Wireshark-bugs: [Wireshark-bugs] [Bug 12619] New: Tshark: IPv6 packets show as blanks in txt out
| Bug ID |
12619
|
| Summary |
Tshark: IPv6 packets show as blanks in txt output
|
| Product |
Wireshark
|
| Version |
2.0.4
|
| Hardware |
x86
|
| OS |
Windows 8.1
|
| Status |
UNCONFIRMED
|
| Severity |
Major
|
| Priority |
Low
|
| Component |
TShark
|
| Assignee |
bugzilla-admin@wireshark.org
|
| Reporter |
steveo2394@aol.com
|
Created attachment 14729 [details]
Source PCAP, Output txt file when run through tshark, and the batch file used
to invoke tshark.
Build Information:
TShark (Wireshark) 2.0.4 (v2.0.4-0-gdd7746e from master-2.0)
Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with WinPcap (4_1_3), with libz 1.2.8, with GLib 2.42.0, with
SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2, with GnuTLS 3.2.15, with Gcrypt
1.6.2, with MIT Kerberos, with GeoIP.
Running on 64-bit Windows 8.1, build 9600, with locale English_United
States.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based
on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with
Gcrypt 1.6.2.
Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz (with SSE4.2), with 16289MB of
physical memory.
Built using Microsoft Visual C++ 12.0 build 40629
--
When processing a PCAP file that has both IPv4 and IPv6 packets, I see that the
IPv4 packets are processed and output to the text stream. The IPv6 records
show packet details, but neither the IP address nor host resolution:
9902.628195000 Jul 1, 2016 21:25:42.960406000 Eastern Daylight Time
0xda1a Sent by us
9902.691751000 Jul 1, 2016 21:25:43.023962000 Eastern Daylight Time
0xda1a Unicast to us
9902.691805000 Jul 1, 2016 21:25:43.024016000 Eastern Daylight Time
198.224.180.135 135.sub-198-224-180.myvzw.com 100.72.250.17
100.72.250.17 DNS 130 Standard query response 0x0176 A
ssl.google-analytics.com CNAME ssl-google-analytics.l.google.com A
216.58.219.136
9902.695788000 Jul 1, 2016 21:25:43.027999000 Eastern Daylight Time
TCP 39088 → 443 [SYN] Seq=0 Win=65535 Len=0 MSS=1368
SACK_PERM=1 TSval=1586244 TSecr=0 WS=256
9902.695819000 Jul 1, 2016 21:25:43.028030000 Eastern Daylight Time
0xda1a Sent by us
9902.723951000 Jul 1, 2016 21:25:43.056162000 Eastern Daylight Time
0xda1a Unicast to us
9902.724002000 Jul 1, 2016 21:25:43.056213000 Eastern Daylight Time
TCP 443 → 39088 [SYN, ACK] Seq=0 Ack=1 Win=27960 Len=0
MSS=1410 SACK_PERM=1 TSval=883465465 TSecr=1586244 WS=128
9902.724535000 Jul 1, 2016 21:25:43.056746000 Eastern Daylight Time
TCP 39088 → 443 [ACK] Seq=1 Ack=1 Win=82176 Len=0
TSval=1586247 TSecr=883465465
9902.724579000 Jul 1, 2016 21:25:43.056790000 Eastern Daylight Time
0xda1a Sent by us
9902.727957000 Jul 1, 2016 21:25:43.060168000 Eastern Daylight Time
SSL Client Hello
The tshark command being used is
tshark -r %1 -T fields -E separator=/t -e frame.time_relative -e frame.time -e
ip.src -e ip.src_host -e ip.dst -e ip.dst_host -e _ws.col.Protocol -e ip.len -e
_ws.col.Info > %2
Where %1 is the input PCAP and %2 is the output.
Source file, output file, and batch file are provided in the attached zip.
Loading the same PCAP file into Wireshark and setting the columns up as aligned
in the tshark line, does yield the expected output (though not in the txt
output format)
You are receiving this mail because:
- You are watching all bug changes.
