Here is one of the files that loads and tells me the file is corrupt.
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Joseph
Laibach
Sent: Friday, May 14, 2010 3:32 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] The capture file appears to be damaged
or
corrupt. (pcap: Files has 109736-byte packet, bigger than maximum of
65535)
So I made the changes and once the network traffic starts picking up I
get corrupted files again. Traffic is about 60MBit/sec.
Here is the command I'm running now:
C:\"Program Files"\Wireshark\dumpcap.exe -i
\Device\NPF_{21741AFC-E45E-46A6-9740-9E233E4FF91D} -w
d:\SFTI_capture -b
files:20000 -b filesize:8192 -B 256
Thanks again
Joe
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Joseph
Laibach
Sent: Friday, May 14, 2010 11:47 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] The capture file appears to be damaged
or
corrupt. (pcap: Files has 109736-byte packet, bigger than maximum of
65535)
Thanks for catching it. I should be using the -b filesize:8192 instead.
I'll make the changes and see what happens.
Thanks
Joe
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Friday, May 14, 2010 11:36 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] The capture file appears to be damaged
or
corrupt. (pcap: Files has 109736-byte packet, bigger than maximum of
65535)
Hmmm... reading back all the mails I see that you use:
dumpcap ... -b files:10000 -a filesize:8192 ...
Why are you mixing -b and -a options? "-a" options are for automatic
finishing the capturing and "-b" options are for creating a ringbuffer.
Which of the two were you planning to use?
If sticking to one of these two options does not solve the issue, are
you
able to share a file that is giving the error?
Cheers,
Sake
On 14 mei 2010, at 17:11, Joseph Laibach wrote:
I open the file on the host that is was captured on, or I copy it via
a
Windows file share. Either way it gives me the same error. I'm
capturing
stock Market multicast data, if that matters. The traffic is very
bursty
and the data rate is around 200mb/sec. I switched from a Broadcom NIC
to
Intel NIC to see if that would help but no luck on that change either.
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Sake Blok
Sent: Friday, May 14, 2010 10:49 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] The capture file appears to be damaged
or
corrupt. (pcap: Files has 109736-byte packet, bigger than maximum of
65535)
Did you open the file on the host on which it was captured? Or did you
transfer the file from the capturing host to the host on which you try
to read it? The error message that you get usually appears after the
file has been transferred to another host with FTP in ASCII mode
instead
of BINARY mode.
(FYI dumpcap writes libpcap based files which can not contain packets
larger than 65535 bytes, so the file is most probably corrupted
somehow)
Cheers,
Sake
On 14 mei 2010, at 16:36, Joseph Laibach wrote:
Is there a way to remove the 65535 maximum from the reading of a
capture?
Thanks
Joe
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Joseph
Laibach
Sent: Tuesday, May 11, 2010 11:36 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] The capture file appears to be damaged
or corrupt. (pcap: Files has 109736-byte packet, bigger than maximum
of
65535)
I'm running version 1.2.7 64bit.
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx
[mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap
Keuter
Sent: Tuesday, May 11, 2010 11:29 AM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] The capture file appears to be damaged
or corrupt. (pcap: Files has 109736-byte packet, bigger than maximum
of
65535)
But what release of Wireshark are you using?
Thanks,
Jaap
Send from my iPhone
On 11 mei 2010, at 16:37, Joseph Laibach <jlaibach@xxxxxxxxxxxxx>
wrote:
I am having an issue with some of the capture files. Some captures
files spit back an error that the capture file appears to be damaged
or corrupt. The capture is running on a Windows 2003 Sever R2 64bit,
with 2 gigs of memory and a Inetl Xeon 2.33ghz processor.
I am capturing with dumpcap. The syntax I am using is as follows: C:
\"Program Files"\Wireshark\dumpcap.exe -i \Device\NPF_
{ECC9D35A-826A-4A4F-B634-656EAD4EC7C9} -w d:\SFTI_capture -b files:
10000 -a filesize:8192 -B 128 -s 10000000
I added the -s 10000000 to try and fix the large byte packet issue b
ut that hasn't worked.
Anyone have any suggestions on how to eliminated the corruption of
capture files?
Thanks
Joe Laibach
This communication is for informational purposes only. It is not
intended as an offer or solicitation or as an official
confirmation. Market prices and other information are not
guaranteed as to completeness or accuracy and are subject to change
without notice. Schonfeld Group reserves the right to monitor and
review the content of all messages sent to or from this e-mail
address.
___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
This communication is for informational purposes only. It is not
intended as an offer or solicitation or as an official confirmation.
Market prices and other information are not guaranteed as to
completeness or accuracy and are subject to change without notice.
Schonfeld Group reserves the right to monitor and review the content
of
all messages sent to or from this e-mail address.
___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
This communication is for informational purposes only. It is not
intended as an offer or solicitation or as an official confirmation.
Market prices and other information are not guaranteed as to
completeness or accuracy and are subject to change without notice.
Schonfeld Group reserves the right to monitor and review the content
of
all messages sent to or from this e-mail address.
___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
This communication is for informational purposes only. It is not
intended as an offer or solicitation or as an official confirmation.
Market prices and other information are not guaranteed as to
completeness or accuracy and are subject to change without notice.
Schonfeld Group reserves the right to monitor and review the content
of
all messages sent to or from this e-mail address.
___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
This communication is for informational purposes only. It is not
intended as an offer or solicitation or as an official confirmation.
Market prices and other information are not guaranteed as to
completeness
or accuracy and are subject to change without notice. Schonfeld Group
reserves the right to monitor and review the content of all messages
sent
to or from this e-mail address.
___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
This communication is for informational purposes only. It is not
intended as an offer or solicitation or as an official confirmation.
Market prices and other information are not guaranteed as to
completeness
or accuracy and are subject to change without notice. Schonfeld Group
reserves the right to monitor and review the content of all messages
sent
to or from this e-mail address.
___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
This communication is for informational purposes only. It is not
intended as an offer or solicitation or as an official confirmation.
Market prices and other information are not guaranteed as to
completeness
or accuracy and are subject to change without notice. Schonfeld Group
reserves the right to monitor and review the content of all messages
sent
to or from this e-mail address.
<SFTI_capture_09969_20100517094319>___________________________________________________________________________
Sent via: Wireshark-users mailing list
<wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe