Wireshark-bugs: [Wireshark-bugs] [Bug 1871] New: SIP pkt in Hammer cap file incorrectly analysed

Date: Thu, 27 Sep 2007 10:00:50 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1871

           Summary: SIP pkt in Hammer cap file incorrectly analysed as SAIA
                    S-BUS
           Product: Wireshark
           Version: 0.99.6
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: craig_watkinson@xxxxxxxxxxx


Build Information:
Version 0.99.6a (SVN Rev 22276)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.10.12, with GLib 2.12.12, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.

Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.

Built using Microsoft Visual C++ 6.0 build 8804

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
[Apologies if this is duplicated - I tried to create a bug yesterday, but I am
unable to see it, so assume this failed]

Some packets in a capture taken from a Hammer call analyser are being
incorrectly analysed as SAIA S-Bus packets. Other packets between the same two
hosts are being interpreted correctly. Previous versions of Ethereal (v0.10.12)
did analyse these captures correctly.

An example of an incorrectly interpreted packet is below, and cap file is
available if required.


0000  00 03 ba 99 a6 74 00 03  ba 99 94 ba 08 00 45 00   .....t.. ......E.
0010  01 a9 1c ae 40 00 ff 11  eb 63 51 90 67 8c 51 90   ....@... .cQ.g.Q.
0020  67 85 13 c4 13 ba 01 95  25 53 53 49 50 2f 32 2e   g....... %SSIP/2.
0030  30 20 31 30 30 20 54 72  79 69 6e 67 0d 0a 56 69   0 100 Tr ying..Vi
0040  61 3a 20 53 49 50 2f 32  2e 30 2f 55 44 50 20 38   a: SIP/2 .0/UDP 8
0050  31 2e 31 34 34 2e 31 30  33 2e 31 33 33 3a 35 30   1.144.10 3.133:50
0060  35 30 3b 62 72 61 6e 63  68 3d 7a 39 68 47 34 62   50;branc h=z9hG4b
0070  4b 2a 30 30 32 65 2d 30  30 30 30 33 36 62 33 2d   K*002e-0 00036b3-
0080  30 62 65 30 2a 30 30 2d  62 74 73 69 70 2e 62 74   0be0*00- btsip.bt
0090  2e 63 6f 6d 2d 2b 34 34  35 36 30 30 39 30 39 31   .com-+44 56009091
00a0  39 33 2e 62 0d 0a 56 69  61 3a 20 53 49 50 2f 32   93.b..Vi a: SIP/2
00b0  2e 30 2f 55 44 50 20 38  31 2e 31 34 34 2e 31 30   .0/UDP 8 1.144.10
00c0  33 2e 31 34 30 3b 62 72  61 6e 63 68 3d 7a 39 68   3.140;br anch=z9h
00d0  47 34 62 4b 2a 30 30 32  65 2d 30 30 30 30 32 64   G4bK*002 e-00002d
00e0  33 65 2d 30 38 38 31 0d  0a 46 72 6f 6d 3a 20 22   3e-0881. .From: "
00f0  34 34 35 36 30 30 39 30  39 31 39 32 22 20 3c 73   44560090 9192" <s
0100  69 70 3a 34 34 35 36 30  30 39 30 39 31 39 32 40   ip:44560 0909192@
0110  62 74 73 69 70 2e 62 74  2e 63 6f 6d 3e 3b 74 61   btsip.bt .com>;ta
0120  67 3d 30 30 38 32 2d 30  30 30 30 31 38 62 33 2d   g=0082-0 00018b3-
0130  30 38 38 30 0d 0a 54 6f  3a 20 3c 73 69 70 3a 30   0880..To : <sip:0
0140  35 36 30 30 39 30 39 31  39 33 40 62 74 73 69 70   56009091 93@btsip
0150  2e 62 74 2e 63 6f 6d 3e  0d 0a 43 61 6c 6c 2d 49   .bt.com> ..Call-I
0160  44 3a 20 30 30 38 32 2d  30 30 30 30 31 38 62 33   D: 0082- 000018b3
0170  2d 30 38 38 30 34 36 66  37 38 63 35 39 2d 35 62   -088046f 78c59-5b
0180  32 37 2d 31 32 61 33 30  39 38 40 73 69 70 75 61   27-12a30 98@sipua
0190  0d 0a 43 53 65 71 3a 20  31 20 49 4e 56 49 54 45   ..CSeq:  1 INVITE
01a0  0d 0a 43 6f 6e 74 65 6e  74 2d 4c 65 6e 67 74 68   ..Conten t-Length
01b0  3a 20 30 0d 0a 0d 0a                               : 0....


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.