Wireshark · Ethereal-dev: Re: [ethereal-dev] Re: [ethereal-users] Ethereal crash reading tcpdump '-r' file (FreeBSD 3.4)

Ethereal-dev: Re: [ethereal-dev] Re: [ethereal-users] Ethereal crash reading tcpdump '-r' file

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Wed, 13 Sep 2000 14:27:05 -0700 (PDT)

> Here's a diff against the current CVS, and it might actually apply
> cleanly against your 0.8.10, to guard against ethereal blowing up on
> the file. The capture file is indeed very different than what ethereal
> expects.

It's also different from what standard tcpdump expects:

	tooting$ tcpdump -r /u/guy/captures/barfolino.pcap 
	18:22:41.289231 8e:6:36:32:0:a0 1:d9:bf:bf:0:a0 8e06 294: 
	                         80aa 0800 4500 0118 0ce9 0000 4011 55e9
	                         0a01 0201 0a01 0101 01f4 01f4 0104 cf94
	                         fefa fee7 f500 0000 0000 0000 0000 0000
	                         0110 0200 0000 0000 0000 00fc 0d00 00cc
	                         0000 0001 0000 0001 0000 00c0 0001 0804
	                         fefa fee7 f500 0000 0300 002c 0001 0000
	                         8001 0005 8002 0002 8003 0002 8004 0001
	                         800b 0002 000c 0004 000f 4240 800b 0001
	                         800c 05dc 0300 002c 0101 0000 8001 0005
	                         8002 0001 8003 0002 8004 0001 800b 0002
	                         000c 0004 000f 4240 800b 0001 800c 05dc
	                         0300 002c 0201 0000 8001 0001 8002 0002
	                         8003 0002 8004 0001 800b 0002 000c 0004
	                         000f 4240 800b 0001 800c 05dc 0000 002c
	                         0301 0000 8001 0001 8002 0001 8003 0002
	                         8004 0001 800b 0002 000c 0004 000f 4240
	                         800b 0001 800c 05dc 0000 0014 0e58 d577
	                         4df6 0200 7d0b 0244
	tcpdump: pcap_loop: bogus savefile header

I'll have to try it at home, on my FreeBSD 3.4 machine, but FreeBSD
3.4's libpcap isn't, as I remember, significantly different from the
vanilla one.

Follow-Ups:
- Re: [ethereal-dev] Re: [ethereal-users] Ethereal crash reading tcpdump '-r' file (FreeBSD 3.4)
  - From: Guy Harris

References:
- Re: [ethereal-dev] Re: [ethereal-users] Ethereal crash reading tcpdump '-r' file (FreeBSD 3.4)
  - From: Gilbert Ramirez

Prev by Date: Re: [ethereal-dev] Re: [ethereal-users] Ethereal crash reading tcpdump '-r' file (FreeBSD 3.4)
Next by Date: Re: [ethereal-dev] Re: [ethereal-users] Ethereal crash reading tcpdump '-r' file (FreeBSD 3.4)
Previous by thread: Re: [ethereal-dev] Re: [ethereal-users] Ethereal crash reading tcpdump '-r' file (FreeBSD 3.4)
Next by thread: Re: [ethereal-dev] Re: [ethereal-users] Ethereal crash reading tcpdump '-r' file (FreeBSD 3.4)
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$