Prashanth wrote:
I am using wireshark to read in a .trc file that was generated from a
fileserver (netapp) that generated dump in trc format for analysis.
"trc format" is just libpcap format.
In some instance i see the following:
pvenkatg@comet:~/work % /local/wireshark/bin/tshark -r vif1.trc -z
'ip_hosts,tree' -q
tshark: "vif1.trc" appears to have been cut short in the middle of a packet.
Did you stop the trace on the filer before reading the file? If not,
that isn't guaranteed to work - there might be data in memory on the
file that hasn't yet been written out to the file. That could cause
this problem.
I have not copied the trc file from one OS to another. Is there a way i
can have wireshark ignore such packets when it reads the trc file?
That message is printed for the last packet in the file;
Wireshark/TShark already ignores it when it sees that problem. It
doesn't ignore it *silently*, because it's not supposed to.