Correctly formatted packets reported as malformed
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Wireshark |
Won't Fix
|
Medium
|
|||
| wireshark (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
If an IPv6 packet uses a protocol that is unknown to wireshark wireshark will make guesses about the format of the packet and report the packet as malformed if the incorrectly deduced fields contain unexpected values.
For every unknown protocol number wireshark guesses that it is an IPv6 extension header in which the first two bytes are a next header field and a length field.
If the first byte of this unknown header happens to match a protocol number that wireshark does know, it will proceed parsing data as if that protocol is what it should have been parsing. In effect if the first guess was incorrect wireshark will use a randomly chosen parser to parse at a random offset within a packet of an unknown format.
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: wireshark 1.2.7-1
ProcVersionSign
Uname: Linux 2.6.32-33-generic i686
Architecture: i386
Date: Tue Sep 20 14:47:03 2011
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 10.04.3 LTS "Lucid Lynx" - Release i386 (20110720.1)
ProcEnviron:
PATH=(custom, user)
LANG=en_DK.utf8
SHELL=/bin/bash
SourcePackage: wireshark
| Kasper Dupont (ubuntu-launchpad-feb) wrote | #1 |
| Evan Huus (eapache) wrote | #2 |
| Changed in wireshark (Ubuntu): | |
| status: | New → Confirmed |
| Changed in wireshark: | |
| importance: | Unknown → Medium |
| status: | Unknown → Confirmed |
| Evan Huus (eapache) wrote | #3 |
| Changed in wireshark (Ubuntu): | |
| status: | Confirmed → Invalid |
| Changed in wireshark: | |
| status: | Confirmed → Won't Fix |
I can confirm this behaviour with the latest Wireshark package in Oneiric (the Ubuntu development version). I have reported the issue upstream at https:/
---
Ubuntu Bug Squad Volunteer
https:/