Hi
I did like to see what was going on.
So I downloaded T1-7_DOtreppe_WLAN Analysis and Security1.pdf from
http://www.cacetech.com/SHARKFEST.08/ and captured the traffic with Wireshark.
The file size is 9.219.404 bytes
Wireshark:
When I use Wireshark to export the file (Wireshark->File->Export->Object->HTTP:)
the result is the same: 9.219.404 bytes
Using Follow TCP Stream I also see bytes missing, but no negative values:
2920 - 2920 - 2352 - 1460 - 2920 - 892 - 812 - 1460 - 4380
1460 - 1460 - 1460 - 2920
I saved the content as PDF (I selected "Raw").
The result is a file of 9.192.839 bytes.
The file isn't corrupt, but some slides are displayed twice.
This morning I used TShark to capture the traffic and the results were more
or less the same.
Regards,
Joan
-------------------------------------------------------------------------------
>> Wireshark-users: [Wireshark-users] 32768 bytes missing in capture file
Deepti Kumar wrote:
>>
>> From: Deepti Kumar <deepti_kumar47@xxxxxxxxx>
>> Date: Sat, 10 May 2008 00:04:21 -0700 (PDT)
>>
>> Hi,
>> I have been trying to download a file of size 11MB using wget. I've run
>> wireshark at the same time to capture the traffic. All this is done on
the >> localhost and wireshark is therefore capturing on the lo interface.
>> After the file transfer when i right click and see "Follow TCP Stream"
and >> see the number of bytes exchanged, it is less than 11MB(no of bytes
>> actually that should have been exchanged). I check the data in the display
>> window of "Follow TCP Stream" and see that there are some bytes missing:
>>
>> >32768 bytes missing in capture file
>> >[-32768 bytes missing in capture file]
>> >[16384 bytes missing in capture file]
>>
>> My question is (1) why has wireshark not captured these files? (Note:
The >> download gives me the complete file)
>> (2) What are these negative values?
>>
>> Hoping someone would help me on this.
>>
>> Thanks in advance.
>>
>>
