https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2671
Summary: ERF dissector defaults to RAW
Product: Wireshark
Version: SVN
Platform: All
OS/Version: All
Status: NEW
Severity: Minor
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: stephen@xxxxxxxxxx
Build Information:
wireshark 1.0.99 (SVN Rev 25642)
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.12.9, with GLib 2.16.3, with libpcap 0.9-PRE-CVS, with
libz
1.2.3.3, with POSIX capabilities (Linux), with libpcre 7.4, without SMI, with
ADNS, without Lua, with GnuTLS 2.0.4, with Gcrypt 1.2.4, with MIT Kerberos,
with
PortAudio V19-devel (built Mar 12 2008), without AirPcap.
Running on Linux 2.6.24-12-generic, with libpcap version 0.9-PRE-CVS.
Built using gcc 4.2.3 (Ubuntu 4.2.3-2ubuntu7).
--
Each ERF record type, (e.g. TYPE_ETH) can be decoded in several different ways
depending on user preferences (e.g. erf.erfeth = ethfcs, eth, raw).
Currently the default value for each type is raw, meaning no further decoding
is performed.
I believe a more useful default (especially for Ethernet) would be to assume
the common case, otherwise it may appear that the packets cannot be decoded
(although there is a warning message).
Suggestions are:
erf.erfatm=atm
erf.erfhdlc=chdlc
erf.erfeth=ethfcs
which is case 1 in each enum rather than MAX which is raw.
I suggest the default is changed for the preference registration so that new
installs receive more useful defaults; existing preference files and behavour
would not be changed.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.