| Bug ID |
10620
|
| Summary |
ICMP packet is incomplete, yet Wireshark reports bad checksum
|
| Product |
Wireshark
|
| Version |
1.10.6
|
| Hardware |
x86-64
|
| OS |
Ubuntu
|
| Status |
UNCONFIRMED
|
| Severity |
Minor
|
| Priority |
Low
|
| Component |
Dissection engine (libwireshark)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Created attachment 13196 [details]
This Packet too Big contains an unverifiable checksum at the end of the header
queue.
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Also tested on Wireshark 1.12.1 on Windows.
--------
I have a IPv6 network. I sent a big, non-fragmentable ping. The packet tried to
cross over a small link, and I got a "Packet too Big" ICMP error out of it. So
far, so good.
As far as I know, ICMP errors obey the following rules:
- An ICMP error contains as "payload" the original packet which caused the
error.
- This "inner" packet can be truncated. This is perfectly legal.
Wireshark complains because the checksum of the **inner** packet (ie. the
original packet) is incorrect. Yet, the inner packet's IPv6 header reports 1408
bytes should follow, but its payload is actually 528 long. Shouldn't Wireshark
be unable to validate this checksum?
You are receiving this mail because:
- You are watching all bug changes.