| Bug ID |
9749
|
| Summary |
Fields TCP.len and UDP.length behave different in terms of Header length
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
1.10.5
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
Wireshark
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
ersion 1.10.5 (SVNRev 54262 from /trunk-1.10)
Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Dec 19 2013), with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel(R) Core(TM) i7-3520M CPU @ 2.90GHz, with 16080MB of physical
memory.
Built using Microsoft Visual C++ 10.0 build 40219
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
Hi all - hope not to bother you.
Sorry if this is not an actual bug (enhancement) or a mistake on my side, but
since i know you are very serious people, i figured i will express this super
easy problem.
In my traces, I need to have a custom column that shows the PAYLOAD length in
bytes ABOVE Layer 4 (TCP or UDP), i.e., do not include the length that takes
the UDP or TCP header itself.
* TCP - For TCP i use tcp.len. It yields length above TCP (i.e., SYN, ACK only
packets will display a length of ZERO). This is OK.
* UDP - The error appears in UDP. There is no way to account only the number of
Bytes ABOVE UDP header. In essence, udp.length behaves differently as it
includes the payload after UDP PLUS the length of the UDP header (8 bytes).
Therefore, both behave differently. There should be a way of only counting, for
UDP, payload after the header, either by introducing a new field in the UDP
filtering methods or fixing this one (udp.length).
------------------------------
PS: I know it sounds very silly but I love wireshark and will like to help. For
instance, I really need this feature for easy of analysis and Exporting data
cleanly (and not do further actions to substract the 8 bytes to each UDP
packet). Sorry again if this is not valid. Thanks !!
You are receiving this mail because:
- You are watching all bug changes.