https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7191
Summary: pcap-ng dumpcap packet statistics inconsistent/wrong
Product: Wireshark
Version: 1.7.x (Experimental)
Platform: x86
OS/Version: Windows XP
Status: NEW
Severity: Major
Priority: Low
Component: Extras
AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
ReportedBy: jasper.bongertz@xxxxxxxxxxxx
Created attachment 8311
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8311
Three screenshots as mentioned in the bugreport
Build Information:
Dumpcap 1.7.2-SVN-42219
--
I did a capture on two 100MBit Interfaces at the same time, using dumpcap.exe
directly. I used a slow USB drive as trace storage on purpose to force drops
and see what happens when writing to the pcap-ng file format. I made a
screenshot of the commandline for documentation.
First of all, the numbers dumpcap displays at the end of capture are a little
strange: the received/dropped packet counters on each interface result in the
correct percentage displayed behind them - but I have no idea how the "Packets
captured" number is calculated. I did a small spreadsheet to verify the numbers
and got no match for "Packets captured" (see screenshot).
The final problem appears when opening the trace file in Wireshark: the Summary
Statistics shows completely bogus dropped packet counts, with the second
interface having zero drops (see the third screenshot). I verified the ISB at
the end of the trace file and the wrong numbers shown by the Summary are in
there. So it looks like dumpcap doesn't write them correctly.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
