Wireshark · Wireshark-users: Re: [Wireshark-users] captured file can not be understood by Tshark

Wireshark-users: Re: [Wireshark-users] captured file can not be understood by Tshark

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 02 Jan 2007 23:52:08 -0800

joyce wrote:

Thanks for your reply. What the "libpcap-format file header" looks like?

It looks like the first 24 bytes of a pcap-version file that your systemgenerates and that Wireshark *can* read. To undo the damage your systemdid, if you have another log file from that system, you could copy thefirst 24 bytes from that file and combine it with one of the damagedfiles, e.g., on UN*X systems (and perhaps on Windows with Cygwin) youcould do


   (dd if=good_log_file bs=24 count=1; cat bad_log_file) >fixed_log_file

Who made the system that's generating those damaged log files? Youshould file a bug report with them.

Follow-Ups:
- Re: [Wireshark-users] captured file can not be understood by Tshark
  - From: joyce

References:
- Re: [Wireshark-users] captured file can not be understood by Tshark
  - From: joyce

Prev by Date: Re: [Wireshark-users] captured file can not be understood by Tshark
Next by Date: Re: [Wireshark-users] captured file can not be understood by Tshark
Previous by thread: Re: [Wireshark-users] captured file can not be understood by Tshark
Next by thread: Re: [Wireshark-users] captured file can not be understood by Tshark
Index(es):
- Date
- Thread