https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16796

            Bug ID: 16796
           Summary: Endpoints statistics duplicates packet and byte counts
                    when endpoint is the same.
           Product: Wireshark
           Version: Git
          Hardware: x86-64
                OS: Windows 10
            Status: UNCONFIRMED
          Severity: Normal
          Priority: Low
         Component: Qt UI
          Assignee: bugzilla-ad...@wireshark.org
          Reporter: christopher.mayn...@igt.com
  Target Milestone: ---

Created attachment 17954
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=17954&action=edit
Capture file containing 2 packets with the same source and destination IP
address.

Build Information:
3.3.0 (v3.3.0rc0-1864-g06ff18fbb45f)

Compiled (64-bit) with Qt 5.15.0, with libpcap, with GLib 2.52.3, with zlib
1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with GnuTLS 3.6.3
and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB
resolver, with nghttp2 1.39.2, with brotli, with LZ4, with Zstandard, with
Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic updates using
WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled resampler).

Running on 64-bit Windows 10 (1909), build 18363, with Intel(R) Xeon(R) CPU
E3-1505M v5 @ 2.80GHz (with SSE4.2), with 16231 MB of physical memory, with
locale English_United States.utf8, with light display mode, without HiDPI, with
Npcap version 0.9996, based on libpcap version 1.9.1, with GnuTLS 3.6.3, with
Gcrypt 1.8.3, with brotli 1.0.2, with AirPcap 4.1.0 build 1622, binary plugins
supported (20 loaded).

Built using Microsoft Visual Studio 2019 (VC++ 14.26, build 28806).

--
If the source and destination addresses are the same, then the total packet and
byte counts are counted twice.

In the attached pcap file, there are only 2 packets, which is the result of
capturing "ping -c 1 127.0.0.1" using "tcpdump -i lo -c 2 -w ping1_lo.pcap
icmp".  Even though the capture file only contains 2 packets, the Endpoints
IPv4 statistics indicates that there are 4 packets and 392 bytes for 127.0.0.1,
which is impossible.  The total packets and byte statistics appear to be
counting the address twice when the source and destination addresses are the
same.

The same problem exists for the Ethernet address too, in this case
00:00:00:00:00:00.  Even though I haven't tested it, the same problem almost
certainly exists for IPv6 addresses as well.

-- 
You are receiving this mail because:
You are watching all bug changes.
___________________________________________________________________________
Sent via:    Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives:    https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
             mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe

Reply via email to