Bug ID |
11750
|
Summary |
tshark saves raw stream in ascii file, content unrecoverable
|
Product |
Wireshark
|
Version |
1.12.8
|
Hardware |
x86-64
|
OS |
Gentoo
|
Status |
UNCONFIRMED
|
Severity |
Normal
|
Priority |
Low
|
Component |
TShark
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Build Information:
TShark 1.12.8 (Git Rev Unknown from unknown)
Copyright 1998-2015 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.44.1, with libpcap, with libz 1.2.8, with POSIX
capabilities (Linux), with libnl 3, with SMI 0.5.0, without c-ares, without
ADNS, with Lua 5.1, without Python, with GnuTLS 3.3.18, with Gcrypt 1.6.4,
without Kerberos, without GeoIP.
Running on Linux 4.2.6-hardened-r3-151118, with locale en_GB.utf8, with libpcap
version 1.7.4, with libz 1.2.8.
AMD Phenom(tm) II X4 965 Processor
Built using gcc 4.9.3.
--
I filed a bug in Gentoo:
tshark (net-analyzer/wireshark-1.12.8-r1) saves tcp/ssl raw streams in ascii
file, content unrecoverable
https://bugs.gentoo.org/show_bug.cgi?id=566472
(and this here is the same, shorter, info)
Pls. find the files necessary to reproduce this (those mentioned explicitly
below) in:
http://www.CroatiaFidelis.hr/foss/cap/cap-150927-TLS-why-js/
http://www.CroatiaFidelis.hr/foss/cap/cap-150927-TLS-why-js/Add-151121/
The problem boils down to a command like this:
tshark -r dump_150927_1848_g0n.pcap -T fields -e data -qz follow,tcp,raw,9 \
| egrep '[[:print:]]' > dump_150927_1848_g0n_s00009.bin
produces an ascii file from which it the content can not be extracted, in
comparison with perfectly recoverable content from the file that I saved with
the Wireshark, and called it:
dump_150927_1848_g0n_s00009-W.bin
You can find, apart from the main traffic capture, both these
extracted-stream9-files, as are obtainable in my Wireshark on my Gentoo, as
well as the extracted content from the Wireshark-saved stream in the links
given above:
I think this is a bug, so I'm trying to get the wizards of Wiresharks'
attention to this issue ;-) .
You are receiving this mail because:
- You are watching all bug changes.