Wireshark-bugs: [Wireshark-bugs] [Bug 8266] post-dissector fields not saved in pdml
Date: Tue, 29 Jan 2013 19:17:58 +0000

Comment # 6 on bug 8266 from
Hi Evan,

I'm really sorry but I see I don't have it quite right!

The post-dissector data IS being exported to pdml, except in the packets I'm
interested in, which have the rtp.setup field (ie, have been identified as
setup by SIP/SDP).  These packets have no payload (normal for the protocol in
question) and are throwing a 'Malformed Packet' exception.  (A couple of
assumptions follow that this is the source of the problem..)

The post-dissector nodes show up in Wireshark (following the exception node)
but are not written to XML (or TXT or probably the other export formats).

Now, how to disable the exception...

I'm sorry if I've wasted your time.  I've been going round and round in circles
trying to accomplish what is so close to (and yet so far from) a simple and
easy solution to my needs.

Jono.

Ps: In case you're interested, the txt export is below.  I'll attach a screen
shot of the nodes as they appear in Wireshark.

PPS: If you refer to my Lua script above, then the snippet below, it seems that
something (probably the exception) results in udp_src being tested as null if
rtp.setup is present, even tho it is a UDP packet.

-----------------
    if udp_src then

       -- THIS FAILS
   else
       tree:add(trivial_proto,"Trivial Protocol Data 0")
       -- THIS GETS WRITTEN
   end
-----------------

Sorry this has got so complicated.  Not sure if it's a bug now, but would
appreciate advice on how to disable (or catch?) exception if possible.

======================================================

No.     Time        Source                Destination           Protocol Length
Info
   3676 7.196216    172.16.133.31         172.26.26.8           RTP      90    
PT=DMR-AIS, SSRC=0x10006, Seq=23170, Time=2145223028 [Malformed Packet]

Frame 3676: 90 bytes on wire (720 bits), 90 bytes captured (720 bits)
    Encapsulation type: Ethernet (1)
    Arrival Time: Jan 16, 2013 10:39:11.967884000 New Zealand Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1358285951.967884000 seconds
    [Time delta from previous captured frame: 0.001193000 seconds]
    [Time delta from previous displayed frame: 0.000000000 seconds]
    [Time since reference or first frame: 7.196216000 seconds]
    Frame Number: 3676
    Frame Length: 90 bytes (720 bits)
    Capture Length: 90 bytes (720 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ip:udp:rtp]
    [Coloring Rule Name: sip:22384]
    [Coloring Rule String: ip.src == 172.16.133.31]
Ethernet II, Src: Cisco_41:a1:01 (00:0e:38:41:a1:01), Dst: Oracle_e7:9e:0c
(00:21:28:e7:9e:0c)
Internet Protocol Version 4, Src: 172.16.133.31 (172.16.133.31), Dst:
172.26.26.8 (172.26.26.8)
User Datagram Protocol, Src Port: dnp (20000), Dst Port: 9050 (9050)
Real-Time Transport Protocol
    [Stream setup by SDP (frame 3627)]
        [Setup frame: 3627]
        [Setup Method: SDP]
    10.. .... = Version: RFC 1889 Version (2)
    ..0. .... = Padding: False
    ...1 .... = Extension: True
    .... 0000 = Contributing source identifiers count: 0
    0... .... = Marker: False
    Payload type: DMR-AIS (100)
    Sequence number: 23170
    [Extended sequence number: 88706]
    Timestamp: 2145223028
    Synchronization Source identifier: 0x00010006 (65542)
    Defined by profile: 0xe000 (57344)
    Extension length: 8
    Header extensions
        Header extension: 0
        Header extension: 0
        Header extension: 0
        Header extension: 0
        Header extension: 3840
        Header extension: 0
        Header extension: 319422464
        Header extension: 167772160
[Malformed Packet: RTP]
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
        [Message: Malformed Packet (Exception occurred)]
        [Severity level: Error]
        [Group: Malformed]


You are receiving this mail because:
  • You are watching all bug changes.