In an iscsi packet for scsi command READ CAPACITY (16), if I try to enter any value greater than 0xFFFFF, i.e. 1677215, wireshark isnt able to differentiate the iscsi packet from the overlying tcp packet which carries it. And the input is fine because the allocation length field is 4 bytes long and thus can accept maximum value of 0xFFFFFFFF. asked 16 Sep '14, 01:16  GauravOjha |
One Answer:
(This question should have gotten an answer indicating that it was reported as a bug and that the bug was subsequently fixed: See Bug Wireshark Bug #10469 ). answered 23 Oct '14, 06:31  Bill Meier ♦♦ edited 23 Oct '14, 06:38 |
Can you provide sample captures which show this behavior? If you're quite certain the behavior is not correct, you could always open a bug report.