On Feb 16, 2012, at 8:16 PM, vijay wrote:
> I downloaded some captures from the Sample Captures page tried reading it in wireshark through a pipe.
> I reported "invalid libpcap format" error.
I don't see "invalid libpcap format" anywhere in the Wireshark 1.6.x source; that is probably *NOT* the exact error it gave. If you mean "Unrecognized libpcap format", that's an error that means the capture file is *NOT* a libpcap capture; the *ONLY* files you can capture through a pipe are pcap files.
Are they, in fact, libpcap captures?
> But when i directly open the file using wireshark it reads fine. I dont
> understand why this happen?
Wireshark can read a number of capture file formats other than pcap format; the other formats can only be read, not captured through a pipe.
> Isnt the file having the global header?
My guess is that the header it has is the header for some format *other* than pcap format.
> I tried to do the same thing with my own capture file. This time it worked in both these methods. Could someone
> pls tell me why it is?
Probably because your own capture file *is* a pcap file.