Wireshark-bugs: [Wireshark-bugs] [Bug 1404] New: Follow TCP stream output missing characters tha
Date: Mon, 26 Feb 2007 18:44:31 +0000 (GMT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1404

           Summary: Follow TCP stream output missing characters that are in
                    raw capture file
           Product: Wireshark
           Version: 0.99.3
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: cis_shawn@xxxxxxxxx


Build Information:
Version 0.99.3 (SVN Rev 19011)

Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.3.1, with ADNS, with Lua
5.1.

Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on
libpcap version 0.9[.x] on Windows XP Service Pack 2, build 2600.

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
When loading a pcap file and following a tcp stream characters are missing from
the stream view. For example. This is the hex dump of the packet:

0000  00 0c 29 19 07 06 00 0c  41 ab fe 2f 08 00 45 20   ..)..... A../..E 
0010  00 38 02 6f 40 00 29 06  7c 72 84 f8 cc e1 c0 a8   .8.o@.). |r......
0020  c0 3c d1 d5 01 bb 38 13  bc 8c f8 94 74 75 80 18   .<....8. ....tu..
0030  21 f0 53 86 00 00 01 01  08 0a 04 39 32 01 01 db   !.S..... ...92...
0040  dc 60 6e 65 76 65                                  .`neve  

and 

0000  00 0c 41 ab fe 2f 00 0c  29 19 07 06 08 00 45 00   ..A../.. ).....E.
0010  00 38 b8 06 40 00 40 06  af fa c0 a8 c0 3c 84 f8   .8..@.@. .....<..
0020  cc e1 01 bb d1 d5 f8 94  74 75 38 13 bc 90 80 18   ........ tu8.....
0030  f8 e0 b8 e9 00 00 01 01  08 0a 01 db dd 2e 04 39   ........ .......9
0040  32 01 77 30 30 74                                  2.w00t           

But the followed stream shows this:

s".7z............
nev
w00
TERM=xterm; export TERM=xterm; exec bash -i;

There is a missing "e" after nev and a missing "t" on w00t. This has the same
result on Linux and on Windows XP. When the capture is run through Sguil, and a
transcript is performed it shows correctly.


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.