Wireshark-bugs: [Wireshark-bugs] [Bug 3205] New: tshark reports wrong number of bytes on big dum
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3205
Summary: tshark reports wrong number of bytes on big dumpfiles
with -z io,stat
Product: Wireshark
Version: 1.0.5
Platform: PC
OS/Version: FreeBSD
Status: NEW
Severity: Major
Priority: Medium
Component: TShark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: jerous@xxxxxxxxx
Build Information:
tshark -v
TShark 1.0.5
Copyright 1998-2008 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 1.2.10, with libpcap 0.9.8, with libz 1.2.3, without POSIX
capabilities, with libpcre 7.8, with SMI 0.4.7, with ADNS, without Lua, without
GnuTLS, without Gcrypt, with Heimdal Kerberos.
Running on FreeBSD 7.0-RELEASE-p4, with libpcap version 0.9.8.
Built using gcc 4.2.1 20070719 [FreeBSD].
--
If requesting stats from tshark on a big (the problem occured here with an file
of approximately 700 MB) with tshark -z io,stat,3600 file.cap (file.cap's
timespan is exactly 3600 seconds), then it reports wrong number of bytes.
How to reproduce: get a big pcap-file, and run tshark -q -r file.cap -z
io,stat,3600 against it.
Actual results: number of reported total bytes is too low.
Expected results: same number of bytes as reported by other programs, like
capinfos.
Additional information:
Examples
file1 (700MB) contains IEEE 802.11 traces, file2 (1000MB) Ethernet packets.
The results shown by capinfos are confirmed by running other programs (libtrace
and tcpstat).
BYTES file1 (700MB) file2 (1000MB)
--------------------------------------
tshark 1476298076 99035452
capinfos 14361199964 12983937340
PACKETS file1 file2
--------------------------------------
tshark 17043153 14938985
capinfos 17043153 14938985
Thus the number of packets is reported correctly, only the number of bytes
seems to be wrong.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.