Wireshark-bugs: [Wireshark-bugs] [Bug 6002] Cannot Live-capture VirtualBox network packets with
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6002
--- Comment #17 from Bill Meier <wmeier@xxxxxxxxxxx> 2011-08-11 15:49:19 EDT ---
(In reply to comment #16)
>
> It took me a while to find diff, so if anyone is interested:
> http://www.virtualbox.org/changeset/37369
Jakub:
The comment says:
"Network/Pcap.cpp: work around wireshark bug, which cannot always process a
frame with 0 captured bytes (used to force timestamp display to approximately
match VM time), ..."
Looking at a trace made with 'nictrace on' for my VirtualBox Linux VM I see
that the times on the trace start at 0 (.../1970) plus a varying small offset
in microseconds (no matter what the time in my VM).
So it doesn't appear that writing an initial dummy frame (now with 4 data bytes
of zeros iso 0 data bytes) is accomplishing what appears to be the objective.
(The original code comment said: /* force ethereal to start at 0.000000. */ )
If the VM time is not readily available, I would make the case that, if
possible, using the current host time would be better than using a time
starting at 0.
In any case, I wonder if it's possible to not write an initial dummy (junk)
frame.
My inclination would be to file a bug saying "no initial dummy record" and
"time doesn't actually match VM time"
Thoughts ? (since I get the impression that you may know your way around the
VirtualBox code) ?
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.