Wireshark-bugs: [Wireshark-bugs] [Bug 4503] ERF file starting with record with timestamp=0, 1 or
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4503
Guy Harris <guy@xxxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Platform|x86 |All
Summary|ERF record with |ERF file starting with
|timestamp=0,1 or 2 doesn't |record with timestamp=0,1
|work dont understand |or 2 not recognized as ERF
| |file
OS/Version|Windows XP |All
--- Comment #1 from Guy Harris <guy@xxxxxxxxxxxx> 2010-04-05 17:07:46 PDT ---
With top-of-tree Wireshark, a file with a timestamp of 0, as generated by a
version of the "ERF builder" program fixed to compile on OS X, is properly
recognized as an ERF file; however, files with a timestamp of 1 or 2 are
incorrectly treated as pcap-ng files, and the pcap-ng file reader crashes.
I've checked in a change to fix the incorrect treatment of those files as
pcap-ng files, and marked it for inclusion in a future 1.2.x release.
That might be the same problem reported here with files with a timestamp of 1
or 2.
For a timestamp of 0, it appears that 1.2.6, at least on Windows, was treating
the file as a packetlogger file rather than an ERF file. That's a separate
problem, so I won't close this one yet.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.