Ethereal-dev: Re: [Ethereal-dev] Illegal output when looking at dns tcp axfers

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <gharris@xxxxxxxxx>
Date: Mon, 26 Aug 2002 11:38:16 -0700
On Mon, Aug 26, 2002 at 07:58:22PM +0200, Joerg Mayer wrote:
> I'm running the following setup on a primary dns server:
> tethereal -n tcp port 53
> with
> tcp.desegment_tcp_streams: FALSE
> When I do a zone transfer, I receive very long lines and garbage
> characters.

I.e., Tethereal misdissects zone transfers?

Tethereal and Ethereal do run the risk of misdissecting stuff if

	1) a protocol running over TCP appears in the packet and has
	   PDUs that cross TCP segments;

	2) TCP desegmentation is turned off or the dissector for the
	   protocol doesn't support desegmentation or it supports
	   desegmentation but desegmentation for that protocol has been
	   turned off

as it'll try to dissect the middle of the PDU as if it were the
beginning of the PDU.

Zone transfers are very likely to be an example of 1), and 2) is
definitely the case with "tcp.desegment_tcp_streams: FALSE".