Comment # 9
on bug 7998
from Guy Harris
(In reply to comment #8)
> > You probably don't want to save a capture in DOS Sniffer format unless
> > you're going to feed it to a program that can't read any other format that
> > Wireshark can write, however.
>
> Basically I used to use
> File=>Save As=>Packet Range (Displayed Packets) in Version 1.6.8 but that
> function does not seem available in Version 1.8.4, that was the reason for
> using File=>Export Specified Packets.
File -> Save As, prior to 1.8, performed two separate functions:
1) save an unsaved capture, with the result of the save becoming the
current capture file;
2) write out a (possibly improper) subset of packets to a separate file.
In 1.8, captures can be edited, so the Save/Save As functionality was changed
to work the way it does with other editing programs - File -> Save saves the
current state of the capture to the current file, and File -> Save As saves the
current state of the capture to a new file and makes that file the current
file. That's function 1).
Function 2) was moved into File -> Export Specified Packets, so it's the same
as the old File -> Save As for all cases where you don't save all the packets.
> I never used to associate a file ending (such as .trc) with a specific
> format, as I used get tcpdump trace files with this file extension. It never
> seemed an issue in the past using the old method for saving trace files. Now
> with the "Export Specified Packets" function I realize a conversion takes
> place.
There is not supposed to be any difference between File -> Save As, prior to
1.8, and File -> Export Specified Packets, in 1.8.0 and later, with regards to
whether a conversion takes place. Perhaps the Windows version of Wireshark is
seeing ".trc" and thinking it refers to the DOS Sniffer .trc ("Token Ring
Capture") suffix rather than one of the many suffixes people use for pcap files
("TRaCe file", presumably), and defaulting to DOS Sniffer format. (I didn't
see that on my machine, but I'm not running Windows, and the code paths for
saving on Windows and UN*X are not completely the same.)
If saving a pcap file with a .trc suffix, either with File -> Save As or File
-> Export Specified Packets, defaults to saving it in DOS Sniffer format in
1.8.x, please file a separate bug on that (as it's a separate problem, and
should be tracked and fixed separately).
You are receiving this mail because:
- You are watching all bug changes.
