This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

giop decoding skipped?

In WireShark 1.4.2 I'm trying to create pcap dumps of GIOP data so I can peer into the giop details more easily.

I'm starting with a hex dump, converted to pcap with: text2pcap -o dec -T 50,60 c:out.txt c:out.pcap

(out.txt is at the end of this message for reference)

And opening the resulting pcap file in WireShark everything down to the TCP frame looks OK except that the payload isn't displayed, not even as raw data.

Am I missing something?

Thanks,
Rob

000000 47 49 4f 50 01 02 00 00 00 00 ca fe 00 00 0d 60
000016 03 00 00 00 00 00 00 00 00 00 00 19 ff 6d 61 6e
000032 61 67 65 72 50 4f 41 fe d0 68 10 4c 01 00 54 b8
000048 00 00 00 00 00 00 00 00 00 00 00 12 6e 65 77 52
000064 65 71 75 65 73 74 48 61 6e 64 6c 65 72 00 00 00
000080 00 00 00 04 00 00 00 05 00 00 00 1e 00 00 00 00
000096 00 00 00 01 00 00 00 0f 31 39 32 2e 31 36 38 2e
000112 36 35 2e 31 38 31 00 00 00 00 00 00 00 00 00 01
000128 00 00 00 0c 00 00 00 00 00 01 00 01 00 01 01 09
000144 00 00 00 0f 00 00 00 20 00 00 00 00 00 00 00 00
000160 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
000176 01 00 00 00 00 00 00 00 42 45 41 00 00 00 00 04
000192 00 09 02 03

giop

asked 19 Nov '10, 15:00

eboregelna
1●1●1●1
accept rate: 0%

One Answer:

I have an answer to my question:

The GIOP packets being reported as data sent from webLogic's corba debugging are having their 'message size' field stomped on before being logged. Therefore the GIOP dissector wants to see more data before it reports the packet.

I avoided the issue for now as I don't really need the sent packets, just the received. If I did need them I'd have my script to extract the data from the logs reconstruct the length from context in the log file.

-Rob

answered 23 Nov '10, 13:08

eboregelna
1●1●1●1
accept rate: 0%