Wireshark-bugs: [Wireshark-bugs] [Bug 1181] Delays in real-time packet capture
Date: Wed, 1 Nov 2006 10:27:35 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1181


hgsft4z02@xxxxxxxxxxxxxx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |hgsft4z02@xxxxxxxxxxxxxx




------- Comment #3 from hgsft4z02@xxxxxxxxxxxxxx  2006-11-01 10:27 GMT -------
I just want to add some more additional information. Please let me know if this
is not the same bug:

# wireshark -f "host morch.com" &
Start capture in wireshark that appears

(the -c 1 optionset means only send one ping)
# ping -c 1 morch.com
PING morch.com (62.79.51.144) 56(84) bytes of data.
64 bytes from 62.79.51.144.adsl.noe.tiscali.dk (62.79.51.144): icmp_seq=1
ttl=51 time=19.5 ms

--- morch.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 19.508/19.508/19.508/0.000 ms

This should mean that I've now captured 2 packets. But wireshark only shows the
first "Echo (ping) request" and not the "Echo (ping) reply". If I never contact
that host again, it will sit there forever, I presume (tried 5 minutes). As
soon as I hit "Stop the running live capture", the "Echo (ping) reply" (pkt #2)
is shown.

This means I have to stop the capture to see if the reply packet has arrived.

This was not the case for debian etch ethereal version 0.10.13-1.1 (the only
ethereal I tried), but is true for wireshark 0.99.2-1 and 0.99.3a-2 (the
earliest and lastest wireshark on debian etch)

tshark does display the reply immediately, with or without the -w switch.

A workaround is to install an older release, e.g. ethereal 0.10.13-1.1 is known
not to have this bug.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.