When export to a CSV, Info is changed to differ.

This issue was migrated from bug 10453 in our old bug tracker.

Original bug information:

Reporter: Munesato Nakada
Status: RESOLVED FIXED
Product: Wireshark
Component: Dissection engine (libwireshark)
OS: All
Platform: All
Version: 1.12.0

Attachments:

sip-register-sample.pcap: original captured file
sip-register-sample.csv: exported csv

Munesato Nakada said:

Created attachment 13040 original captured file

Build Information: Version 1.12.0 (v1.12.0-0-g4fab41a1 from master-1.12)

Copyright 1998-2014 Gerald Combs <gerald@‍wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, without Python, with GnuTLS 3.1.22, with Gcrypt 1.6.0, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 31 2014), with AirPcap.

Running on 32-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 3.1.22, Gcrypt 1.6.0, without AirPcap. Intel(R) Pentium(R) D CPU 3.00GHz, with 2047MB of physical memory.

Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public License.

Check the man page and http://www.wireshark.org for more information.

In initialize sequence in SIP, send a REGISTER message to SIP server.

Captured data has been displayed as "Status: 200 OK (1 bindings)".
But export to CSV, will be as "Status: 200 OK (0 bindings)".

added libwireshark version1.12 labels

Munesato Nakada said:

Created attachment 13041 exported csv

Bill Meier said:

Fixed in the master (dev) branch and in the wireshark-1.12 branch.

See: https://code.wireshark.org/review/#/c/4051/

The fix will appear in the next release of Wireshark-1.12.

If you want to try out the fix (on Windows) you can download

https://www.wireshark.org/download/automated/win32/Wireshark-win32-1.12.1rc0-74-g3131847.exe

(I've not backported this fix to Wireshark-1.10 since that version seems to not have other changes relating sip dissection).

Thanks for the bug report ....

Bill Meier said:

(In reply to Bill Meier from comment #2)  
>  
> (I've not backported this fix to Wireshark-1.10 since that version seems to  
> not have other changes relating sip dissection).  
>  

Update: I decided to backport the fix since it is valid even for Wireshark-1-10.

However, I note that significant improvements were apparently made in sip dissection after Wireshark-1.10 so that the attached capture file does not altogether seem to dissect properly in Wireshark-1.10.

Munesato Nakada said:

Thank you for your quick response. I checked that displayed-content and exported-csv was matched.

Regards.

closed