tcpdump mailing list archives
"snaplen of 0" when reading pcap-ng data
From: Andrew Daviel <advax () triumf ca>
Date: Wed, 25 Apr 2012 17:12:22 -0700 (PDT)
I just built libpcap-1.2.1 and tcpdump-4.2.1 on Centos 6.2.If I read a pcap-ng capture file from the Hone project, or one written by Wireshark 1.7.2 on XP with the default filter, I get a message "snaplen of 0 rejects all packets" and tcpdump displays no packets.
If I capture data with Wireshark with a maximum packet length of 65535, or shorter, and save it as pcapng, I can read it in tcpdump.
I can't capture data from Hone, even with -s (tcpdump -r /dev/hone -s 500)and I can't build a Wireshark that supports pcapng on RHEL 6 (glib in latest release is too old)
Is there a way around this problem ? -- Andrew Daviel, TRIUMF, Canada - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- "snaplen of 0" when reading pcap-ng data Andrew Daviel (Apr 25)
- Re: "snaplen of 0" when reading pcap-ng data Guy Harris (Apr 26)