Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 2276] New: SSAP/DSAP 0x0606 does start IPv4 parsing

Wireshark-bugs: [Wireshark-bugs] [Bug 2276] New: SSAP/DSAP 0x0606 does start IPv4 parsing

Date: Sun, 17 Feb 2008 10:56:01 +0000 (GMT)

http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2276

           Summary: SSAP/DSAP 0x0606 does start IPv4 parsing
           Product: Wireshark
           Version: 0.99.7
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: eyals@xxxxxxxxxxxxxxxx


Build Information:
wireshark 0.99.7

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.2.4, with GLib 2.2.3, with libpcap 0.7.2, with libz 1.1.4,
without libpcre, without SMI, without ADNS, without Lua, without GnuTLS,
without
Gcrypt, without Kerberos, without PortAudio, without AirPcap.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.4.21-40.ELsmp, with libpcap (version unknown).

Built using gcc 3.2.3 20030502 (Red Hat Linux 3.2.3-54).

--
I used text2pcap to put generate an IP packet inside of an LLC packet (no
SNAP).   Then I load it into wireshark, but I don't see the ipv4 packet!  The
text for text2pcap is as follows:

#src_port: 0e,  valid_bytes: 00000060
#Ethernet (IEEE_LLLCH):
#  Dest MAC: 0x37c2ae6dcf1d, Src MAC: 0x125807fda98b, type_or_length: 0x0054
#  DSAP: 0x06, SSAP: 0x06, HDLC: 0x47
#  IPv4:
#    Ipv4_Version: 0x4,  Ipv4_IHL: 0x5,  Ipv4_TOS: 0x41, Ipv4_TotalLength:
0x0014
#    Ipv4_ID: 0x85bc, Ipv4_Flags: 0x6,  Ipv4_FragmentOffset: 0x0000
#    Ipv4_TTL: 0xde, Protocol: 0x11, Ipv4_Checksum: 0xd134
#    Ipv4_SrcAddress: 0xa9658bac, Ipv4_DstAddress: 0x559e3af6
#    LAYER4:
#      L4_SrcPort: 0x49b5,  L4_DstPort: 0x8a37, L4_Protocol:   UDP
#      Raw:
#        data[  0: 31][8]:
b2f3500aa4114c5b295b3a11583004a2169eef7103d909d6df13db1987257587
#        data[ 32: 54][8]: f36cf8a2682240a7cf703136c9c2e652cea3c434894ca2
#  FCS: 0xxxxxxxxx
#total byte_size is         96
000000 37 c2 ae 6d cf 1d 12 58 07 fd a9 8b 00 54 06 06
000010 47 45 41 00 14 85 bc c0 00 de 11 d1 34 a9 65 8b
000020 ac 55 9e 3a f6 49 b5 8a 37 b2 f3 50 0a a4 11 4c
000030 5b 29 5b 3a 11 58 30 04 a2 16 9e ef 71 03 d9 09
000040 d6 df 13 db 19 87 25 75 87 f3 6c f8 a2 68 22 40
000050 a7 cf 70 31 36 c9 c2 e6 52 ce a3 c4 34 89 4c a2

I expected a parsed ipv4 header from wireshark, but instead I get:

Frame 1 (96 bytes on wire, 96 bytes captured)
    Arrival Time: Feb 17, 2008 11:56:32.000000000
    [Time delta from previous captured frame: 0.000000000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 0.000000000 seconds]
    Frame Number: 1
    Frame Length: 96 bytes
    Capture Length: 96 bytes
    [Frame is marked: False]
    [Protocols in frame: eth:llc:data]
    [Coloring Rule Name: Broadcast]
    [Coloring Rule String: eth[0] & 1]
IEEE 802.3 Ethernet 
    Destination: 37:c2:ae:6d:cf:1d (37:c2:ae:6d:cf:1d)
        Address: 37:c2:ae:6d:cf:1d (37:c2:ae:6d:cf:1d)
        .... ...1 .... .... .... .... = IG bit: Group address
(multicast/broadcast)
        .... ..1. .... .... .... .... = LG bit: Locally administered address
(this is NOT the factory default)
    Source: 12:58:07:fd:a9:8b (12:58:07:fd:a9:8b)
        Address: 12:58:07:fd:a9:8b (12:58:07:fd:a9:8b)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..1. .... .... .... .... = LG bit: Locally administered address
(this is NOT the factory default)
    Length: 84
Logical-Link Control
    DSAP: TCP/IP (0x06)
    IG Bit: Individual
    SSAP: TCP/IP (0x06)
    CR Bit: Command
    Control field: U, func=Unknown (0x47)
        010. 01.. = Command: Unknown (0x11)
        .... ..11 = Frame type: Unnumbered frame (0x03)
Data (79 bytes)
    Data: 4541001485BCC000DE11D134A9658BAC559E3AF649B58A37...

0000  37 c2 ae 6d cf 1d 12 58 07 fd a9 8b 00 54 06 06   7..m...X.....T..
0010  47 45 41 00 14 85 bc c0 00 de 11 d1 34 a9 65 8b   GEA.........4.e.
0020  ac 55 9e 3a f6 49 b5 8a 37 b2 f3 50 0a a4 11 4c   .U.:.I..7..P...L
0030  5b 29 5b 3a 11 58 30 04 a2 16 9e ef 71 03 d9 09   [)[:.X0.....q...
0040  d6 df 13 db 19 87 25 75 87 f3 6c f8 a2 68 22 40   ......%u..l..h"@
0050  a7 cf 70 31 36 c9 c2 e6 52 ce a3 c4 34 89 4c a2   ..p16...R...4.L.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Follow-Ups:
- [Wireshark-bugs] [Bug 2276] SSAP/DSAP 0x0606 doesn't start IPv4 parsing
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 2276] SSAP/DSAP 0x0606 doesn't start IPv4 parsing
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 1690] Feature request: Support EBCDIC display for DRDA protocol
Next by Date: [Wireshark-bugs] [Bug 2276] SSAP/DSAP 0x0606 doesn't start IPv4 parsing
Previous by thread: [Wireshark-bugs] [Bug 2275] "Finished writing file" notification in ring-buffer mode.
Next by thread: [Wireshark-bugs] [Bug 2276] SSAP/DSAP 0x0606 doesn't start IPv4 parsing
Index(es):
- Date
- Thread