Closed Usabab closed 4 years ago
That's because the PABX's rpcap server is buggy - the "payload length" field of the reply has the value 20, but it should have the value 22. The payload has:
which adds up to 2+2+4+2+2+5+5 = 22.
All 22 bytes are present in the message - the PABX just put the wrong value in the reply.
Please report this to the vendor of the PABX.
For a short-term workaround, you could try either:
Thanks Guy, but is WinPcap Win10 compatible? On the website it seems not.
Thanks Guy, but is WinPcap Win10 compatible? On the website it seems not.
WinPcap sometimes works for local capture on Windows 10. The issue there is that WinPcap and Npcap include kernel-mode drivers that tap in to the lower level of the networking stack (NDIS) to see all incoming and outgoing packets. The WinPcap driver uses an older NDIS mechanism, as it was written to support older versions of Windows; that mechanism sometimes has issues on newer versions of Windows. The Npcap driver uses a newer mechanism, so it won't work on versions of Windows before Windows Vista, but may work better on the newer versions that does the older one.
WinPcap should have no problem with remote capture, as that doesn't use the driver, it just uses the regular networking stack (TCP and UDP).
What vendor makes the PBX, and what model is it?
The PABX is an Innovaphone. There is an info that recommends not to use wireshark version 3 but for another reason. However even with the recommended version I have the same problem.
The PABX is an Innovaphone.
Thanks. I've sent them a message reporting the bug; I don't know who reads the messages sent via the Web interface, but hopefully it'll get reported to somebody technical and they'll read this issue and fix their bug.
There is an info that recommends not to use wireshark version 3 but for another reason. However even with the recommended version I have the same problem.
This problem isn't directly an issue of the version of Wireshark, it's an issue of the version of the libpcap code being used. If you use older versions of Wireshark with the current version of Npcap, the problem will still occur.
The only way it's related to the Wireshark version is that newer versions of Wireshark install Npcap by default rather than installing WinPcap by default, and the version of Npcap that it installs is based on a recent version of libpcap that does more error checking in its remote capture client.
All clear, thanks for the support
The PABX is an Innovaphone.
Thanks. I've sent them a message reporting the bug; I don't know who reads the messages sent via the Web interface, but hopefully it'll get reported to somebody technical and they'll read this issue and fix their bug.
Somebody at Innovaphone indicated that they'd fixed the bug and the fix would be in a later release of their software.
Hello, trying to add remote interfaces i get this error. I usually use wireshark, this is new installation on new pc. I tried to disable antivirus and firewall, also launch with administrator rights without success. Following the wireshark support i made this:
I attach the screenshot of wireshark version and the capture made as above.
Thanks
tcp.port2002.zip