Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sample Captures from wireshark repository

From: vijay <vijay.prasanth () gmail com>
Date: Fri, 17 Feb 2012 00:07:40 -0600
Thanks for the response. Yeah i got it wrong, it was  "Unrecognized libpcap
format" . The file I downloaded has .cap extension which I believe is not
pcap format. And since i am capturing in pcap format (not pcapng) it is
working fine with pipes.

Thanks again.

On Thu, Feb 16, 2012 at 11:29 PM, Guy Harris <guy () alum mit edu> wrote:



On Feb 16, 2012, at 8:16 PM, vijay wrote:


I downloaded some captures from the Sample Captures page tried reading

it in wireshark through a pipe.

I reported "invalid libpcap format" error.


I don't see "invalid libpcap format" anywhere in the Wireshark 1.6.x
source; that is probably *NOT* the exact error it gave.  If you mean
"Unrecognized libpcap format", that's an error that means the capture file
is *NOT* a libpcap capture; the *ONLY* files you can capture through a pipe
are pcap files.

Are they, in fact, libpcap captures?


But when i directly open the file using wireshark it reads fine. I dont
understand why this happen?


Wireshark can read a number of capture file formats other than pcap
format; the other formats can only be read, not captured through a pipe.


Isnt the file having the global header?


My guess is that the header it has is the header for some format *other*
than pcap format.


I tried to do the same thing with my own capture file. This time it

worked in both these methods. Could someone

pls tell me why it is?


Probably because your own capture file *is* a pcap file.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
            mailto:wireshark-dev-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: