Wireshark mailing list archives
Re: Packet Size limited during capture message
From: Brian Oleksa <oleksab () darkcornersoftware com>
Date: Tue, 23 Mar 2010 23:15:50 -0400
Bill Ok...so I found out that it crashes on frame 17641. It only took a couple of minuets to find it. But now what do I do with this info..?? Thanks, Brian Bill Meier wrote:
Brian Oleksa wrote:Bill Can you collaborate on this a little more..?? Do I want to pass in my .pcap file as the <infile> to which I am having problems with..?? And I am assuming that you want me to pass in the "ballpark" number (or a range) to where I think the crash occurs. I can load about 70% of the file...which is right around frame # 16813..... For example: C:\wireshark\editcap test.pcap -r 16813-20000 is this what you do..?? Thanks, BrianYes: Of course you also need to specify an <outfile> editcap -r in.pcap out.pcap 16800-20000 tshark -nVxr out.pcap >foo.txt (crash) editcap -r in.pcap out.pcap 18000-20000 tshark -nVxr out.pcap >foo.txt (no crash: ... so: bad frame(s) must be between 16800-17999 editcap -r in.pcap out.pcap 16800-17000 ... The process is a bit tedious and not necessarily worth the effort. Also: sometimes multiple frames are needed. Just using a debugger on the original file and seeing where the crash occurs may be all that is needed. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Packet Size limited during capture message, (continued)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 24)
- Re: Packet Size limited during capture message Martin Visser (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Guy Harris (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Guy Harris (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Bill Meier (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Bill Meier (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Bill Meier (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 24)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 24)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 25)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 25)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 25)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Jakub Zawadzki (Mar 25)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 25)
- Inner workings of libpcap Rayne (Mar 26)