Wireshark-bugs: [Wireshark-bugs] [Bug 1404] New: Follow TCP stream output missing characters tha
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1404
Summary: Follow TCP stream output missing characters that are in
raw capture file
Product: Wireshark
Version: 0.99.3
Platform: PC
OS/Version: All
Status: NEW
Severity: Normal
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: cis_shawn@xxxxxxxxx
Build Information:
Version 0.99.3 (SVN Rev 19011)
Copyright 1998-2006 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GTK+ 2.6.9, with GLib 2.6.6, with WinPcap (version unknown),
with libz 1.2.3, with libpcre 6.4, with Net-SNMP 5.3.1, with ADNS, with Lua
5.1.
Running with WinPcap version 3.1 (packet.dll version 3, 1, 0, 27), based on
libpcap version 0.9[.x] on Windows XP Service Pack 2, build 2600.
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and http://www.wireshark.org for more information.
--
When loading a pcap file and following a tcp stream characters are missing from
the stream view. For example. This is the hex dump of the packet:
0000 00 0c 29 19 07 06 00 0c 41 ab fe 2f 08 00 45 20 ..)..... A../..E
0010 00 38 02 6f 40 00 29 06 7c 72 84 f8 cc e1 c0 a8 .8.o@.). |r......
0020 c0 3c d1 d5 01 bb 38 13 bc 8c f8 94 74 75 80 18 .<....8. ....tu..
0030 21 f0 53 86 00 00 01 01 08 0a 04 39 32 01 01 db !.S..... ...92...
0040 dc 60 6e 65 76 65 .`neve
and
0000 00 0c 41 ab fe 2f 00 0c 29 19 07 06 08 00 45 00 ..A../.. ).....E.
0010 00 38 b8 06 40 00 40 06 af fa c0 a8 c0 3c 84 f8 .8..@.@. .....<..
0020 cc e1 01 bb d1 d5 f8 94 74 75 38 13 bc 90 80 18 ........ tu8.....
0030 f8 e0 b8 e9 00 00 01 01 08 0a 01 db dd 2e 04 39 ........ .......9
0040 32 01 77 30 30 74 2.w00t
But the followed stream shows this:
s".7z............
nev
w00
TERM=xterm; export TERM=xterm; exec bash -i;
There is a missing "e" after nev and a missing "t" on w00t. This has the same
result on Linux and on Windows XP. When the capture is run through Sguil, and a
transcript is performed it shows correctly.
--
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.