Wireshark-bugs: [Wireshark-bugs] [Bug 9604] PN-CBA shown because of changing application data

Date: Sat, 28 Dec 2013 17:45:07 +0000

Comment # 1 on bug 9604 from
(In reply to comment #0)
> Created attachment 12392 [details]
> Screenshot of both traces

Can you upload a small capture file?  Screenshots are not that useful for
testing purposes.

> the Profinet IO interpretation seems to get something wrong.
> See the screenshot attached, left side 0x10 it's FF, right side it's 11.
> Which changes the reported protocol to PN-CBA all for sudden.

The Profinet IO dissector heuristic code seems to specifically treat the byte
as a version (u8CBAVersion) and handles dissection differently if it's 0x11. 
>From what I can tell, this would appear to happen at line 9385 (see:
http://anonsvn.wireshark.org/viewvc/trunk/plugins/profinet/packet-dcerpc-pn-io.c?revision=54250&view=markup) 

Since I don't have access to the Profinet IO Specifications (at
http://www.profibus.com/download/specifications-standards/, presumably), I
can't verify whether this is correct or not.


You are receiving this mail because:
  • You are watching all bug changes.