https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5153
Summary: Multiple DRDA commands in one frame are not shown by
heuristic dissector
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: matthieu.lochegnies@xxxxxxxxxxxxxxxxxxxxxx
Created an attachment (id=5096)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5096)
Fix to show multiples DRDA commands from the same frame
Build Information:
TShark 1.5.0 (SVN Rev 33948 from /trunk)
Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.22.5, with libpcap 1.0.0, with libz 1.2.3,
without
POSIX capabilities, without libpcre, without SMI, without c-ares, without ADNS,
without Lua, without Python, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with MIT
Kerberos, without GeoIP.
Running on Linux 2.6.32-44.1.el6.x86_64, with libpcap version 1.0.0, with libz
1.2.3.
Built using gcc 4.4.4 20100630 (Red Hat 4.4.4-10).
--
When a frame contains more than one DRDA command, although wireshark shows all
of them in the detail panel:
- only the first command appears in wireshark's "INFO" column;
- tshark only decodes the first command, even in verbose mode.
In wireshark's detail panel, the dissector detects one PDU per command (via
get_drda_pdu_len()), and dissect_drda() is called with a precise tvb for each
command.
On the contrary in wireshark's list and in tshark's output, dissect_drda() is
given the entire frame in one tvb. If dissect_drda() only parses the first
command, the resulting output is incomplete.
The proposed patch makes dissect_drda() iterate on the commands.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.