Wireshark-bugs: [Wireshark-bugs] [Bug 10571] New: When attempting to merge to pcap's with split
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 15 Oct 2014 19:07:15 +0000
Bug ID 10571
Summary When attempting to merge to pcap's with split packets at the end, wireshark crashes after selection of file to merge and hitting OK
Product Wireshark
Version unspecified
Hardware x86-64
OS Windows 8.1
Status UNCONFIRMED
Severity Normal
Priority Low
Component Extras
Assignee bugzilla-admin@wireshark.org
Reporter rmarmo@nvint.com 

Build Information:
Version 1.10.5 (SVNRev 54262 from /trunk-1.10)

Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Dec 19 2013), with AirPcap.

Running on 64-bit Windows 8, build 9200, with WinPcap version 4.1.3 (packet.dll
version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008),
GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.
Intel(R) Core(TM) i7-4700MQ CPU @ 2.40GHz, with 24200MB of physical memory.


Built using Microsoft Visual C++ 10.0 build 40219
--
When attempting to merge two PCAP files, specifically from Security Onion, if
the first pcap contains malformed ethernet packets and gives you an error upon
loading the pcap "The capture file appears to have been cut short in the middle
of a packet", Wireshark will crash after closing the Merge files window.

If you open the first capture, pulled directly from a security onion dailylogs
folder stored in "snort.log.%DATE%" format, Wireshark displays message about
packet capture cut short.  It operates normally until you attempt to merge a
2nd capture file, again pulled from Security Onion.  Once you browse to the
file, regardless of merge option chosen, and hit Apply it brings you back to
the same merge files window.  Attempting to click cancel, or Esc, or any
combination of keystrokes will cause Wireshark to crash and Force Close once
oyu get back to the main view windows.

You are receiving this mail because:
  • You are watching all bug changes.