[prev in list] [next in list] [prev in thread] [next in thread]
List: wireshark-users
Subject: Re: [Wireshark-users] 6lowpan fragmented packet dissecting(or reassemble) problem
From: Jaap Keuter <jaap.keuter () xs4all ! nl>
Date: 2017-03-03 12:28:53
Message-ID: D2448FB6-8456-4672-8B89-AD08D23AB2D1 () xs4all ! nl
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hi,
Thanks for providing the capture. A quick look with Wireshark 2.2.4 at packet 27 \
reveal the same problem I assume. When looking at the numbers my first guess would be \
that the last fragment (in packet 27) isn't added to the reassembled payload before \
being passed to the IPv6 dissector. Therefore the UDPv6 dissector comes up short.
I would suggest filing a bug report (https://bugzilla.wireshark.org \
<https://bugzilla.wireshark.org/>) with this capture file and a proper description, \
so that it can be investigated further and possibly solved with a code change.
Thanks,
Jaap
> On 3 Mar 2017, at 08:35, H Jin Ko <ymir.kr@gmail.com> wrote:
>
> Hi Jaap.
>
> Prior dump contains personal information, so I attached new dump.
> Thanks for help.
>
> - H.Jin
>
>
> On Fri, Mar 3, 2017 at 4:07 PM, Jaap Keuter <jaap.keuter@xs4all.nl> wrote:
> > Hi,
> >
> > Can you provide a sample capture file with these frames? That works much easier \
> > than a text dump only.
> > Thanks,
> > Jaap
> >
> >
> > > On 2 Mar 2017, at 09:29, H Jin Ko <ymir.kr@gmail.com> wrote:
> > >
> > > Hello list.
> > >
> > > I'm writing PANA protocol in the ZigBee environment.
> > > When I attempt to analysis protocol, wireshark said fragemented packet
> > > is malformed, but I can't see the why.
> > > (Dissecting unfragmented packet is OK.)
> > >
> > > ...................
> > > </snip>
> > >
[Attachment #5 (unknown)]
<html><head><meta http-equiv="Content-Type" content="text/html \
charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; \
-webkit-line-break: after-white-space;" class=""><div class="">Hi,</div><div \
class=""><br class=""></div><div class="">Thanks for providing the capture. A quick \
look with Wireshark 2.2.4 at packet 27 reveal the same problem I assume.</div><div \
class="">When looking at the numbers my first guess would be that the last fragment \
(in packet 27) isn't added to the reassembled payload before being passed to the IPv6 \
dissector. Therefore the UDPv6 dissector comes up short.</div><div class=""><br \
class=""></div><div class="">I would suggest filing a bug report (<a \
href="https://bugzilla.wireshark.org" class="">https://bugzilla.wireshark.org</a>) \
with this capture file and a proper description, so that it can be investigated \
further and possibly solved with a code change.</div><div class=""><br \
class=""></div><div class="">Thanks,</div><div class="">Jaap</div><br \
class=""><div><blockquote type="cite" class=""><div class="">On 3 Mar 2017, at 08:35, \
H Jin Ko <<a href="mailto:ymir.kr@gmail.com" class="">ymir.kr@gmail.com</a>> \
wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Hi \
Jaap.<br class=""><br class="">Prior dump contains personal information, so I \
attached new dump.<br class="">Thanks for help.<br class=""><br class="">- H.Jin<br \
class=""><br class=""><br class="">On Fri, Mar 3, 2017 at 4:07 PM, Jaap Keuter <<a \
href="mailto:jaap.keuter@xs4all.nl" class="">jaap.keuter@xs4all.nl</a>> wrote:<br \
class=""><blockquote type="cite" class="">Hi,<br class=""><br class="">Can you \
provide a sample capture file with these frames? That works much easier than a text \
dump only.<br class=""><br class="">Thanks,<br class="">Jaap<br class=""><br \
class=""><br class=""><blockquote type="cite" class="">On 2 Mar 2017, at 09:29, H Jin \
Ko <<a href="mailto:ymir.kr@gmail.com" class="">ymir.kr@gmail.com</a>> \
wrote:<br class=""><br class="">Hello list.<br class=""><br class="">I'm writing PANA \
protocol in the ZigBee environment.<br class="">When I attempt to analysis protocol, \
wireshark said fragemented packet<br class="">is malformed, but I can't see the \
why.<br class="">(Dissecting unfragmented packet is OK.)<br class=""><br \
class="">...................<br class=""></snip><br class=""><br \
class=""></blockquote></blockquote></div></div></blockquote></div><br \
class=""></body></html>
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@wireshark.org?subject=unsubscribe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic