Ethereal-users: RE: [ethereal-users] problems with reading in NG (DOS)sniffer fil es

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Eichert, Diana" <deicher@xxxxxxxxxx>
Date: Mon, 7 Feb 2000 19:33:23 -0700
Guy

        The capture was done with tethereal.  I will generate another
tethereal capture and a tcpdump capture from the same box, then try to
convert one or the other to ngsniffer format.

        Just tried it and here were the results:

enesone# ./tethereal -F ngsniffer -r /root/localsks.pcap -w
/root/localsks.enc
Message: pcap: File has 949976507-byte packet, bigger than maximum of 65535
tethereal: The capture file appears to be damaged or corrupt.
enesone# ./tethereal -F ngsniffer -r /root/localsks.tcpdump -w
/root/localsks.enc
Message: pcap: File has 949976507-byte packet, bigger than maximum of 65535
tethereal: The capture file appears to be damaged or corrupt.
enesone#

this is what you get if you try to re-read with tethereal:

enesone# ./tethereal -V -r /root/localsks.pcap
Frame 1 (0 on wire, 0 captured)
    Arrival Time: Nov 13, 1919 03:13:40.1310
    Time delta from previous packet: 0.000000 seconds
    Frame Number: 1
    Packet Length: 0 bytes
    Capture Length: 0 bytes

Message: pcap: File has 949976507-byte packet, bigger than maximum of 65535
tethereal: The capture file appears to be damaged or corrupt.


here is some output from tcpdump -r /root/localsks.pcap:

19:22:47.831335 255.38.2.zip > 0.0.zip: at-#6 25
19:22:47.932507 255.38.2.zip > 0.0.zip: at-#6 25
19:22:48.101238 255.38.2.zip > 0.0.zip: at-#6 25
19:22:49.701335 192.168.0.177.netbios-dgm > 192.168.0.255.netbios-dgm: udp
212
19:22:50.189853 arp who-has 192.168.0.178 tell 192.168.0.100
19:22:50.492238 arp who-has 192.168.0.202 tell 192.168.0.100
19:22:50.632343 0:c0:2:a5:44:30 Broadcast 8137 60:
                         ffff 0022 0004 0000 0000 ffff ffff ffff
                         0452 0000 0000 00c0 02a5 4430 4013 0003
                         0004 0000 0000 0000 0000 0000 0000


        I'll forward the capture files if you want them.

diana

-----Original Message-----
From: Guy Harris
To: Eichert, Diana
Cc: 'ethereal-users@xxxxxxxx'
Sent: 2/7/00 5:32 PM
Subject: Re: [ethereal-users] problems with reading in NG (DOS)sniffer files

> 	I'm having problems importing files into SnifferPro saved from
> ethereal.

I.e., you did a capture in Ethereal, and then tried to save it in
Sniffer(DOS) format, and Sniffer Pro couldn't read it?

For whatever reason, it appears that the pcap-format capture file you
sent out is corrupt....