Wireshark-bugs: [Wireshark-bugs] [Bug 2614] LDAP stats wrong when sequence numbers repeat

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Tue, 16 Jun 2009 04:29:10 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2614


Graeme Lunt <graeme@xxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |graeme@xxxxxxxxxxx
             Status|NEW                         |ASSIGNED




--- Comment #1 from Graeme Lunt <graeme@xxxxxxxxxxx>  2009-06-16 04:29:09 PDT ---
(In reply to comment #0)
> Build Information:
> wireshark 1.0.0
> 
> Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
> This is free software; see the source for copying conditions. There is NO
> warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> 
> Compiled with GTK+ 2.12.8, with GLib 2.14.6, with WinPcap (version unknown),
> with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.5,
> with ADNS, with Lua 5.1, with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT
> Kerberos, with PortAudio V19-devel, with AirPcap.
> 
> Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.2
> (packet.dll version 4.0.0.1040), based on libpcap version 0.9.5, without
> AirPcap.
> 
> Built using Microsoft Visual C++ 6.0 build 8804
> --
> The LDAP statistics take a response packet and find the first packet in the
> file with the same sequence number from the same flow and declare that packet
> to be the request. In fact, sequence numbers can be re-used in the same flow
> and hence the search should go back up the file for the most recent matching
> sequence number instead of starting at the top.
> 
> The result is incorrect statistics and response times which are meaningless.
> 
> In my case, the LDAP client restarts the sequence number at 1 when it reaches
> 255.
> 

This looks like it should work as once a request is matched to its response it
should no longer be available to match another response with the same message
id.

Do you have an example capture you could post/send me and I will investigate
further?

Graeme


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.