Wireshark mailing list archives
Re: Pcap file isn't a capture file in a format TShark understands
From: kahou lei <kahou82 () gmail com>
Date: Mon, 25 Jan 2010 10:19:17 -0800
This file is captured by another machine.
How was the file captured on that machine? What software was used?
The captured file is generated by our company software. Basically it is captured by out networking equipments and then it will be saved via our company software (by writing libpcap format and the binary to the file). It has been working fine.
I try to use tshark and wireshark with this file on another machine which is not the captured one and it works.
Are you saying that on one machine, TShark and Wireshark can read the "udp.pcap" file, but, on another machine, TShark and Wireshark cannot read the *same* "udp.pcap" file? If so, what versions of TShark and Wireshark are running on those two machines, and, if you run the command "capinfos udp.pcap" on the machine where TShark and Wireshark *can* read the file, what does it print?
Yes, same udp.pcap file can't read on one linux machine but can read on another linux machine.
Here is the information of the one that "cannot" read udp.pcap:
[thot@tchui1-rhel3 tshark]$ ./tshark -v TShark 0.99.7 Copyright 1998-2007 Gerald Combs <gerald () wireshark org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GLib 2.2.3, with libpcap 0.7.2, with libz 1.1.4, without libpcre, with SMI 0.4.5, without ADNS, without Lua, without GnuTLS, without Gcrypt, with MIT Kerberos. NOTE: this build doesn't support the "matches" operator for Wireshark filter syntax. Running on Linux 2.4.21-32.ELsmp, with libpcap (version unknown). Built using gcc 3.2.3 20030502 (ASPLinux 3.2.3-59asp).
Here is the information of the one that "can" read udp.pcap
[thot@REGRES-EL3 thot]$ tshark -v TShark 0.99.7 Copyright 1998-2007 Gerald Combs <gerald () wireshark org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GLib 2.2.3, with libpcap 0.7.2, with libz 1.1.4, without libpcre, with SMI 0.4.5, without ADNS, without Lua, without GnuTLS, without Gcrypt, with MIT Kerberos. NOTE: this build doesn't support the "matches" operator for Wireshark filter syntax. Running on Linux 2.4.21-40.ELsmp, with libpcap (version unknown). Built using gcc 3.2.3 20030502 (ASPLinux 3.2.3-59asp). [thot@REGRES-EL3 tshark]$ capinfos udp.pcap File name: udp.pcap File type: Wireshark - nanosecond libpcap File encapsulation: Ethernet Number of packets: 1 File size: 168 bytes Data size: 128 bytes Capture duration: 0.000000 seconds Start time: Thu Dec 17 18:35:35 2009 End time: Thu Dec 17 18:35:35 2009 Data rate: inf bytes/s Data rate: inf bits/s Average packet size: 128.00 bytes Thanks, Kahou
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Pcap file isn't a capture file in a format TShark understands kahou lei (Jan 23)
- Re: Pcap file isn't a capture file in a format TShark understands Guy Harris (Jan 23)
- <Possible follow-ups>
- Re: Pcap file isn't a capture file in a format TShark understands kahou lei (Jan 26)
- Re: Pcap file isn't a capture file in a format TShark understands Guy Harris (Jan 26)