> Offhand I'd say this has nothing to do with truncation, since the
> truncated packet shouldn't be included in the clean pcap file. My guess
> would be that you've found a bug in one of ethereal's protocol dissectors.
Jefferson,
I finally got a chance to work on this. You are correct, there was
> Offhand I'd say this has nothing to do with truncation, since the
> truncated packet shouldn't be included in the clean pcap file. My guess
> would be that you've found a bug in one of ethereal's protocol dissectors.
Relax guys :) I'll send you the answer when I have time to fix it,
jeez. ;) I o
On 03/24/2006 04:35 PM, Don Morrison wrote:
The trivial way to fix a truncated pcap file:
tcpdump -r broken.pcap -w clean.pcap
>>>
>>>I tried this method, but it hangs tcpdump.
>>
>>That would be a bug in tcpdump. Why don't you send an example pcap file
>>along that does this (or post
On Mar 24, 2006, at 1:35 PM, Don Morrison wrote:
My apologies, what I said was incorrect. Running the command does not
crash tcpdump, but the outputfile ("clean.pcap") will crash Ethereal,
so while both files are clean enough for tcpdump to display and not
crash, not so for Ethereal.
That do
> >>The trivial way to fix a truncated pcap file:
> >>
> >>tcpdump -r broken.pcap -w clean.pcap
> >
> > I tried this method, but it hangs tcpdump.
>
> That would be a bug in tcpdump. Why don't you send an example pcap file
> along that does this (or post it to a web or FTP site and send a URL),
> a
Hi Jefferson,
Sorry, I have been home sick with the flu for 3 days. I will get to
this tomorrow hopefully.
Don
On 3/23/06, Jefferson Ogata <[EMAIL PROTECTED]> wrote:
> On 03/20/2006 04:18 AM, Don Morrison wrote:
> [top posting fixed YET again]
> > On 3/20/06, Jefferson Ogata <[EMAIL PROTECTED]>
On 03/20/2006 04:18 AM, Don Morrison wrote:
[top posting fixed YET again]
> On 3/20/06, Jefferson Ogata <[EMAIL PROTECTED]> wrote:
>>On 03/20/2006 02:01 AM, Don Morrison wrote:
>>[top posting fixed again]
>>>I tried this method, but it hangs tcpdump.
>>
>>That would be a bug in tcpdump. Why don't y
The files are at work, so I'll have to reply in the morning. -Don
On 3/20/06, Jefferson Ogata <[EMAIL PROTECTED]> wrote:
> On 03/20/2006 02:01 AM, Don Morrison wrote:
> [top posting fixed again]
> > On 3/19/06, Jefferson Ogata <[EMAIL PROTECTED]> wrote:
> >>
> >>The trivial way to fix a truncated
On 03/20/2006 02:01 AM, Don Morrison wrote:
[top posting fixed again]
> On 3/19/06, Jefferson Ogata <[EMAIL PROTECTED]> wrote:
>>
>>The trivial way to fix a truncated pcap file:
>>
>>tcpdump -r broken.pcap -w clean.pcap
>
> I tried this method, but it hangs tcpdump.
That would be a bug in tcpdump
Hi Jefferson,
I tried this method, but it hangs tcpdump.
Don
On 3/19/06, Jefferson Ogata <[EMAIL PROTECTED]> wrote:
> On 03/20/2006 12:12 AM, Stephen Donnelly wrote:
> [top-posted rat's nest cleaned up]
> > On Sun, 2006-03-19 at 20:43 -0800, Don Morrison wrote:
> >>Here's the problem. I'm deali
Stephen,
Thanks for the NetDude reference, I'll look into it more.
Don
On 3/19/06, Stephen Donnelly <[EMAIL PROTECTED]> wrote:
> Hi Don,
>
> That sounds quite likely. This may well be a case where you need to edit
> the file directly, and it seems unlikely that the compatibility issues I
> menti
On 03/20/2006 12:12 AM, Stephen Donnelly wrote:
[top-posted rat's nest cleaned up]
> On Sun, 2006-03-19 at 20:43 -0800, Don Morrison wrote:
>>Here's the problem. I'm dealing with corrupted pcap files, where the
>>last packet was partially written, but it's not of interest and all I
>>want to do is
Hi Don,
That sounds quite likely. This may well be a case where you need to edit
the file directly, and it seems unlikely that the compatibility issues I
mentioned would be a problem.
Alternatively have you looked to see if NetDude will do what you want?
Stephen.
On Sun, 2006-03-19 at 20:43 -08
Hi Stephen,
Here's the problem. I'm dealing with corrupted pcap files, where the
last packet was partially written, but it's not of interest and all I
want to do is truncate the last packet. My assumption is that
libpcap's API will not allow me to deal with this since programs that
are dependent
It may be worth noting (AFAIK) the libpcap file format is intended to be
opaque, with access for read/writing provided only by libpcap itself.
This allows the implementation of the file format to be changed by the
libpcap maintainers, while remaining transparent to the user.
If you write your own
Is there documentation describing the pcap file formats (other than the
libpcap source)?
>>> Check this link
http://wiki.ethereal.com/Development/LibpcapFileFormat
Thanks,
Don
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
The information contained in
Hello,
Is there documentation describing the pcap file formats (other than
the libpcap source)?
Thanks,
Don
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
17 matches
Mail list logo
