https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5651
Summary: TCP analysis is not performed if options field has
been truncated
Product: Wireshark
Version: 1.5.x (Experimental)
Platform: Other
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: turney_cal@xxxxxxx
Build Information:
Version 1.5.1 (SVN Rev Unknown from unknown)
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.16.6, with GLib 2.24.2, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Jan
25 2011), with AirPcap.
Running on 64-bit Windows 7, build 7600, with WinPcap version 4.1.2 (packet.dll
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.
Built using Microsoft Visual C++ 10.0 build 30319
--
The minimum TCP header length with one TCP option is 32. If it's > 20 but <
32, the capture has been frame-sliced. If so, the code that dissects the
options field should be skipped; otherwise, an exception gets thrown which
prevents the packet from being analyzed (tcp_analyze_seq) if configured to do
so.
Note the TCP analysis feature does not use or require any of the info in the
options field including such things as SACK ranges, so there is no do downside
to allowing analysis to proceed when the options field is truncated provided
the entire 20-byte TCP header is intact.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.