[Joe Marcus Clarke <marcus@xxxxxxxxxxxxx>]

I'm spawning tethereal-0.10.3 in Java on Windows 2000 SP4.  I'm reading
bytes from stdout, and writing them to a file.  The resulting capture
file is corrupt.  It either claims to have been truncated in mid-packet,
or it claims that one packet far exceeds the max capture size of 65535.

I thought this must have something to do with my Java code (even though
it works fine on Solaris and FreeBSD).  So I took the same command line,
and did a simple redirect to a file:

tethereal -s 65535 -w - > outfile

The resulting outfile has the same problem.  Again, this command works
fine on Solaris and FreeBSD (and I assume all flavors of UNIX).  I've
tried both WinPcap 2.3 and 3.0, and both exhibit the same behavior.  If
needed, I can produce one of the bad capture files.  However, I think
this is pretty reproduceable as it's now happened on two different
Windows 2000 machines.

I searched the archives, but didn't find anything relating to this. 
Ideally, what I'd like to be able to do is use -w <filename>, but
Process.destroy() (in Java) calls TerminateProcess() on Windows, and
this doesn't give tethereal a chance to flush its output buffer.  If
tethereal flushed after each packet that might do it, but it only seems
to do that if the output file is stdout.  Any advice would be greatly
appreciated.  Thanks.

Joe

-- 
PGP Key : http://www.marcuscom.com/pgp.asc

Attachment: signature.asc
Description: This is a digitally signed message part