https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2641
Guy Harris <guy@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
OS/Version|Windows XP |All
Platform|PC |All
Resolution| |FIXED
Summary|Wireshark 1.0.1pre1 fails to|Wireshark 1.0.1pre1 shows
|correctly open valid ERF |Ethernet ERF files as raw
|files |data rather than Ethernet
| |traffic
--- Comment #5 from Guy Harris <guy@xxxxxxxxxxxx> 2008-06-25 18:52:32 PDT ---
This is a result of the fix for bug 1839.
Some ERF record types don't completely specify the packet type - the HDLC
record types are used for Cisco HDLC, PPP, Frame Relay, and SS7 MTP2 traffic,
the ATM record types are used for raw ATM and LLC-encapsulated RFC 1483
traffic, and the Ethernet record types are for Ethernet packets that might, or
might not, include the FCS.
Wireshark (or perhaps it was still called Ethereal back then) used to look at
environment variables to determine what type of packets were in those record
types. The fix for bug 1839 changed it to use preference settings for the
"ERF" protocol, instead.
The default protocol settings for HDLC was made SS7 MTP2; the default protocol
settings for ATM and Ethernet were made "raw data", so it just displayed raw
data.
I've checked in a change so that, instead of just displaying stuff as "Data",
it displays an indication that the preference has been set to "Raw data", as
that's probably *not* the setting people want, and as the dissector *really*
needs to let you know that the preference is set to "Raw data", because you
might not know the preference even exists and has to be set (you didn't know
that, and neither did I).
For 1.0.1pre1, just set the preference to "Ethernet with FCS", and your file
will dissect correctly. I'll nominate my change to go into the final 1.0.1
release.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
