Hello all,
I have a serious issue when using "mergecap" and "editcap" tools for my project.
e.g. If I try to merge many pcap files captured at my home, I sometimes got errors saying, "mergecap: Error reading my_pcap_file12: File contains a record that's not valid (pcap: File has 16793778-byte packet, bigger than maximum of 65535)".
My question is:
Is there any existing tool (e.g. an "improved mergecap") that can skip the unrecognizable packets, and process the resting valid packets?
After I did some researches online, I found it may be caused by file transfers using HTTP/FTP in some text mode.
Please search "corrupt" on this webpage below.
Therefore, I think the pcap-next-generation-dump-file can deal with this issue.
But I tried it in Wireshark, and got an assertion failure, which shows that it is still unfinished...
Would someone answer my question?
I will appreciate a lot if someone helps me for this.
Regards,
Deng