III > Mobile Networking Research > Phone: +1 (510) 305-6100 > Fax: +1 (510) 666-3999 > +++++++++++++++++++++++++++++++++++++++ > Ericsson Berkeley Wireless Center > 2100 Shattuck Avenue > Berkeley, CA 94704 > +++++++++++++++++++++++++++++++++++++++
- References:
- [Ethereal-dev] (no subject)
- From: Kevin Purser
- [Ethereal-dev] (no subject)
- Prev by Date: [Ethereal-dev] (no subject)
- Next by Date: [Ethereal-dev] Re: TCP graphs for ethereal
- Previous by thread: [Ethereal-dev] (no subject)
- Next by thread: [Ethereal-dev] Re: [Ethereal-users] Adding MPEG payload type to packet-rtp.c?
- Index(es):