Re: Sample Captures from wireshark repository

[Guy Harris <guy () alum mit edu>]

On Feb 16, 2012, at 8:16 PM, vijay wrote:

> I downloaded some captures from the Sample Captures page tried reading it in wireshark through a pipe.
> I reported "invalid libpcap format" error.

I don't see "invalid libpcap format" anywhere in the Wireshark 1.6.x source; that is probably *NOT* the exact error it 
gave.  If you mean "Unrecognized libpcap format", that's an error that means the capture file is *NOT* a libpcap 
capture; the *ONLY* files you can capture through a pipe are pcap files.

Are they, in fact, libpcap captures?

> But when i directly open the file using wireshark it reads fine. I dont 
> understand why this happen?

Wireshark can read a number of capture file formats other than pcap format; the other formats can only be read, not 
captured through a pipe.

> Isnt the file having the global header?

My guess is that the header it has is the header for some format *other* than pcap format.

> I tried to do the same thing with my own capture file. This time it worked in both these methods. Could someone 
> pls tell me why it is?

Probably because your own capture file *is* a pcap file.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe