http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1806
Summary: IP dissector Expert Info flags packets with a low TTL
when the TTL should be low
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: todd.martin@xxxxxxx
Build Information:
Version 0.99.7-tjm-trunk-1 (SVN Rev 22683)
Compiled with GTK+ 2.10.12, with GLib 2.12.13, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1,
with
GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio PortAudio
V19-devel, with AirPcap.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 3.1
(packet.dll version 3, 1, 0, 27), based on libpcap version 0.9[.x], without
AirPcap.
Built using Microsoft Visual C++ 8.0 build 50727
--
The IP dissector uses Expert Info to flag all packets with a TTL less than 5.
If a packet's destination IP address is in the 224.0.0.0/24 network block, then
the TTL is supposed to be 1. In RFC 3171, 224.0.0.0/24 is reserved for
multicast packets that go only to directly connected hosts so they should never
be routed. These packets will generally have a TTL of 1.
This patch prevents the dissector from flagging packets with a low TTL if the
destination address is in the 224.0.0.0/24 block. It also adds a check that
flags packets destined to that address who have a TTL greater than 1.
The attached capture shows this problem in the context of the OSPF protocol.
The OSPF Hello packets get flagged by the IP dissector because of the TTL is 1
even though that is exactly what RFC 2328 specifies should happen.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.