Wireshark-bugs: [Wireshark-bugs] [Bug 9048] New: two pass analysis does not show any packets wit
Date: Fri, 16 Aug 2013 16:29:48 +0000
Bug ID 9048
Summary two pass analysis does not show any packets with some combinations -c and -Y
Classification Unclassified
Product Wireshark
Version SVN
Hardware x86
OS All
Status UNCONFIRMED
Severity Major
Priority Low
Component TShark
Assignee bugzilla-admin@wireshark.org
Reporter joe@qacafe.com

Build Information:
TShark 1.10.2 (SVN Rev 51377 from /trunk-1.10)

Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.28.6, with libpcap, with libz 1.2.3.4, with POSIX
capabilities (Linux), without libnl, with SMI 0.4.8, with c-ares 1.7.3, with
Lua
5.1, without Python, with GnuTLS 2.8.6, with Gcrypt 1.4.6, with MIT Kerberos,
with GeoIP.

Running on Linux 2.6.38-16-generic, with locale en_US.UTF-8, with libpcap
version 1.1.1, with libz 1.2.3.4.
Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz

Built using gcc 4.5.2.

--
Adding -2 to tshark with -c and -Y may not produce the same result.

Example without -2


joe@cooley:~/lab2/wireshark-1.10-trunk$ ./tshark -r dns.cap -c 1 -Y
"frame.number>1"
  2   0.000269   172.16.1.1 -> 172.16.1.198 DNS 84 Standard query response
0xc576  A 10.0.0.101


However, once I switch this to a two pass using "-2", I don't see any packets
displayed.


joe@cooley:~/lab2/wireshark-1.10-trunk$ ./tshark -r dns.cap -2 -c 1 -Y
"frame.number>1"
joe@cooley:~/lab2/wireshark-1.10-trunk$ 



http://ask.wireshark.org/questions/23804/understanding-two-pass-analysis-with-tshark


You are receiving this mail because:
  • You are watching all bug changes.