Wireshark-bugs: [Wireshark-bugs] [Bug 9202] New: dumpcap doesn't describe platform's hardware
Date: Sun, 29 Sep 2013 07:13:11 +0000
Bug ID 9202
Summary dumpcap doesn't describe platform's hardware
Classification Unclassified
Product Wireshark
Version 1.10.1
Hardware x86
OS Windows 7
Status UNCONFIRMED
Severity Major
Priority Low
Component Capture file support (libwiretap)
Assignee bugzilla-admin@wireshark.org
Reporter emelbraun@hotmail.com

Build Information:

--
Wireshark's  dumpcap  utility writes some description of the platform on which
a capture is performed: if you capture some traffic or open a dump file and
then look at: Statistics -> Summary, under 'Capture' you can read the OS of the
platform. 

You don't find a hardware description of the platform, though such a
description could be put into the dump just beside the OS description: there's
a place for it built in the dump file format (see in the PCAP-NG Dump File
Format specification: options of the Section Header Block).

If dumpcap did write this hardware description, in a number of cases the
capture would fail get displayed in Wireshark's GUI, however.
More precisely, in case the string describing the hardware contains N*4+3
characters (eg "PC-mike"), dumpcap would write this string in the dump wrongly
and Wireshark's GUI would popup a message "The file XXX isn't a capture file in
a format Wireshark understands". 

This is due to a padding failure,
which comes from a defect in dumpcap's source code, in a PCAP-NG helper
function: 

in [pcapio.c] libpcap_write_session_header_block, line 71:   
<< if ((strlen(hw) + 1) % 4) >> 
should be 
<< if (strlen(hw) % 4) >>


You are receiving this mail because:
  • You are watching all bug changes.