Wireshark-bugs: [Wireshark-bugs] [Bug 12319] New: IPFix sequence number expectation incorrect.
Date: Mon, 04 Apr 2016 18:32:36 +0000
Bug ID 12319
Summary IPFix sequence number expectation incorrect.
Product Wireshark
Version 2.0.2
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Major
Priority Low
Component Common utilities (libwsutil)
Assignee bugzilla-admin@wireshark.org
Reporter adrian.c.m.tam@gmail.com

Created attachment 14466 [details]
Capture for IPFix

Build Information:
Version 2.0.2 (v2.0.2-0-ga16e22e from master-2.0)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale C, with
WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without
AirPcap.
Intel(R) Xeon(R) CPU E5-1620 v3 @ 3.50GHz (with SSE4.2), with 8116MB of
physical
memory.


Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
According to RFC https://tools.ietf.org/html/rfc7011#section-4.1, the IPFix
sequence number should increment for data record, while the sequence number
should not be incremented for template.

To reproduce at problem, open the capture and decode as CFlow.  Packet #8 has
the correct expected sequence number (53).  However, it expects packet #10 to
have sequence number as 55.  It should be 54 as it is the next packet after
packet #8.


You are receiving this mail because:
  • You are watching all bug changes.