Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The capture file appears to be damaged or corrupt. (pcap: Files has 109736-byte packet, bigger than maximum of 65535)

From: Sake Blok <sake () euronet nl>
Date: Fri, 14 May 2010 16:48:52 +0200
Did you open the file on the host on which it was captured? Or did you transfer the file from the capturing host to the 
host on which you try to read it? The error message that you get usually appears after the file has been transferred to 
another host with FTP in ASCII mode instead of BINARY mode.

(FYI dumpcap writes libpcap based files which can not contain packets larger than 65535 bytes, so the file is most 
probably corrupted somehow)

Cheers,
Sake

On 14 mei 2010, at 16:36, Joseph Laibach wrote:


Is there a way to remove the 65535 maximum from the reading of a capture?

Thanks

Joe

-----Original Message-----
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Joseph 
Laibach
Sent: Tuesday, May 11, 2010 11:36 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] The capture file appears to be damaged or corrupt. (pcap: Files has 109736-byte 
packet, bigger than maximum of 65535)

I'm running version 1.2.7 64bit.

-----Original Message-----
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Jaap 
Keuter
Sent: Tuesday, May 11, 2010 11:29 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] The capture file appears to be damaged or corrupt. (pcap: Files has 109736-byte 
packet, bigger than maximum of 65535)

But what release of Wireshark are you using?

Thanks,
Jaap

Send from my iPhone

On 11 mei 2010, at 16:37, Joseph Laibach <jlaibach () schonfeld com> wrote:


I am having an issue with some of the capture files. Some captures
files spit back an error that the capture file appears to be damaged
or corrupt. The capture is running on a Windows 2003 Sever R2 64bit,
with 2 gigs of memory and a Inetl Xeon 2.33ghz processor.



I am capturing with dumpcap. The syntax I am using is as follows: C:
\"Program Files"\Wireshark\dumpcap.exe -i \Device\NPF_
{ECC9D35A-826A-4A4F-B634-656EAD4EC7C9} -w d:\SFTI_capture -b files:
10000 -a filesize:8192 -B 128 -s 10000000



I added the –s 10000000 to try and fix the large byte packet issue b
ut that hasn’t worked.



Anyone have any suggestions on how to eliminated the corruption of
capture files?



Thanks



Joe Laibach




This communication is for informational purposes only.  It is not
intended as an offer or solicitation or as an official
confirmation.  Market prices and other information are not
guaranteed as to completeness or accuracy and are subject to change
without notice.  Schonfeld Group reserves the right to monitor and
review the content of all messages sent to or from this e-mail
address.
___________________________________________________________________________




Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org



Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
           mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe



This communication is for informational purposes only.  It is not intended as an offer or solicitation or as an 
official confirmation.  Market prices and other information are not guaranteed as to completeness or accuracy and are 
subject to change without notice.  Schonfeld Group reserves the right to monitor and review the content of all 
messages sent to or from this e-mail address.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe



This communication is for informational purposes only.  It is not intended as an offer or solicitation or as an 
official confirmation.  Market prices and other information are not guaranteed as to completeness or accuracy and are 
subject to change without notice.  Schonfeld Group reserves the right to monitor and review the content of all 
messages sent to or from this e-mail address.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: