https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4716
Summary: tcp dissector doesn't decode TCP segments of length 1
Product: Wireshark
Version: 1.2.6
Platform: x86
OS/Version: Windows XP
Status: NEW
Severity: Major
Priority: Medium
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: alantu@xxxxxxxx
Created an attachment (id=4577)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4577)
data.pcap is a pcap that demonstrates the bug.
Build Information:
TShark 1.2.6 (SVN Rev 31702)
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.22.3, with WinPcap (version unknown), with libz 1.2.3,
without POSIX capabilities, without libpcre, with SMI 0.4.8, with c-ares 1.7.0,
with Lua 5.1, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT Kerberos, with
GeoIP.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5.
Built using Microsoft Visual C++ 9.0 build 30729
--
Please ignore bad IP checksums, IP addresses have been rewritten.
Run
tshark -r data.pcap -T fields -e frame.number -e tcp.seq -e tcp.len -e
tcp.nxtseq -e data.data
Notice that frame 5 shows tcp.len of 1, tcp.seq of 105, and tcp.nxtseq is 106.
There is a TCP payload of 1 byte! Yet tshark thinks this is a window probe and
doesn't recognize the data payload. data.data should display the hex of the
1-byte payload in frame 5.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.