https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16511
Bug ID: 16511
Summary: udp and ipv4 filter fails in certain scenario
Product: Wireshark
Version: unspecified
Hardware: x86-64
OS: Windows 10
Status: UNCONFIRMED
Severity: Normal
Priority: Low
Component: TShark
Assignee: bugzilla-ad...@wireshark.org
Reporter: bedredin.cel...@gmail.com
Target Milestone: ---
Build Information:
3.2.3 (v3.2.3-0-gf39b50865a13)
Compiled (64-bit) with Qt 5.12.6, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic
updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled
resampler), with SBC, with SpanDSP, with bcg729.
Running on 64-bit Windows 10 (1909), build 18363, with Intel(R) Core(TM)
i7-4720HQ CPU @ 2.60GHz (with SSE4.2), with 16307 MB of physical memory, with
locale French_France.1252, with light display mode, without HiDPI, with Npcap
version 0.9989, based on libpcap version 1.9.1, with GnuTLS 3.6.3, with Gcrypt
1.8.3, with brotli 1.0.2, without AirPcap, binary plugins supported (19
loaded).
Built using Microsoft Visual Studio 2019 (VC++ 14.24, build 28316).
--
using "udp" in filter doesn't give the same answers as "ip.proto==17" when
filtering in ipv4.
Using "ip.proto==17" we get 1542:
>tshark -r exercise0.pcap -Y "ip.version==4 && ip.proto==17" | wc -l
>1542
Using "udp" we get 1544:
>tshark -r exercise0.pcap -Y "ip.version==4 && udp" | wc -l
>1544
Seeing the difference of frames (2 frames) that are between udp and ip.proto we
get two DNS ipv6 frames...which shouldn't be counted considering in the
exercise we only use "ipv4"
>tshark -r exercise0.pcap -Y "ip.version==4 && udp && not ip.proto==17"
>77878 0.905945 2001:2df6:8:1dcc:f39f:fbff:bf:f3de →
>2001:22ff:ffb8:de03:7380:faf8:ff20:38c DNS 102 Standard query 0x01ef[Packet
>size limited during capture]
>79751 0.925990 2001:2df6:8:1dcc:f39f:fbff:bf:f3de →
>2001:22ff:ffb8:de03:7380:faf8:ff20:392 DNS 102 Standard query 0x0417[Packet
>size limited during capture]
Unfortunately I can't attach the .pcap files.
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
