http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2222
Summary: Decoding RFC1006 (TPKT)
Product: Wireshark
Version: 0.99.7
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: john.dite@xxxxxxxxxxx
Created an attachment (id=1412)
--> (http://bugs.wireshark.org/bugzilla/attachment.cgi?id=1412)
Wiresharktrace file with an example of the described problem
Build Information:
wireshark 0.99.6a (SVN Rev 22276)
--
A captured frame may contain one or more RFC1006 parts.
Wireshark at present only disects(?)and decodes the first RFC1006 unit and the
protocols therin that it encounters and ignores any others that may still be in
the captured frame.
In the enclosed attachment: Workstation_100108.zip
I have enclosed a tracefile:
Workstation_100108.cap
In the Workstation_100108.cap trace file see Frame 4336 09:44:44.125000
It contains a RFC1006 Header (TPKT, Version: 3, Length: 1028).
Within the first part of the RFC1006 stream the ISO 8073 COTP is correctly
decoded.
However, this frame contains the next part of of the RFC1006 Header (see
%X043A).
Again this RFC1006 Header indicates TPKT, Version: 3, Length: 1028 even though
not all the data is (or has to be) present in this frame.
Could Wireshark not disect/decode this next header and the protocols contained
therein?
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.