https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16350
Bug ID: 16350
Summary: Display filters loaded at startup don't apply
correctly
Product: Wireshark
Version: 3.2.1
Hardware: x86-64
OS: Windows 10
Status: UNCONFIRMED
Severity: Major
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
Created attachment 17591
--> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17591&action=edit
Capture with DNS requests and Responses
Build Information:
Version 3.2.1 (v3.2.1-0-gbf38a67724d0)
Copyright 1998-2020 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.html> This is free software; see the
source for copying conditions. There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.12.6, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with AirPcap,
with SpeexDSP (using bundled resampler), with SBC, with SpanDSP, with bcg729.
Running on 64-bit Windows 10 (1909), build 18363, with Intel(R) Core(TM)
i7-4770 CPU @ 3.40GHz (with SSE4.2), with 16335 MB of physical memory, with
locale English_United States.1252, with light display mode, without HiDPI, with
Npcap version 0.9986, based on libpcap version 1.9.1, with GnuTLS 3.6.3, with
Gcrypt 1.8.3, with brotli 1.0.2, without AirPcap, binary plugins supported (19
loaded). Built using Microsoft Visual Studio 2019 (VC++ 14.24, build 28315).
Wireshark is Open Source Software released under the GNU General Public
License.
Check the man page and https://www.wireshark.org for more information.
--
Display filter to: "Show DNS requests without a response"
dns.flags.response == 0 && !dns.response_in
Case 1: This one works
1. Load attached pcap file
2. Apply display filter: "dns.flags.response == 0 && !dns.response_in"
3. This shows zero packets, as expected. (Every DNS request in this capture,
has a corresponding response)
Case 2: This one doesn't work
1. Start Wireshark, without a pcap file.
2. Apply the display filter: "dns.flags.response == 0 && !dns.response_in"
3. Open the attached pcap file
4. Three packets show as matches (which isn't correct)
5. Hit Enter (to reapply the filter)
6. This now shows zero packets (which is expected).
This problem is NOT specific to DNS.
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:[email protected]?subject=unsubscribe
