http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2125
Summary: DCE RPC fragments are reassembled wrongly
Product: Wireshark
Version: 0.99.6
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Major
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: yamisoe@xxxxxxxxx
Build Information:
wireshark 0.99.6a (SVN Rev 22276)
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.10.12, with GLib 2.12.12, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.
Built using Microsoft Visual C++ 6.0 build 8804
--
I sent a SRVSVC request, and the DCE RPC payload in response to this first
request is 1024 bytes long, then I sent another ReadAndX SMB request to read
remaining payload according to the fragment length.
Even though, the second read is less than 1024 bytes, WireShark reassembling
status shows that two fragments are all 1024 bytes long.
The traffic is captured by tcpdump, and I open the same file in Ethereal, and
it works well.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.