tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pcap file format documentation

From: "Don Morrison" <donmorrison () gmail com>
Date: Fri, 24 Mar 2006 20:01:21 -0800
Offhand I'd say this has nothing to do with truncation, since the
truncated packet shouldn't be included in the clean pcap file. My guess
would be that you've found a bug in one of ethereal's protocol dissectors.


Relax guys :) I'll send you the answer when I have time to fix it,
jeez. ;) I only had like 30 minutes to look at the problem today.

The reason why I suspect truncation is the following.  When I use
tethereal in my script, it cannot both output the text summary lines
and write to file at the same time.  Instead of hacking my own version
of tethereal, I did (not showing all options here:) tethereal -i eth0
-w - | tee filename | tethereal -i -

I think when this pipeline gets torn down, sometimes, a partial packet
is written.

Could it instead be a crashing dissector? Sure could be...I will then
poke a stick at the hornet's nest that is the Ethereal mailing list.
;)
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: