http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1181
hgsft4z02@xxxxxxxxxxxxxx changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |hgsft4z02@xxxxxxxxxxxxxx
------- Comment #3 from hgsft4z02@xxxxxxxxxxxxxx 2006-11-01 10:27 GMT -------
I just want to add some more additional information. Please let me know if this
is not the same bug:
# wireshark -f "host morch.com" &
Start capture in wireshark that appears
(the -c 1 optionset means only send one ping)
# ping -c 1 morch.com
PING morch.com (62.79.51.144) 56(84) bytes of data.
64 bytes from 62.79.51.144.adsl.noe.tiscali.dk (62.79.51.144): icmp_seq=1
ttl=51 time=19.5 ms
--- morch.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 19.508/19.508/19.508/0.000 ms
This should mean that I've now captured 2 packets. But wireshark only shows the
first "Echo (ping) request" and not the "Echo (ping) reply". If I never contact
that host again, it will sit there forever, I presume (tried 5 minutes). As
soon as I hit "Stop the running live capture", the "Echo (ping) reply" (pkt #2)
is shown.
This means I have to stop the capture to see if the reply packet has arrived.
This was not the case for debian etch ethereal version 0.10.13-1.1 (the only
ethereal I tried), but is true for wireshark 0.99.2-1 and 0.99.3a-2 (the
earliest and lastest wireshark on debian etch)
tshark does display the reply immediately, with or without the -w switch.
A workaround is to install an older release, e.g. ethereal 0.10.13-1.1 is known
not to have this bug.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.