#42 mstpcap buffer-length/content is wrong

[Anonymous]

Hi, I logged a BACnet system using mstpcap.exe. Some bad BACnet messages were sent with only a few bytes content - including a bad value in length-field. The mstpcap-log every time showed a message of 1522 bytes size, although only a few of these were actually transmitted on the wire. The other bytes shown seemed to be old buffer-content from mstpcap's own buffer (= messages transmitted a lot earlier in the system).
I guess this misleading information is because mstpcap has an internal buffer of 1522 bytes size - and uses the length information in the message (even if it is wrong) to dump as many bytes from the internal buffer as possible).
We use mstpcap to diagnose failing systems, so it would be valued, if we can trust that what we see in the log is actually what has been communicated on the wire.

[Anonymous]

BTW: It would be nice with a version-number in mstpcap.exe - e.g. "mstpcap /?" or similar. This is useful when reporting bugs in the tool - and seeing when they are corrected.

[Steve Karg]

d:\code\bacnet-stack-0-8-0\bin>mstpcap --version
mstpcap 0.8.3
Copyright (C) 2011 by Steve Karg
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE.

[Anonymous]

Thanks. The reported buffer-length error was seen, when using mstpcap version 0.8.3.

[Steve Karg]

I added better invalid packet detection into the MS/TP capture utility, targeting version 0.8.4 and later for release. SVN at revision: 2998