Wireshark-bugs: [Wireshark-bugs] [Bug 9066] New: Heuristic file type recognition should use file
Bug ID |
9066
|
Summary |
Heuristic file type recognition should use file extension as a hint
|
Classification |
Unclassified
|
Product |
Wireshark
|
Version |
SVN
|
Hardware |
All
|
OS |
All
|
Status |
UNCONFIRMED
|
Severity |
Normal
|
Priority |
Medium
|
Component |
Capture file support (libwiretap)
|
Assignee |
bugzilla-admin@wireshark.org
|
Reporter |
guy@alum.mit.edu
|
CC |
stephen.donnelly@emulex.com
|
Depends on |
9054
|
Build Information:
wireshark 1.11.0 (SVN Rev 51433 from /trunk)
Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GTK+ 3.4.2, with Cairo 1.10.2, with Pango 1.30.0, with
GLib 2.32.3, with libpcap, with libz 1.2.3.4, with POSIX capabilities (Linux),
with libnl 1, with SMI 0.4.8, with c-ares 1.7.5, with Lua 5.2, without Python,
with GnuTLS 2.12.14, with Gcrypt 1.5.0, with Heimdal Kerberos, with GeoIP, with
PortAudio <= V18, without AirPcap.
Running on Linux 3.2.0-51-generic, without locale, with libpcap version
1.5.0-PRE-GIT_2013_08_16, with libz 1.2.3.4, GnuTLS 2.12.14, Gcrypt 1.5.0.
Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Built using gcc 4.6.3.
--
+++ This bug was initially created as a clone of Bug #9054 +++
I have a valid ERF file that was mis-identified by the vwr heuristic dissector
which was run first.
Unfortunately I cannot share the file.
A temporary work-around is to re-order the heuristic dissectors, but I can't
help feeling that more needs to be done. Even if ERF has a magic number added
there are many heuristic dissectors supported.
Could we have a wtap option to override the file type?
Could wtap_open_offline() use the file extension as a file type preference?
E.g. try the registered file extension dissector first, if unclaimed then run
the magic/heuristic dissectors in order?
You are receiving this mail because:
- You are watching all bug changes.