| Bug ID |
9991
|
| Summary |
Tshark with "-F pcap" still generates a pcapng file
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
1.10.6
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Normal
|
| Priority |
Low
|
| Component |
TShark
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
TShark 1.10.6 (v1.10.6 from master-1.10)
Copyright 1998-2014 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5,
without POSIX capabilities, without libnl, with SMI 0.4.8, with c-ares 1.9.1,
with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT
Kerberos, with GeoIP.
Running on 64-bit Windows 7 Service Pack 1, build 7601, without WinPcap.
Intel(R) Core(TM) i7-3667U CPU @ 2.00GHz, with 8061MB of physical
memory.
Built using Microsoft Visual C++ 10.0 build 40219
--
I've been trying to capture network traffic to a pcap file with tshark using
the '-F pcap' option so I can later read the file back with winpcap.
Unfortunatly the generated file is always in the pcapng format.
> tshark -i 5 -F pcap -f "udp port 777" -b filesize:1 -w c:\tmp\fail.pcap
Capturing on 'Wireless Network Connection'
2
This generates at least a couple of files:
> dir c:\tmp\fail*.pcap
Volume in drive C has no label.
Volume Serial Number is 5E24-18F3
Directory of c:\tmp
04/14/2014 03:07 PM 1,220 fail_00001_20140414150716.pcap
04/14/2014 03:07 PM 452 fail_00002_20140414150725.pcap
2 File(s) 1,672 bytes
0 Dir(s) 46,042,722,304 bytes free
Using capinfos.exe, I can see that the file is not in the correct format
("Wireshark/... - pcapng" instead of "Wireshark/tcpdump/... - pcap"):
> capinfos.exe c:\tmp\fail_00001_20140414150716.pcap
File name: c:\tmp\fail_00001_20140414150716.pcap
File type: Wireshark/... - pcapng
File encapsulation: Ethernet
Packet size limit: file hdr: (not set)
Number of packets: 1
File size: 1220 bytes
Data size: 902 bytes
Capture duration: n/a
Start time: Mon Apr 14 15:07:25 2014
End time: Mon Apr 14 15:07:25 2014
Data byte rate: 0 bytes/s
Data bit rate: 0 bits/s
Average packet size: 902.00 bytes
Average packet rate: 0 packets/sec
SHA1: cad70fff2165a2ca4dc2cfd43c9f1a420b66045b
RIPEMD160: abf1a069f86338bf4ddcdee92b1d82e765d1e924
MD5: 765c86cfe08a2d95c8c072fdb382f359
Strict time order: True
The file is successfully converted with editcap.exe...
> editcap.exe -F pcap c:\tmp\fail_00001_20140414150716.pcap c:\tmp\fail_00001_20140414150716.pcap
> capinfos.exe c:\tmp\fail_00001_20140414150716.pcap
File name: c:\tmp\fail_00001_20140414150716.pcap
File type: Wireshark/tcpdump/... - pcap
File encapsulation: Ethernet
Packet size limit: file hdr: 65535 bytes
Number of packets: 1
File size: 942 bytes
Data size: 902 bytes
Capture duration: n/a
Start time: Mon Apr 14 15:07:25 2014
End time: Mon Apr 14 15:07:25 2014
Data byte rate: 0 bytes/s
Data bit rate: 0 bits/s
Average packet size: 902.00 bytes
Average packet rate: 0 packets/sec
SHA1: a3c32a1376547954caa24d7726e8867309c79955
RIPEMD160: 4b479ba12a5900eea8ea4cbbdc575acf2dd995fb
MD5: 3d66c21086f82b4cfdf6e5f30339b3ec
Strict time order: True
You are receiving this mail because:
- You are watching all bug changes.
