Wireshark-bugs: [Wireshark-bugs] [Bug 11214] New: Wireshark searches for dumpcap.exe in the dire
Date: Wed, 20 May 2015 14:12:20 +0000
Bug ID 11214
Summary Wireshark searches for dumpcap.exe in the directory of the capture file you're opening
Product Wireshark
Version 1.12.5
Hardware x86-64
OS Windows 7
Status UNCONFIRMED
Severity Normal
Priority Low
Component GTK+ UI
Assignee bugzilla-admin@wireshark.org
Reporter jeff.morriss.ws@gmail.com
CC chinorui@hotmail.com, jeff.morriss.ws@gmail.com
Depends on 11196

Build Information:
Build Information:
Version 1.12.5 (v1.12.5-0-g5819e5b from master-1.12)

Copyright 1998-2015 Gerald Combs <gerald@wireshark.org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built May 12 2015),
with
AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, with 8089MB of physical memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
+++ This bug was initially created as a clone of Bug #11196 +++

>From the original bug:

~~~
In older versions of wireshark, I was able to open pcap files residing in a
samba repository which was mapped in my WIN7 machine as a network share.
This is the way I map the Z:\ drive:
net use Z: \\LINUX_SERVER\SHARE_DIRECTORY PASSWORD /user:USER /persistent:no

I only needed to double-click on the file I wanted to open from the explrer.

I new versions (I don't remember when this began to happen) I cannot open the
pcap files in this way. I get the following error: "The file XXX doesn't
exist."

It seems that the reason is that wireshat want to access in the same directory
a file named dumpcap.exe

Capturing what happens in the network shows that the samba server launchs this
error: STATUS_OBJECT_NAME_NOT_FOUND and the file is dumpcap.exe

The samba server shows in loglevel 3 this information:
smbd.log:  call_trans2qfilepathinfo: SMB_VFS_STAT of
sumin/ca/v7.5.3/1-DC/dumpcap.exe failed (No such file or directory)
((Complete transaction log is attached))
[...]
~~~

To which I replied:

~~~
I can, however, confirm the odd searching for dumpcap.exe behavior.  I ran
Wireshark while doing one of the above actions then filtered for:

smb.file contains "dumpcap"

and found several hits looking for \\server\directory\dumpcap.exe .  That
should probably be the subject of a different bug, though--I don't think it's
related to your problem.
~~~

Guy supported the idea:

~~~
> Win 7......
> gsa opened file fishero.pcap read=No write=No (numopen=3)
> gsa closed file fishero.pcap (numopen=2) NT_STATUS_OK

OK, so that appears to be unrelated to the search for dumpcap.exe.

Could you please file a *separate* bug for that issue?
~~~

This is that bug.


You are receiving this mail because:
  • You are watching all bug changes.