Wireshark-bugs: [Wireshark-bugs] [Bug 11140] Merging pcaps made in wireshark 1.8.10 results in i

Date: Thu, 23 Apr 2015 21:57:11 +0000

changed bug 11140


What Removed Added
Component Common utilities (libwsutil) Capture file support (libwiretap)

Comment # 3 on bug 11140 from
This is probably either the failure in pcapng_write_enhanced_packet_block()

    if (epb.interface_id >= wdh->interface_data->len) {
        /*
         * Our caller is doing something bad.
         */
        *err = WTAP_ERR_INTERNAL;
        return FALSE;
    }

or the failure in pcapng_dump_open():

    if (wdh->interface_data->len == 0) {
        pcapng_debug0("There are no interfaces. Can't handle that...");
        *err = WTAP_ERR_INTERNAL;
        return FALSE;
    }

and if it's "while writing to the file", that might mean it's the first.

So the merging code is doing something wrong; mergecap is known to have a
number of issues, some having to do with handling the list of input interfaces
and packets for them, and some of them are probably in the shared libwiretap
code also used when Wireshark itself merges captures.

As Hacker Barbie might say, "merging captures is hard"; the code needs some
work.


You are receiving this mail because:
  • You are watching all bug changes.