| Bug ID |
9202
|
| Summary |
dumpcap doesn't describe platform's hardware
|
| Classification |
Unclassified
|
| Product |
Wireshark
|
| Version |
1.10.1
|
| Hardware |
x86
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
Capture file support (libwiretap)
|
| Assignee |
[email protected]
|
| Reporter |
[email protected]
|
Build Information:
--
Wireshark's dumpcap utility writes some description of the platform on which
a capture is performed: if you capture some traffic or open a dump file and
then look at: Statistics -> Summary, under 'Capture' you can read the OS of the
platform.
You don't find a hardware description of the platform, though such a
description could be put into the dump just beside the OS description: there's
a place for it built in the dump file format (see in the PCAP-NG Dump File
Format specification: options of the Section Header Block).
If dumpcap did write this hardware description, in a number of cases the
capture would fail get displayed in Wireshark's GUI, however.
More precisely, in case the string describing the hardware contains N*4+3
characters (eg "PC-mike"), dumpcap would write this string in the dump wrongly
and Wireshark's GUI would popup a message "The file XXX isn't a capture file in
a format Wireshark understands".
This is due to a padding failure,
which comes from a defect in dumpcap's source code, in a PCAP-NG helper
function:
in [pcapio.c] libpcap_write_session_header_block, line 71:
<< if ((strlen(hw) + 1) % 4) >>
should be
<< if (strlen(hw) % 4) >>
You are receiving this mail because:
- You are watching all bug changes.