On Apr 8, 2010, at 12:59 PM, Maynard, Chris wrote:
> But in this case, wiretap isn't supplying any new information as far as I can tell. To me, it looks like the only differences between what is displayed in the "packet details" pane and the content available in the pcap_usb_header structure are that the two time fields, ts_sec and ts_usec have been removed, and that the pcap_usb_setup isn't displayed or appears to be incorrectly displayed.
Yes, but none of that contradicts what I said before, so I'm not sure why "But" is the first word there.
There are two issues here:
1) What about the Wireshark code path causes it to do what it's doing?
2) Should it be doing that?
I've mainly been addressing issue 1); what I've said about issue 2) was largely stuff such as
> Whether that's a *good* reason is another matter.
and
> Again, whether that's the right thing to do is another matter.
so I'm *not* defending Wireshark's current behavior, I'm just noting that it *is* the current behavior.