Attempting to parse a pcap file, containing SMTP traffic, that does not have standard the '0d 0a 0d 0a' delimiter and contains only '0d 0a'.
Also noticed that 'txBuffer.bytesBefore' on line 125 of SmptDecoder might not contain all the bytes before (1 packet less). The very first DATA packet containing the subject and content-type is not included in the 'txBuffer.bytesBefore' while the binary data of the attachment is.
Full stack trace is bellow:
java.lang.ArrayIndexOutOfBoundsException: 2524
at org.krakenapps.mime.MimeHeader.decodeHeader(MimeHeader.java:137)
at org.krakenapps.pcap.decoder.smtp.SmtpDecoder.handleClientData(SmtpDecoder.java:137)
at org.krakenapps.pcap.decoder.smtp.SmtpDecoder.handleTx(SmtpDecoder.java:110)
at org.krakenapps.pcap.decoder.smtp.SmtpDecoder.handleTx(SmtpDecoder.java:68)
at org.krakenapps.pcap.decoder.tcp.ApplicationLayerMapper.handlingL7(ApplicationLayerMapper.java:28)
at org.krakenapps.pcap.decoder.tcp.ApplicationLayerMapper.sendToApplicationLayer(ApplicationLayerMapper.java:22)
at org.krakenapps.pcap.decoder.tcp.TcpSessionImpl.pushToClientSack(TcpSessionImpl.java:196)
at org.krakenapps.pcap.decoder.tcp.TcpSackReassembler.doReassemble(TcpSackReassembler.java:56)
at org.krakenapps.pcap.decoder.tcp.TcpSackReassembler.reassemble(TcpSackReassembler.java:31)
at org.krakenapps.pcap.decoder.tcp.TcpSackHandler.handle(TcpSackHandler.java:24)
at org.krakenapps.pcap.decoder.tcp.TcpDecoder.handle(TcpDecoder.java:112)
at org.krakenapps.pcap.decoder.tcp.TcpDecoder.process(TcpDecoder.java:58)
at org.krakenapps.pcap.decoder.ip.IpDecoder.dispatchProtocol(IpDecoder.java:93)
at org.krakenapps.pcap.decoder.ip.IpDecoder.dispatch(IpDecoder.java:81)
at org.krakenapps.pcap.decoder.ip.IpDecoder.process(IpDecoder.java:69)
at org.krakenapps.pcap.decoder.ethernet.EthernetDecoder.dispatch(EthernetDecoder.java:98)
at org.krakenapps.pcap.decoder.ethernet.EthernetDecoder.decode(EthernetDecoder.java:76)
at org.krakenapps.pcap.util.PcapFileRunner.run(PcapFileRunner.java:90)
The raw TCP stream of the packet, some information has been 'CUT OUT':
220 <CUT OUT> INetSim Mail Service ready.
EHLO server
250-<CUT OUT>
AUTH LOGIN
250-SIZE 102400000
YXJ0eW9tLnJlc2hldG55b3ZAbWFpbC5ydQ==250-STARTTLS
250-DSN
MTQwMjk5YXI=
250-ENHANCEDSTATUSCODES
MAIL FROM:<<CUT OUT email>>
250-HELP
RCPT TO:<<CUT OUT email>>
DATA
Subject: <CUT OUT subject>
Content-Type: application/octet-stream; name="<CUT OUT file name>.bin"
Content-Disposition: attachment; filename="<CUT OUT file name>.bin"
Content-Transfer-Encoding: base64
VUZSIRMAAAA<CUT OUT BINARY>EZAAAAAA==
250-8BITMIME
.
250-AUTH PLAIN LOGIN ANONYMOUS CRAM-MD5 CRAM-SHA1
QUIT
250-ETRN
250-EXPN
Attempting to parse a pcap file, containing SMTP traffic, that does not have standard the '0d 0a 0d 0a' delimiter and contains only '0d 0a'.
Also noticed that 'txBuffer.bytesBefore' on line 125 of SmptDecoder might not contain all the bytes before (1 packet less). The very first DATA packet containing the subject and content-type is not included in the 'txBuffer.bytesBefore' while the binary data of the attachment is.
Full stack trace is bellow:
The raw TCP stream of the packet, some information has been 'CUT OUT':