First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Dissector bug, protocol AMQP

  • retag add tags

I'm seeing this error in Wireshark - 3.2.5 (v3.2.5-0-ged20ddea8138) - on Windows 10 x64.

> Advanced Message Queueing Protocol
>     Length: 24
>         [Expert Info (Error/Malformed): Bad frame length]
>             [Bad frame length]
>             [Severity level: Error]
>             [Group: Malformed]
>     Doff: 195
>     Type: Unknown (91)
>     Channel: 31392 [Dissector bug, protocol AMQP:
> C:\buildbot\builders\wireshark-3.2-64\windows-2019-x64\build\epan\dissectors\packet-tcp.c:3750:failed assertion "proto_desegment && pinfo->can_desegment"]
>     [Expert Info (Error/Malformed): C:\buildbot\builders\wireshark-3.2-64\windows-2019-x64\build\epan\dissectors\packet-tcp.c:3750:failed assertion "proto_desegment &&pinfo->can_desegment"]
>         [C:\buildbot\builders\wireshark-3.2-64\windows-2019-x64\build\epan\dissectors\packet-tcp.c:3750:failed assertion "proto_desegment &&pinfo->can_desegment"]
>         [Severity level: Error]
>         [Group: Malformed]

The AMQP messages are coming from an Apache QPID server - I was using Wireshark to diagnose why my receiver process wasn't reporting any messages so this may be related.

Any suggestions about ways forward?

Thanks,

Mark

MarkSy's avatar
1
MarkSy
asked 2020-07-08 08:12:44 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

The place for bugs is over at the Wireshark Bugzilla. Attaching a capture that illustrates the issue helps immensely.

grahamb's avatar
23.8k
grahamb
answered 2020-07-08 08:32:26 +0000
edit flag offensive 0 remove flag delete link
more

Comments

I.e., "Dissector bug" means exactly what it says - there's a bug in Wireshark's dissector code.

I was using Wireshark to diagnose why my receiver process wasn't reporting any messages so this may be related.

It might be that the sending process is either 1) violating the protocol or 2) sending correct but unusual packets in a fashion that not only causes the receiver to discard the messages without reporting them bug also triggers a bug in some Wireshark code that wasn't careful enough to be able to deal with that.

But getting a "Dissector bug" report does not necessarily mean that the packet sender is making any mistakes whatsoever, so this may be completely unrelated.

Guy Harris's avatar Guy Harris (2020-07-09 02:21:38 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer