[Guy Harris <gharris@xxxxxxxxx>]

On Tue, Sep 04, 2001 at 01:34:06PM -0700, Guy Harris wrote:
> Well, that's bizarre.  I can reproduce that problem; I'll have to see
> what the cause is.

The cause is Tethereal failing to close the capture file to which it's
writing when it's done.

For capture file formats such as libpcap, which can be and are written
purely sequentially, this isn't a problem, as the Wiretap library
doesn't have to do anything when you close the capture file, and the
standard I/O stream for the capture file gets closed automatically when
Tethereal exits, so all the buffered data gets written to the file.

However, for formats such as NetXRay/Windows Sniffer and Network
Monitor, it means that the full capture file header isn't written (it
can't be written, for those capture file formats, until all packets have
been written to the file), so the resulting capture file probably won't
be readable.

This is not an issue if you're capturing without the "-c" flag, as the
only way to stop the capture is to interrupt it with a signal, and the
signal handler was closing the capture file, but if you capture with the
"-c" flag, so that the capture stops because you've written the
specified number of packets, or if you're reading from one capture file
and writing to another.

It's also not an issue if you write in the default capture file format,
which is libpcap.

So captures with "-c", or read-one-file-and-write-another runs, when
writing in formats such as NetXRay/Windows Sniffer or Network Monitor
format, weren't working.

I've checked in a fix.