Wireshark-bugs: [Wireshark-bugs] [Bug 6002] Cannot Live-capture VirtualBox network packets with
Date: Thu, 11 Aug 2011 12:49:20 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6002

--- Comment #17 from Bill Meier <wmeier@xxxxxxxxxxx> 2011-08-11 15:49:19 EDT ---
(In reply to comment #16)
> 
> It took me a while to find diff, so if anyone is interested:
> http://www.virtualbox.org/changeset/37369

Jakub:

The comment says:

 "Network/Pcap.cpp: work around wireshark bug, which cannot always process a
  frame with 0 captured bytes (used to force timestamp display to approximately
  match VM time), ..."


Looking at a trace made with 'nictrace on' for my VirtualBox Linux VM I see
that the times on the trace start at 0 (.../1970) plus a varying small offset
in microseconds (no matter what the time in my VM).

So it doesn't appear that writing an initial dummy frame (now with 4 data bytes
of zeros iso 0 data bytes) is accomplishing what appears to be the objective.

(The original code comment said: /* force ethereal to start at 0.000000. */ )


If the VM time is not readily available, I would make the case that, if
possible, using the current host time would be better than using a time
starting at 0.

In any case, I wonder if it's possible to not write an initial dummy (junk)
frame.

My inclination would be to file a bug saying "no initial dummy record" and
"time doesn't actually match VM time"

Thoughts ? (since I get the impression that you may know your way around the
VirtualBox code) ?

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.