Hello All,
I have met the problem as below:
tshark: The file
"Monitor.pcap.1.00009" isn't a capture file in a format TShark
understands.
My system will generate monitor log file
in both ASCII(Monitor.log.1.zip) and pcap version(Monitor.pcap.1.00009) as
attached. Because the ASCII version log does suitable for extracting
information, I use tshark to decode the pcap version file and so far works
fine. However my system met a reboot a few days ago, and today the monitor
restart again and write to the log file from the point it stopped last time. later
I got the error when decoding this file. I suspect it’s caused by the
system reboot during the process of log writing, however I don’t know what
is missing in the log file that tshark can not recognize the format. Wireshark
give me the same error.
As I can not decode the pcap version file,
I can only trying to find clue from the ASCII file. The reboot happened in 12-29-2006,
below lines separate the log content before and after the reboot.:
================================================================
FILE
Status: Open
Time: 12-29-2006 06:35:46
File: /opt/ulticom/Logs/Monitor.log.1.00009
Hope can have some idea.
Thanks!
Joyce
|
Attachment:
Monitor.pcap.1.00009
Description: Binary data
Attachment:
Monitor.log.1.zip
Description: Binary data