Wireshark-bugs: [Wireshark-bugs] [Bug 8959] New: Filter doesn't support cflow ASN larger than 65

Date: Mon, 22 Jul 2013 12:42:40 +0000
Bug ID 8959
Summary Filter doesn't support cflow ASN larger than 65535.
Classification Unclassified
Product Wireshark
Version 1.10.0
Hardware x86-64
OS Windows 7
Status UNCONFIRMED
Severity Enhancement
Priority Low
Component Wireshark
Assignee [email protected]
Reporter [email protected]

Build Information:
Version 1.10.0 (SVN Rev 49790 from /trunk-1.10)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Jun  5 2013), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Genuine Intel(R) CPU           U7300  @ 1.30GHz, with 4061MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219
--
If you specify a filter rule "cflow.dstas == 100000" it will fail with a
following error:
"cflow.dstas == 100000" isn't a valid display filter: "100000" too big for this
field, maximum 65535.

which is obviously an obosolete rule with an adoption of 32bit ASN.

Workaround(kind of): specify "cflow.dstas > 65535" to select all packets with
cflow.dstas number higher than 16bit. It's not convinient if you have a high
number of 32bit ASNs, but it's something.

This problem applies both to cflow.dstas and cflow.srcas.


You are receiving this mail because:
  • You are watching all bug changes.