Wireshark-bugs: [Wireshark-bugs] [Bug 8434] Crash (Null dereference) when loading capture files
Comment # 4
on bug 8434
from Isaiah Frantz
This may be an issue with how different pcap formats are handled.
I tried to use mergecap from the cli and failed on all attempts to merge
tcpdump files:
ifrantz@defiant:~/work/pcap/attA01$ file attA01.attA03.pcap
attA01.attA03.pcap: tcpdump capture file (little-endian) - version 2.4
(Ethernet, capture length 65535)
ifrantz@defiant:~/work/pcap/attA01$ file rjs.attA03.attA01.pcap
rjs.attA03.attA01.pcap: tcpdump capture file (little-endian) - version 2.4
(Ethernet, capture length 65535)
ifrantz@defiant:~/work/pcap/attA01$ mergecap -w attA01.pcap attA01.attA03.pcap
rjs.attA03.attA01.pcap
mergecap: Error reading rjs.attA03.attA01.pcap: Less data was read than was
expected
And the resulting file is much smaller than expected:
ifrantz@defiant:~/work/pcap/attA01$ ll attA01.attA03.pcap
rjs.attA03.attA01.pcap attA01.pcap
-rw-r--r-- 1 ifrantz ifrantz 184014 Jul 18 12:45 attA01.attA03.pcap
-rw-r--r-- 1 ifrantz ifrantz 27776 Jul 19 10:47 attA01.pcap
-rw-r--r-- 1 ifrantz ifrantz 24576 Jul 18 12:32 rjs.attA03.attA01.pcap
However, this works both on the cli and in the merge dialog when merging snoop
pcap files with no errors and the merge dialog properly goes away after
[Open]ing the file to merge.
ifrantz@defiant:~/work/pcap/oemdb1$ file attA03.pcap
attA03.pcap: Snoop capture file - version 2 (Ethernet)
ifrantz@defiant:~/work/pcap/oemdb1$ file attB03.pcap
attB03.pcap: Snoop capture file - version 2 (Ethernet)
ifrantz@defiant:~/work/pcap/oemdb1$ file oemdb1.pcap
oemdb1.pcap: pcap-ng capture file - version 1.0
You are receiving this mail because:
- You are watching all bug changes.