https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5551
Summary: ICMP Type Code wrong
Product: Wireshark
Version: 1.2.1
Platform: x86
OS/Version: Windows XP
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: skeetabomb@xxxxxxxxx
Created an attachment (id=5704)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=5704)
Screenshot of ICMP packet with incorrect Type/Code values in columns.
Build Information:
Version 1.2.1 (SVN Rev 29141)
Copyright 1998-2009 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.16.2, with GLib 2.20.3, with WinPcap (version unknown),
with libz 1.2.3, without POSIX capabilities, with libpcre 7.0, with SMI 0.4.8,
with c-ares 1.6.0, with Lua 5.1, with GnuTLS 2.8.1, with Gcrypt 1.4.4, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 19 2009), with
AirPcap.
Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.1
(packet.dll version 4.1.0.1753), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.1, Gcrypt 1.4.4, without AirPcap.
Built using Microsoft Visual C++ 9.0 build 30729
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Custom GUI Preferences:
Added columns to display 'icmp.type' and 'icmp.code'
Scenario:
Running IPv4 ICMP packet capture.
Event:
ICMP Time-to-live-exceeded packet captured (ICMP Type 11 Code 0) in response to
a ping packet (ICMP Echo Request - Type 8 Code 0).
Buggy Behaviour (Queen's English):
The actual values displayed in the 'icmp.type' and 'icmp.code' columns are
(Type) '8' and (Code) '0' respectively, whereas they should technically be '11'
and '0' respectively for 'this' packet. The Information column reads correctly
that 'this' packet is an ICMP TTL Exceeded packet.
I think this is misleading and confusing behaviour.
Forgive me if this has been fixed in subsequent code versions. I have the
latest elsewhere and will check this capture against that to see if it still
decodes these columns with incorrect values.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.