On Nov 9, 2006, at 1:41 PM, prashanth joshi wrote:
We have written parsing code for the "Data Record Transfer Request".
The code wroks fine for some of the trace files we have. But for one
trace file which has captured GTP packets over UDP our code is not
working correct. If we run ethereal without our code addition it
shows around 560 packets. However if we run the ethereal with our
code addition the following error message shows up:
" The capture file appears to be damaged or corrupt.
(pcap: File has 3858759680-byte packet, bigger than maximum of
65535) "
And there is an option "OK". If we click on that then we do get the
ethereal display , but now only 466 packets are shown.
Please any one tell me the reason behind this.
The reason behind this is that the capture file appears to be damaged
or corrupt; that's why the error message says "The capture file
appears to be damaged or corrupt."
That error will not occur as a result of problems in packet dissector
code unless that code overwrites some data structure for the Wiretap
library.
Did you build a separate version of Wireshark with your changes? Is
the version without your code just a standard distribution, or is it
something you built from the same source tree using the same build
process as the version with your changes, so the only difference is
your changes? If not, what happens if you back out your changes,
rebuild Wireshark, and try reading that file with that version?
On what operating system are you running Wireshark?
What version are you running?
Is the capture file gzipped?
Where was the capture done?