Wireshark-bugs: [Wireshark-bugs] [Bug 1273] New: Hex/ASCII dump of reassembled TCP packet

Date: Tue, 19 Dec 2006 16:20:44 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1273

           Summary: Hex/ASCII dump of reassembled TCP packet
           Product: Wireshark
           Version: 0.99.4
          Platform: PC
        OS/Version: FreeBSD
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: tyriker@xxxxxxxxxxxxxxx


Build Information:
TShark 0.99.4

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 1.2.10, with libpcap 0.9.1, with libz 1.2.2, without
libpcre,
without UCD-SNMP or Net-SNMP, without ADNS, without Lua, with GnuTLS 1.4.4,
with
Gcrypt 1.2.3, with Heimdal Kerberos.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on FreeBSD 6.2-RC1, with libpcap version 0.9.1.

Built using gcc 3.4.4 [FreeBSD] 20050518.
--
It seems tshark displays improper data when attempting to display a hex/ASCII
dump (-x option) of a reassembled TCP packet. Also, the output of the packet
tree (-V option) also show improper data in the [Protocols in frame...] line.

I haven't done much more troubleshooting other than observing that the output
appears incorrect. Inspecting the packet with the Wireshark GUI doesn't seem to
be a problem.

Running the following on the attached packet capture displays the problem (on a
FreeBSD system). Frame 2 is a reassembled packet:

/usr/local/bin/tshark -V -r HTTP-172.16.1.102-66.230.200.228.cap -R
"frame.number == 2" | more


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.