Re: pcap file format documentation

["Don Morrison" <donmorrison () gmail com>]

The files are at work, so I'll have to reply in the morning. -Don

On 3/20/06, Jefferson Ogata <Jefferson.Ogata () noaa gov> wrote:
> On 03/20/2006 02:01 AM, Don Morrison wrote:
> [top posting fixed again]
> > On 3/19/06, Jefferson Ogata <Jefferson.Ogata () noaa gov> wrote:
> > > The trivial way to fix a truncated pcap file:
> > >
> > > tcpdump -r broken.pcap -w clean.pcap
> >
> > I tried this method, but it hangs tcpdump.
>
> That would be a bug in tcpdump. Why don't you send an example pcap file
> along that does this (or post it to a web or FTP site and send a URL),
> and state what version of tcpdump you are using.
>
> You did run tcpdump with no options other than -r and -w, right?
>
> --
> Jefferson Ogata <Jefferson.Ogata () noaa gov>
> NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov>
> "Never try to retrieve anything from a bear."--National Park Service
> -
> This is the tcpdump-workers list.
> Visit https://lists.sandelman.ca/ to unsubscribe.
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.