Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 2157] SOCKS 5 decoding fails when client pipelines connect request

Wireshark-bugs: [Wireshark-bugs] [Bug 2157] SOCKS 5 decoding fails when client pipelines connect

Date: Mon, 15 Apr 2013 13:32:14 +0000

What	Removed	Added
CC		mmann78@netscape.net

Comment # 4 on bug 2157 from Michael Mann

This issue appears to be that the SOCKS dissector doesn't support TCP
fragmentation (which would obviously be an enhancement, not a bugfix).  I took
the SOCKS dissector from the SVN and added "minimal" (somewhat "manual") TCP
defragmentation.  Attachment 1333 [details] still didn't decode successfully.

In looking at it more closely, I think the TCP SEQ/ACK counts are incorrect and
that is also the reason it's not successfully decoded.

I opened attachment 1333 [details] in v1.4.4 (the oldest version I had lying around) and
it (correctly?) identifies frame 4 as a SOCKS packet (using Decode As...). 
Opening up attachment 1333 [details] in v1.8.6 and SVN, frame 4 is not identified as a
SOCKS packet (with frame 6 being the first SOCKS frame).

Am I correct that the TCP SEQ/ACK counts are incorrect and that's why frame 4
isn't identified as a SOCKS packet?  Would tcp_dissect_pdus (i.e. proper TCP
defragmentation) help?  The SOCKS protocol doesn't lend itself well to
tcp_dissect_pdus, but I can give it a shot if someone thinks it would help.

You are receiving this mail because:

You are the assignee for the bug.
You are watching all bug changes.

Prev by Date: [Wireshark-bugs] [Bug 8581] NFS Dissector : More intuitive and less ambiguous variable names and labels
Next by Date: [Wireshark-bugs] [Bug 8579] Dissector for ASTERIX packets
Previous by thread: [Wireshark-bugs] [Bug 8583] wireshark crashes while attending to see IO Graph for the imported sample captured file ms-sql-tds-rpc-requests.cap
Next by thread: [Wireshark-bugs] [Bug 2157] SOCKS 5 decoding fails when client pipelines connect request
Index(es):
- Date
- Thread