Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 7112] New: pcap-ng Interface Identifier lost on save/reloa

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 16 Apr 2012 06:43:50 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7112

           Summary: pcap-ng Interface Identifier lost on save/reload
           Product: Wireshark
           Version: 1.7.x (Experimental)
          Platform: x86-64
        OS/Version: Windows 7
            Status: NEW
          Severity: Critical
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: jasper.bongertz@xxxxxxxxxxxx


Created attachment 8228
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8228
Screen Capture of the captured packets before and after saving/reloading them

Build Information:
Version 1.7.2-SVN-42090 (SVN Rev 42090 from /trunk)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.22.1, with Cairo 1.10.2, with Pango 1.28.3, with
GLib 2.26.1, with WinPcap (4_1_2), with libz 1.2.5, without POSIX capabilities,
with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS
2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio
V19-devel (built Apr 16 2012), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 21022

--
Wireshark doesn't seem to write the interface indexes to disk when saving a
multi interface capture. That means that you cannot filter/separate multiple
capture channels once having saved and reloaded them to/from a file.

Procedure: 
I captured a ping to www.wireshark.org with 2 ports on a 4-port Adaptec 62044
100MBps card using a Netoptics 100MBit TeenyTap. For testing purposes I added a
new column containing the Interface Index, which showed the correct IDs right
after capture. 

When saving and reloading the trace, the interface index is always 0, meaning
that Wireshark lost the information about which interface it captured the
packet on. 

Investigation:
I checked the trace file to see if the information is lost on saving or
loading, and saw that in fact the EPB does always have a 0 for the interface
index. That means that the information is already lost on saving the file.

Attachments:
See attached screen shots for proof.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube