Wireshark-bugs: [Wireshark-bugs] [Bug 1273] New: Hex/ASCII dump of reassembled TCP packet
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1273
Summary: Hex/ASCII dump of reassembled TCP packet
Product: Wireshark
Version: 0.99.4
Platform: PC
OS/Version: FreeBSD
Status: NEW
Severity: Normal
Priority: Low
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: tyriker@xxxxxxxxxxxxxxx
Build Information:
TShark 0.99.4
Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 1.2.10, with libpcap 0.9.1, with libz 1.2.2, without
libpcre,
without UCD-SNMP or Net-SNMP, without ADNS, without Lua, with GnuTLS 1.4.4,
with
Gcrypt 1.2.3, with Heimdal Kerberos.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on FreeBSD 6.2-RC1, with libpcap version 0.9.1.
Built using gcc 3.4.4 [FreeBSD] 20050518.
--
It seems tshark displays improper data when attempting to display a hex/ASCII
dump (-x option) of a reassembled TCP packet. Also, the output of the packet
tree (-V option) also show improper data in the [Protocols in frame...] line.
I haven't done much more troubleshooting other than observing that the output
appears incorrect. Inspecting the packet with the Wireshark GUI doesn't seem to
be a problem.
Running the following on the attached packet capture displays the problem (on a
FreeBSD system). Frame 2 is a reassembled packet:
/usr/local/bin/tshark -V -r HTTP-172.16.1.102-66.230.200.228.cap -R
"frame.number == 2" | more
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
