Ethereal-dev: Re: [Ethereal-dev] (no subject)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: David Frascone <dave@xxxxxxxxxxxx>
Date: Fri, 23 Feb 2001 17:56:54 -0600
Here is the output of the new dissector on that packet (with tethereal)
chaos[chaos]: chaos$ tethereal -Vx -r ~/newman/HAAdump 
Frame 1 (418 on wire, 418 captured)
    Arrival Time: Feb 23, 2001 16:03:44.3737
    Time delta from previous packet: 0.000000 seconds
    Time relative to first packet: 0.000000 seconds
    Frame Number: 1
    Packet Length: 418 bytes
    Capture Length: 418 bytes
Ethernet II
    Destination: 00:90:27:1b:e2:a6 (Intel_1b:e2:a6)
    Source: 00:a0:c9:af:85:41 (Intel_af:85:41)
    Type: IP (0x0800)
Internet Protocol
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
        0000 00.. = Differentiated Services Codepoint: Default (0x00)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 404
    Identification: 0xd688
    Flags: 0x04
        .1.. = Don't fragment: Set
        ..0. = More fragments: Not set
    Fragment offset: 0
    Time to live: 64
    Protocol: TCP (0x06)
    Header checksum: 0x837e (correct)
    Source: 192.168.175.5 (192.168.175.5)
    Destination: 192.168.175.6 (192.168.175.6)
Transmission Control Protocol, Src Port: 1393 (1393), Dst Port: radius (1812), Seq: 2572762877, Ack: 2576499523
    Source port: 1393 (1393)
    Destination port: radius (1812)
    Sequence number: 2572762877
    Next sequence number: 2572763229
    Acknowledgement number: 2576499523
    Header length: 32 bytes
    Flags: 0x0018 (PSH, ACK)
        0... .... = Congestion Window Reduced (CWR): Not set
        .0.. .... = ECN-Echo: Not set
        ..0. .... = Urgent: Not set
        ...1 .... = Acknowledgment: Set
        .... 1... = Push: Set
        .... .0.. = Reset: Not set
        .... ..0. = Syn: Not set
        .... ...0 = Fin: Not set
    Window size: 32120
    Checksum: 0x02ab (correct)
    Options: (12 bytes)
        NOP
        NOP
        Time stamp: tsval 189124625, tsecr 189144488
Diameter Protocol
    Reserved: 0x09
    Packet flags: 0x00  E:0 I:0 R:0 (Indication)
    .... .000 = Version: 0x00
    Length: 0
    Identifier: 0x30d832a1
    Command Code: Home-Agent-MIP-Answer (263)
    VendorId: 0

   0  0090 271b e2a6 00a0 c9af 8541 0800 4500   ..'........A..E. 
  10  0194 d688 4000 4006 837e c0a8 af05 c0a8   ....@.@..~...... 
  20  af06 0571 0714 9959 3efd 9992 4343 8018   ...q...Y>...CC.. 
  30  7d78 02ab 0000 0101 080a 0b45 d011 0b46   }x.........E...F 
  40  1da8 0900 0000 30d8 32a1 0000 0107 0000   ......0.2....... 
  50  0000 0000 0107 001a 0001 6661 3140 636f   ..........fa1@co 
  60  7270 2e63 6f6d 0714 30d8 32a1 0000 0000   rp.com..0.2..... 
  70  0125 0014 0000 6661 3140 636f 7270 2e63   .%....fa1@corp.c 
  80  6f6d 0000 010c 000c 0001 0000 07d1 0000   om.............. 
  90  0141 00a4 0001 0300 0807 c0a8 afc8 c0a8   .A.............. 
  a0  af05 3a96 dcb9 3a96 dd0e 830c 6b65 7640   ..:...:.....kev@ 
  b0  636f 7270 2e63 6f6d 2a01 001c 0000 0708   corp.com*....... 
  c0  0000 0002 0000 012e 8a29 8d91 c043 0db9   .........)...C.. 
  d0  1f2d ae46 ac5b 1b5e 2807 0018 0000 0002   .-.F.[.^(....... 
  e0  0000 012c b39a 84c0 2210 788e 92fd 8f40   ...,....".x....@ 
  f0  789c 5772 2014 0000 012e bd50 a41b 9560   x.Wr ......P...` 
 100  93e3 248d 390d 8a2c 33b6 8410 c5e7 94ef   ..$.9..,3....... 
 110  bbd2 13b4 51ae 198c 02c9 ee77 2214 0000   ....Q......w"... 
 120  012d 11fe 25b0 22a2 eec0 48e0 c180 8d30   .-..%."...H....0 
 130  d424 0000 014d 000c 0001 c0a8 afc8 0000   .$...M.......... 
 140  014e 000c 0001 c0a8 af05 0000 0103 0058   .N.............X 
 150  0000 0000 0105 0018 0000 7346 1b43 2b06   ..........sF.C+. 
 160  8d54 95dc a465 16c5 5bcb 0000 0106 000c   .T...e..[....... 
 170  0000 be41 5cc0 0000 011d 000c 0000 0000   ...A\........... 
 180  0001 0000 011e 000c 0000 0000 0000 0000   ................ 
 190  011f 0014 0000 5602 4063 20b0 a976 799d   ......V.@c ..vy. 
 1a0  4888                                      H.               



Basically, it looks like a bad packet.  The length is zero, some reserved bits
are set, etc.  But, at least it doesn't crash the new dissector :)

On Fri, Feb 23, 2001 at 02:54:31PM -0800, Kevin Purser wrote:
> Hello All,
> 
> When using ethereal to parse Diameter messages, a couple of bugs have been noticed:
> 
> As a minor issue, a number of AVP codes are unrecognized...
>     (257) Host IP address
>     (264) Host name
>     (291) Authorization lifetime
>     (293) Destination NAI
> 
> A slightly more important issue relates to the parsing of Home-Agent-MIP-Answer messages.  The Diameter header is parsed fully, but the Attribute value pairs list is not expandable.  The hex dump does show the AVPs, which appear to be correct, but it seems as though ethereal is unable to begin parsing the AVP data.  I have attached the dump in (in libpcap format) for assistance.
> 
> Thanks,
> +++++++++++++++++++++++++++++++++++++++
> Kevin Purser, Software Engineer III
> Mobile Networking Research
> Phone: +1 (510) 305-6100
> Fax: +1 (510) 666-3999
> +++++++++++++++++++++++++++++++++++++++
> Ericsson Berkeley Wireless Center
> 2100 Shattuck Avenue
> Berkeley, CA  94704
> +++++++++++++++++++++++++++++++++++++++