"snaplen of 0" when reading pcap-ng data

[Andrew Daviel <advax () triumf ca>]

I just built libpcap-1.2.1 and tcpdump-4.2.1 on Centos 6.2.


If I read a pcap-ng capture file from the Hone project, or one written by 
Wireshark 1.7.2 on XP with the default filter, I get a message "snaplen 
of 0 rejects all packets" and tcpdump displays no  packets.

If I capture data with Wireshark with a maximum packet length of 65535, 
or shorter, and save it as pcapng, I can read it in tcpdump.

I can't capture data from Hone, even with -s (tcpdump -r /dev/hone -s 500)
and I can't build a Wireshark that supports pcapng on RHEL 6 (glib in 
latest release is too old)

Is there a way around this problem ?


--
Andrew Daviel, TRIUMF, Canada
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.