This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

DRDA dissector misses some codepoints

After capturing some Apache Derby traffic (which also use DRDA) there are some unknown codepoints in wireshark.

DDM codepoint 0xc000
Parameter codepoint 0x01 (within a SQLSTT DDM)
Parameter codepoint 0xc001(within 0xc000 DDM)
Parameter codepoint 0xc002 (within 0xc000 DDM)

It seems also that wireshark sometimes does not detect parameters within a DDM, see https://raw.githubusercontent.com/salyh/_pics/master/drda1.png

PCAP: https://github.com/salyh/_pics/blob/master/drda_toursdb.pcap?raw=true

heuristic dissector drda

asked 29 Mar '16, 13:26

salyh
6●1●1●2
accept rate: 0%

One Answer:

Please open a bug report requesting that Wireshark dissect these code points (and attach the PCAP to the bug report) That's the proper way to report bugs or request enhancements (this is a Q&A site).

answered 29 Mar '16, 17:08

JeffMorriss ♦
6.2k●5●72
accept rate: 27%

done, see https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12307

(30 Mar '16, 05:55) salyh