Wireshark-bugs: [Wireshark-bugs] [Bug 7712] New: Tshark not resolving names and not showing prot

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Mon, 10 Sep 2012 08:49:33 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7712

           Summary: Tshark not resolving names and not showing protocol as
                    text when exporting to CSV file
           Product: Wireshark
           Version: 1.8.2
          Platform: x86
        OS/Version: Windows 7
            Status: NEW
          Severity: Major
          Priority: High
         Component: TShark
        AssignedTo: bugzilla-admin@xxxxxxxxxxxxx
        ReportedBy: amato_carbonara@xxxxxxxxx


amato_carbonara@xxxxxxxxx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #9123|                            |review_for_checkin?
              Flags|                            |

Created attachment 9123
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=9123
Wireshark capture and CSBV file output

Build Information:
TShark 1.8.2 (SVN Rev 44520 from /trunk-1.8)

Copyright 1998-2012 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.32.2, with WinPcap (4_1_2), with libz 1.2.5,
without POSIX capabilities, with SMI 0.4.8, with c-ares 1.7.1, with Lua 5.1,
without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with
GeoIP.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version 4.1.0.2001), based on libpcap version 1.0 branch
1_0_rel0b (20091008).

Built using Microsoft Visual C++ 10.0 build 40219
--
Overview = Tshark is not providing expected results.  It is not resolving some
DNS names and not showing protocol as text

Steps to reproduce = Capture a Wireshark file with "Enable Name Resolution"
preference enabled.  Issue the following tshark command:
tshark -r c:\temp\test.pcap >c:\temp\test1.csv -T fields -e ip.src_host -e
ip.dst_host -e ip.proto

Actual Result:
Issue 1 = Not resolving IP addresses to network names. When I captured the PCAP
file, I had "Enable Name Resolution". But after exporting to CSV, the IP
addresses are not resolved. If I do not export to a CSV file, then the names
are resolved to the stdout (screen).
Issue 2 = The "ip.proto" filed does print the protocol, but as a number. Is
there a way to print the protocol as a text. For example, ip.proto = 6 should
be printed as TCP.

Expected Results:
Issue 1 = All the IP addresses should be resolved.  It appears that only known
IP addresses are being resolved.  Tshark should try to resolve all IP
addresses.
Issue 2 = Instead of displaying ip.proto=6, it should display TCP.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.