Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 9054] New: vwr heuristic dissector mis-identifies ERF file

Wireshark-bugs: [Wireshark-bugs] [Bug 9054] New: vwr heuristic dissector mis-identifies ERF file

Date: Tue, 20 Aug 2013 02:32:33 +0000

Bug ID	9054
Summary	vwr heuristic dissector mis-identifies ERF file
Classification	Unclassified
Product	Wireshark
Version	SVN
Hardware	All
OS	All
Status	UNCONFIRMED
Severity	Normal
Priority	Medium
Component	Capture file support (libwiretap)
Assignee	bugzilla-admin@wireshark.org
Reporter	stephen.donnelly@emulex.com
Attachment #11406 Flags	review_for_checkin?

Created attachment 11406 [details]
Reorder deck chairs

Build Information:
wireshark 1.11.0 (SVN Rev 51433 from /trunk)

Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 3.4.2, with Cairo 1.10.2, with Pango 1.30.0, with
GLib 2.32.3, with libpcap, with libz 1.2.3.4, with POSIX capabilities (Linux),
with libnl 1, with SMI 0.4.8, with c-ares 1.7.5, with Lua 5.2, without Python,
with GnuTLS 2.12.14, with Gcrypt 1.5.0, with Heimdal Kerberos, with GeoIP, with
PortAudio <= V18, without AirPcap.

Running on Linux 3.2.0-51-generic, without locale, with libpcap version
1.5.0-PRE-GIT_2013_08_16, with libz 1.2.3.4, GnuTLS 2.12.14, Gcrypt 1.5.0.
        Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz

Built using gcc 4.6.3.
--
I have a valid ERF file that was mis-identified by the vwr heuristic dissector
which was run first.

Unfortunately I cannot share the file.

A temporary work-around is to re-order the heuristic dissectors, but I can't
help feeling that more needs to be done. Even if ERF has a magic number added
there are many heuristic dissectors supported.

Could we have a wtap option to override the file type?

Could wtap_open_offline() use the file extension as a file type preference?
E.g. try the registered file extension dissector first, if unclaimed then run
the magic/heuristic dissectors in order?

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 9054] vwr heuristic dissector mis-identifies ERF file
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9054] vwr heuristic dissector mis-identifies ERF file
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9054] vwr libwiretap heuristic file type recognizer mis-identifies ERF file as vwr file
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9054] vwr libwiretap heuristic file type recognizer mis-identifies ERF file as vwr file
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9054] vwr libwiretap heuristic file type recognizer mis-identifies ERF file as vwr file
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9054] vwr libwiretap heuristic file type recognizer mis-identifies ERF file as vwr file
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 9045] openSAFETY: Fixing heuristic detection
Next by Date: [Wireshark-bugs] [Bug 8214] ZigBee Cluster Library dissector does not handle array, set, bag & structure data types correctly
Previous by thread: [Wireshark-bugs] [Bug 9053] Update to RTPS dissector for vendor ids
Next by thread: [Wireshark-bugs] [Bug 9054] vwr heuristic dissector mis-identifies ERF file
Index(es):
- Date
- Thread