Re: Cannot read .pcap file's contents with tcpdump

[Guy Harris <guy () alum mit edu>]

On Jan 15, 2009, at 12:54 PM, Bibudh Lahiri wrote:

>    I downloaded the file from the following location:
>
>    https://data.caida.org/datasets/passive-2008/equinix-chicago/20080319/

I don't have an account, so I can't download the file.

>    I downloaded the file by simply using the Firefox browser. Can  
> this cause the problem?

Probably not.  If the file were incorrectly downloaded by Firefox,  
tcpdump would probably report an error when opening or reading the file.

What version of tcpdump are you using?

What happens if you try reading the file with, for example, Wireshark  
or TShark?  Does it also report problems with every packet?  If so,  
could you show us what it displays for the raw hex data for one of the  
packets and for the detailed dissection of that packet?  You can get  
both of them with

	tshark -V -x -r eq-chic.dirB.20080319-185908.UTC.anon.pcap -R  
"frame.number == {N}"

where {N} is the number of the packet; if all the packets have the  
problem, use 1 as {N}, i.e.

	tshark -V -x -r eq-chic.dirB.20080319-185908.UTC.anon.pcap -R  
"frame.number == 1"

to just get the first packet.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.