Wireshark-bugs: [Wireshark-bugs] [Bug 7667] New: Export Specified Packets not recognizing the "e

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 27 Aug 2012 14:48:51 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7667

           Summary: Export Specified Packets not recognizing the "eth.src"
                    filter in "Captured" vs "Displayed" while saving
           Product: Wireshark
           Version: 1.8.0
          Platform: x86
        OS/Version: Windows 7
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: joe.lemanski@xxxxxxxxxx


Build Information:
Version 1.8.0 (SVN Rev 43431 from /trunk-1.8)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.10, with Cairo 1.10.2, with Pango 1.30.0, with
GLib 2.32.2, with WinPcap (4_1_2), with libz 1.2.5, without POSIX capabilities,
with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS
2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio
V19-devel (built Jun 21 2012), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
I have a Pcap file that contains 2 packets with all the same info except and
payload, but they come from different Ethernet sources. (in 1.8.0 and 1.8.2) I
filtered for one of the Ethernet addresses, specifically !(eth.src ==
00:10:27:00:54:5c) , and then select "Export Specified Packets" the Save dialog
does not recognize the filter and saves all the packets not only the filtered
ones like I wanted.  I checked and 1.6.10 was able to filter and save with the
exact same filter and file as desired (only saving the filtered packets).

You guys make a great product and I specifically like the way you have upgraded
the MP2T dissector! I hope this is an easy fix!

(This type of packet capture occurred when a device repeated a multicast stream
out the same interface it received it on. A rare case but I want to filter out
the copied packets so I can analyze the data better. The data stream in my
capture is a MPEG-2 Transport Stream with H.264 encoded video as one of the
Packetized Elementary Streams.)

(unfortunately I am unable to supply you with a test file due to the nature of
the content. it should be fairly reproducible)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.