Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 1438] New: atm-pdus-untruncated support for libpcap files

Wireshark-bugs: [Wireshark-bugs] [Bug 1438] New: atm-pdus-untruncated support for libpcap files

Date: Wed, 14 Mar 2007 11:35:38 +0000 (GMT)

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1438

           Summary: atm-pdus-untruncated support for libpcap files
           Product: Wireshark
           Version: 0.99.5
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Medium
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: j.pedro.fonseca@xxxxxxxxxxxxxxx


Build Information:
wireshark 0.99.5

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.6.4, with GLib 2.6.4, with libpcap 0.9.5, with libz 1.2.2,
without libpcre, without Net-SNMP, without ADNS, without Lua, without GnuTLS,
without Gcrypt, without Kerberos, without PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.20, with libpcap version 0.9.5.

Built using gcc 3.3.5 (Debian 1:3.3.5-13).

--
Wireshark can read ERF files (Endace proprietary format for captures using
their cards) containing ATM data.

However, when using mergecap, editcap and tshark to post-process the
files, they convert EFF files to libpcap format, using the atm-pdus
encapsulation type.

This encapsulation type states that the AAL5 trailers are not included
in the captured data, but the conversion process leaves the trailer in
anyway. This is probably because there is no libpcap equivalent of the
atm-pdus-untruncated encapsulation type, and a best effort conversion is
made.

The problem is that the ATM dissector assumes that no trailer is
present, and some higher-level protocol dissectors (SSCOP, for example)
are not working well as a result.

The perfect way of solving this problem would be to create a libpcap
format equivalent to atm-pdus-untruncated, and modify the ERF->libpcap
conversion code to use it - but this may take a little more time and
effort.

The simplest way is to add a configuration option to the ATM dissector, to
allow forcing atm-pdus files to be treated as atm-pdus-untruncated.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Follow-Ups:
- [Wireshark-bugs] [Bug 1438] atm-pdus-untruncated support for libpcap files
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1438] atm-pdus-untruncated support for libpcap files
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1438] atm-pdus-untruncated support for libpcap files
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1438] atm-pdus-untruncated support for libpcap files
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1438] atm-pdus-untruncated support for libpcap files
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 1438] atm-pdus-untruncated support for libpcap files
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 1437] klive packet classified as TAPA respectively DNS
Next by Date: [Wireshark-bugs] [Bug 1438] atm-pdus-untruncated support for libpcap files
Previous by thread: [Wireshark-bugs] [Bug 1437] klive packet classified as TAPA respectively DNS
Next by thread: [Wireshark-bugs] [Bug 1438] atm-pdus-untruncated support for libpcap files
Index(es):
- Date
- Thread