Bug ID |
12586
|
Summary |
Error reading an externally generated CAP
|
Product |
Wireshark
|
Version |
2.0.4
|
Hardware |
x86-64
|
OS |
Windows 10
|
Status |
UNCONFIRMED
|
Severity |
Major
|
Priority |
Low
|
Component |
Capture file support (libwiretap)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Created attachment 14704 [details]
A capture file generated externally
Build Information:
Wireshark 2.0.4 (v2.0.4-0-gdd7746e from master-2.0)
Copyright 1998-2016 Gerald Combs <[email protected]> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with
GLib 2.42.0, with SMI 0.4.8, with c-ares 1.11.0, with Lua 5.2, with GnuTLS
3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia,
with AirPcap.
Running on 64-bit Windows 10, build 10586, with locale C, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap.
Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz (with SSE4.2), with 1370MB of
physical memory.
Built using Microsoft Visual C++ 12.0 build 40629
--
The attached file is generated from an external tool.
Most of the time, this is read correctly from Wireshark. Sometimes wireshark
2.0.4 show this dialog:
----
The capture file appears to be damaged or corrupt.
(pcap: File has 8323072-byte packet, bigger than maximum of 262144)
----
If I open the *same* file under 1.12.8, the file works perfectly.
* Important note:
Some of the CAP packet headers are generated with an "incl_len" greater than
"orig_len". The tool who generated the file use the extra space to store
information that are not part of the network traffic (and that will NOT be
shown by wireshark).
According to the CAP specification this should not cause problems at all.
* Important note2:
In order to verify the tool is not doing something wrong, I printed the hex
file on paper and verified by hand every single CAP header length and they are
correct.
You are receiving this mail because:
- You are watching all bug changes.