Yes, in the wireshark directory is editcap.exe this will aloow you to slice the capture file up. i have never tried it on a corrupt file though.
This shoudl output the first 2007 packets to a new file
ex. editcap -r <name-of-capture-file.cap> <new-outputfile.cap> 1-2007
-------- Original Message --------
Subject: [Wireshark-users] Corrupted cap file
From: Robert Smith <wmk589@xxxxxxxxx>
Date: Thu, January 24, 2008 6:06 am
To: wireshark-users@xxxxxxxxxxxxx
Due to some communication problems tshark produced corrupted capture file.
When I try to open it in Wireshark I see in the Open Capture File dialog: "Error after reading 2008 packets". The size of the file is 698854 bytes.
After clicking on OK button Wireshark displays the following error message: "The capture file appears to be damaged or corrupt. (pcap: File has 842151219-byte packet, bigger than maximum of 65535). Then Wireshark displays the correct portion of the file, 2008 packets.
My question is, whether there are tools which allows to repair corrupted capture file and extract from it as much information as possible?
Thanks
Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-users