Wireshark-bugs: [Wireshark-bugs] [Bug 1194] Timestamp oddness
Date: Wed, 20 Aug 2008 07:12:20 -0700 (PDT)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1194


Sake <sake@xxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID




--- Comment #5 from Sake <sake@xxxxxxxxxx>  2008-08-20 07:12:12 PDT ---
(In reply to comment #4)
> So the capture file is invalid, I suspected that might be the case. Shouldn't
> the bad behaviour remain consistent no matter what I do with the packets?
> 
> Or does resaving the capture alter the captured data? That's probably a bug.

It does when you "convert" from one capture file format to another:

=======
sake@brutus:/tmp$ capinfos -tc 19.cap 11.cap 
File name: 19.cap
File type: Wireshark/tcpdump/... - libpcap
Number of packets: 19 

File name: 11.cap
File type: Visual Networks traffic capture
Number of packets: 11 
sake@brutus:/tmp$ 
=======


(wire|t)shark don't seem to alter the captured data when it doesn't need to
convert to another file format:


=======
sake@brutus:/tmp$ tshark -r 19.cap -R "frame.number<12" -w 11b.cap
sake@brutus:/tmp$ capinfos -tc 11b.cap 
File name: 11b.cap
File type: Wireshark/tcpdump/... - libpcap
Number of packets: 11 
sake@brutus:/tmp$ tshark -r 11b.cap 
  1   0.000000 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=100
  2  -1.950069 206.130.75.41 -> 206.130.75.70 TCP mtport-regist > ssh [ACK]
Seq=1 Ack=101 Win=64995 Len=0
  3   1.322921 WwPcbaTe_68:a4:14 -> Broadcast    ARP Who has 206.130.75.239? 
Tell 206.130.75.135
  4   1.338383 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>
  5   2.089559 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>
  6   2.370592 Intel_70:c4:6d -> Broadcast    ARP Who has 206.130.75.42?  Tell
206.130.75.111
  7   2.840721 206.130.75.239 -> 206.130.75.255 NBNS Name query NB
MANUFACTURING<1b>
  8   4.285446 Intel_f0:f3:bd -> Broadcast    ARP Who has 206.130.75.222?  Tell
206.130.75.14
  9   4.295193 206.130.75.41 -> 206.130.75.70 SSH Encrypted request packet
len=20
 10   4.295199 206.130.75.70 -> 206.130.75.41 TCP ssh > patrol-mq-gm [ACK]
Seq=1 Ack=21 Win=5840 Len=0
 11   4.305976 206.130.75.70 -> 206.130.75.41 SSH Encrypted response packet
len=20
sake@brutus:/tmp$ 
=======


So I'm closing this bug as INVALID


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.