tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pcap files with file header snaplen < packet

From: Jefferson Ogata <Jefferson.Ogata () noaa gov>
Date: Fri, 01 Dec 2006 06:17:36 +0000
On 2006-12-01 01:28, Guy Harris wrote:

On Nov 30, 2006, at 1:08 PM, Aaron Turner wrote:

Unfortunately, I don't know where or how these pcap files were
generated, so I don't know what's causing this to happen or how
widespread it is.  Could this of been a bug in earlier versions of
libpcap??


I don't know - it might have come from some vendor-"improved" version of
libpcap, or the bug might have been in the underlying packet capture
mechanism that libpcap used on whatever platform the packet was
captured, or it might have been written by something other than libpcap.


Is it possible they were the result of combining multiple pcaps via
something like mergecap?

-- 
Jefferson Ogata <Jefferson.Ogata () noaa gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov>
"Never try to retrieve anything from a bear."--National Park Service
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: