Wireshark-users: [Wireshark-users] How to skip unrecognizable packets when processing pcap files

From: Ye Deng <yedeng0@xxxxxxxxx>
Date: Sun, 18 Sep 2011 23:45:12 -0400
Hello all,

I have a serious issue when using "mergecap" and "editcap" tools for my project.
e.g. If I try to merge many pcap files captured at my home, I sometimes got errors saying, "mergecap: Error reading my_pcap_file12: File contains a record that's not valid (pcap: File has 16793778-byte packet, bigger than maximum of 65535)".

My question is:
Is there any existing tool (e.g. an "improved mergecap") that can skip the unrecognizable packets, and process the resting valid packets?

After I did some researches online, I found it may be caused by file transfers using HTTP/FTP in some text mode.
Please search "corrupt" on this webpage below.
http://www.winpcap.org/ntar/draft/PCAP-DumpFileFormat.html
Therefore, I think the pcap-next-generation-dump-file can deal with this issue.
But I tried it in Wireshark, and got an assertion failure, which shows that it is still unfinished...

Would someone answer my question?
I will appreciate a lot if someone helps me for this.

Regards,
Deng