Wireshark-bugs: [Wireshark-bugs] [Bug 5340] New: IO Graph Time of Day times incorrect for filter

Date: Tue, 26 Oct 2010 11:01:51 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5340

           Summary: IO Graph Time of Day times incorrect for filtered data
           Product: Wireshark
           Version: 1.4.1
          Platform: x86
        OS/Version: Windows XP
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: steve.magnuson2@xxxxxxxxxx


Build Information:
Version 1.4.1 (SVN Rev 34476 from /trunk-1.4)

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.16.6, (32-bit) with GLib 2.22.4, with WinPcap (version
unknown), with libz 1.2.3, without POSIX capabilities, without libpcre, with
SMI
0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.8.5, with
Gcrypt 1.4.5, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built
Oct
11 2010), with AirPcap.

Running on Windows XP Service Pack 3, build 2600, with WinPcap version 4.1.2
(packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b
(20091008), GnuTLS 2.8.5, Gcrypt 1.4.5, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 30729

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
Wireshark is incorrectly calculating the Time of Day on the X axis of the IO
graph.  This occurs when a graph filter is applied and the filter references an
IP address (ip.addr==1.1.1.1, for example) that doesn't appear in the original
capture file until some time after the first captured packet.  The Time of Day
on the graph is offset by the amount of time from the beginning of the capture
until the filtered packet appears in the capture.

Scenario:

A previously captured trace is loaded into Wireshark (capture was made with no
capture filter).  The timestamp of the first captured packet is 10/25/2010
10:00:00.  The timestamp of the last packet captured is 10:20:00.  The traffic
of interest contains IP address 1.1.1.1, and the first packet with that IP
address is seen in the capture file at 10/25/2010 10:06:00, 6 minutes into the
capture, and packets with that IP address appears until the end of the capture.

Start an IO Graph, and apply a graph filter of ip.addr==1.1.1.1. Check "View as
time of day".  The graph will display the last captured packet matching that
filter corresponding to a timestamp that is 6 minutes beyond the last packet
captured (i.e. it will show 10:26:00, beyond the last time in the capture
file).

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.