http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1947
Summary: VNC dissector does not decode properly non-authenticated
VNC sessions
Product: Wireshark
Version: SVN
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: mykaul@xxxxxxxxx
Build Information:
C:\wireshark\wireshark-gtk2>tshark.exe -v
TShark 0.99.7
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.14.2, with WinPcap (version unknown), with libz 1.2.3,
with
libpcre 6.4, with SMI 0.4.5, with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with
Gcrypt 1.2.3, with MIT Kerberos.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5.
Built using Microsoft Visual C++ 8.0 build 50727
--
The dissector is actually written quite badly (no offense). It is looking for
the first 9 packets, disregarding (almost) that there may be different states.
Two examples:
1. No authentication - (this bug) - if there's no authentication, the fifth
packet and on are not dissected properly. The code assumes there's always
authentication.
2. Different authentication methods - there might be other packets in between,
if there is some kind of authentication different than VNC auth.
The first issue is much more annoying and common than the 2nd one.
Anyway, I'd expect the code to be completely different: a client and server
state machine, where the state is saved in the per-conversation data.
I've tried to change the dissector, but it's actually way too much re-writing,
which I rather not do as it may be incomplete and break more than it'll fix.
I'd be very happy to test fixes, though!
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.