Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 2003] New: dumpcap does not cleanly close capture file

Date: Wed, 21 Nov 2007 14:32:56 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2003

           Summary: dumpcap does not cleanly close capture file
           Product: Wireshark
           Version: 0.99.6
          Platform: PC
        OS/Version: FreeBSD
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Extras
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: mkucenski@xxxxxxx


Build Information:
TShark 0.99.6

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.12.13, with libpcap 0.9.4, with libz 1.2.3, with libpcre
7.2, with Net-SNMP 5.3.1, with ADNS, without Lua, with GnuTLS 1.6.3, with
Gcrypt
1.2.4, with Heimdal Kerberos.

Running on FreeBSD 6.2-STABLE, with libpcap version 0.9.4.

Built using gcc 3.4.6 [FreeBSD] 20060305.

---------------------------------------------------------------

TShark 0.99.8 (SVN Rev 23527)

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.14.2, with libpcap 0.9.7, with libz 1.2.3, with libpcre
7.4, without SMI, with ADNS, without Lua, with GnuTLS 2.0.2, with Gcrypt 1.2.4,
with Heimdal Kerberos.

Running on FreeBSD 6.2-STABLE, with libpcap version 0.9.7.

Built using gcc 3.4.6 [FreeBSD] 20060305.
--
On FreeBSD (v0.99.6 and SVN) and on Debian Linux 4.0r1 (v0.99.4), dumpcap fails
to cleanly close the capture file.  If packets are actively flowing and dumpcap
is in the middle of capturing when Ctrl-C is hit, the resulting pcap file
contains an invalid packet.  Running capinfos on the pcap file generates:

capinfos: An error occurred after reading 1324 packets from "./dumpcap.pcap":
Less data was read than was expected.

tshark does not exhibit the same problem.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.