Wireshark-bugs: [Wireshark-bugs] [Bug 2116] New: Incorrect Malformed Packet Error in UCP Protoco
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2116
Summary: Incorrect Malformed Packet Error in UCP Protocol
Product: Wireshark
Version: SVN
Platform: PC
OS/Version: All
Status: NEW
Severity: Major
Priority: Medium
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: larry@xxxxxxxxxx
Build Information:
Version 0.99.6a (SVN Rev 22276)
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.10.12, with GLib 2.12.12, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.4, with ADNS, with Lua 5.1,
with GnuTLS 1.6.1, with Gcrypt 1.2.3, with MIT Kerberos, with PortAudio
PortAudio V19-devel, with AirPcap.
Running on Windows XP Service Pack 2, build 2600, with WinPcap version 4.0.1
(packet.dll version 4.0.0.901), based on libpcap version 0.9.5, without
AirPcap.
Built using Microsoft Visual C++ 6.0 build 8804
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
During a regular Wireshark trace of UCP packets running over ethernet, I noted
that Wireshark said the login packet was malformed, even though it looked OK
and the server responded correctly. After looking at the UCP protocol, it
became clear that Wireshark was parsing a type 60 message which only has one
Reserverd field (RES1) and expecting it to have two Reserved fields (RES1 and
RES2) like a type 61 message. This is because it is using the same function to
parse both messages, and does not have a conditional for the type 60 field.
The EMI specification is here, with the important messages in sections 6.3 and
6.4: http://www.nowsms.com/discus/messages/1/EMI_UCP_Specification_40-8156.pdf
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.