Wireshark-bugs: [Wireshark-bugs] [Bug 12319] New: IPFix sequence number expectation incorrect.
Bug ID |
12319
|
Summary |
IPFix sequence number expectation incorrect.
|
Product |
Wireshark
|
Version |
2.0.2
|
Hardware |
x86
|
OS |
Windows 7
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Common utilities (libwsutil)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
adrian.c.m.tam@gmail.com
|
Created attachment 14466 [details]
Capture for IPFix
Build Information:
Version 2.0.2 (v2.0.2-0-ga16e22e from master-2.0)
Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale C, with
WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without
AirPcap.
Intel(R) Xeon(R) CPU E5-1620 v3 @ 3.50GHz (with SSE4.2), with 8116MB of
physical
memory.
Built using Microsoft Visual C++ 12.0 build 40629
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
According to RFC https://tools.ietf.org/html/rfc7011#section-4.1, the IPFix
sequence number should increment for data record, while the sequence number
should not be incremented for template.
To reproduce at problem, open the capture and decode as CFlow. Packet #8 has
the correct expected sequence number (53). However, it expects packet #10 to
have sequence number as 55. It should be 54 as it is the next packet after
packet #8.
You are receiving this mail because:
- You are watching all bug changes.