Ethereal-dev: Re: [Ethereal-dev] v0.9.5 hangs on bad IP protocol field.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Tue, 30 Jul 2002 00:10:51 -0700
On Tue, Jul 30, 2002 at 11:39:48AM +1000, ALEX LAM wrote:
> Attached is a sniffer trace that will hang 0.9.5 because the protocol
> field in the IP header (0x47) is bad.

Well, when I try running the current CVS version, it reports

	The file "/tmp/TEST4.bad.dat" is a capture for a network type
	that Ethereal doesn't support.

and prints to the console

	Message: pcap: network type 120 unknown or unsupported

That network type wasn't supported in 0.9.5, either; I have the
description of the Aironet header, but I don't yet know what all the
fields in it are.

> In fact, parts of the IP header is erronous. Everything works fine when
> I change 0x47 from the erronous 0x2e
> to 0x11 (UDP)
> 
> Perhaps ethereal should stop parsing when it realises that the packet is
> erronous.

Or perhaps it should have the bugs that cause it to loop when it sees
bad data fixed, so that if erroneous packets are captured, but fields
*following* the erroneous field are invalid, it can, if possible, still
dissect those fields, in case they have useful information to whoever's
trying to debug the problem causing erroneous packets to be transmitted.