Wireshark-bugs: [Wireshark-bugs] [Bug 9991] New: Tshark with "-F pcap" still generates a pcapng
Date: Mon, 14 Apr 2014 22:21:12 +0000
| Bug ID | 9991 |
|---|---|
| Summary | Tshark with "-F pcap" still generates a pcapng file |
| Classification | Unclassified |
| Product | Wireshark |
| Version | 1.10.6 |
| Hardware | x86 |
| OS | Windows 7 |
| Status | UNCONFIRMED |
| Severity | Normal |
| Priority | Low |
| Component | TShark |
| Assignee | [email protected] |
| Reporter | [email protected] |
Build Information: TShark 1.10.6 (v1.10.6 from master-1.10) Copyright 1998-2014 Gerald Combs <[email protected]> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (32-bit) with GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities, without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, with MIT Kerberos, with GeoIP. Running on 64-bit Windows 7 Service Pack 1, build 7601, without WinPcap. Intel(R) Core(TM) i7-3667U CPU @ 2.00GHz, with 8061MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 -- I've been trying to capture network traffic to a pcap file with tshark using the '-F pcap' option so I can later read the file back with winpcap. Unfortunatly the generated file is always in the pcapng format. > tshark -i 5 -F pcap -f "udp port 777" -b filesize:1 -w c:\tmp\fail.pcap Capturing on 'Wireless Network Connection' 2 This generates at least a couple of files: > dir c:\tmp\fail*.pcap Volume in drive C has no label. Volume Serial Number is 5E24-18F3 Directory of c:\tmp 04/14/2014 03:07 PM 1,220 fail_00001_20140414150716.pcap 04/14/2014 03:07 PM 452 fail_00002_20140414150725.pcap 2 File(s) 1,672 bytes 0 Dir(s) 46,042,722,304 bytes free Using capinfos.exe, I can see that the file is not in the correct format ("Wireshark/... - pcapng" instead of "Wireshark/tcpdump/... - pcap"): > capinfos.exe c:\tmp\fail_00001_20140414150716.pcap File name: c:\tmp\fail_00001_20140414150716.pcap File type: Wireshark/... - pcapng File encapsulation: Ethernet Packet size limit: file hdr: (not set) Number of packets: 1 File size: 1220 bytes Data size: 902 bytes Capture duration: n/a Start time: Mon Apr 14 15:07:25 2014 End time: Mon Apr 14 15:07:25 2014 Data byte rate: 0 bytes/s Data bit rate: 0 bits/s Average packet size: 902.00 bytes Average packet rate: 0 packets/sec SHA1: cad70fff2165a2ca4dc2cfd43c9f1a420b66045b RIPEMD160: abf1a069f86338bf4ddcdee92b1d82e765d1e924 MD5: 765c86cfe08a2d95c8c072fdb382f359 Strict time order: True The file is successfully converted with editcap.exe... > editcap.exe -F pcap c:\tmp\fail_00001_20140414150716.pcap c:\tmp\fail_00001_20140414150716.pcap > capinfos.exe c:\tmp\fail_00001_20140414150716.pcap File name: c:\tmp\fail_00001_20140414150716.pcap File type: Wireshark/tcpdump/... - pcap File encapsulation: Ethernet Packet size limit: file hdr: 65535 bytes Number of packets: 1 File size: 942 bytes Data size: 902 bytes Capture duration: n/a Start time: Mon Apr 14 15:07:25 2014 End time: Mon Apr 14 15:07:25 2014 Data byte rate: 0 bytes/s Data bit rate: 0 bits/s Average packet size: 902.00 bytes Average packet rate: 0 packets/sec SHA1: a3c32a1376547954caa24d7726e8867309c79955 RIPEMD160: 4b479ba12a5900eea8ea4cbbdc575acf2dd995fb MD5: 3d66c21086f82b4cfdf6e5f30339b3ec Strict time order: True
You are receiving this mail because:
- You are watching all bug changes.
- Prev by Date: [Wireshark-bugs] [Bug 9947] Problem in decoding secured messages(SSL)
- Next by Date: [Wireshark-bugs] [Bug 9992] New: Using tshark with -w option together with -2 and -R results in a crash
- Previous by thread: [Wireshark-bugs] [Bug 8214] ZigBee Cluster Library dissector does not handle array, set, bag & structure data types correctly
- Next by thread: [Wireshark-bugs] [Bug 9992] New: Using tshark with -w option together with -2 and -R results in a crash
- Index(es):