Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 2481] New: Getting "Negative length" message while capturi

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sun, 20 Apr 2008 06:19:22 -0700 (PDT)
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2481

           Summary: Getting "Negative length" message while capturing traces
           Product: Wireshark
           Version: 0.99.7
          Platform: Sun
        OS/Version: Linux
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: TShark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: bhupesh.bharti@xxxxxxxxxxx


Build Information:
TShark 0.99.7

Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GLib 2.4.7, with libpcap 0.8.3, with libz 1.2.1.2, without
libpcre, with SMI 0.4.5, without ADNS, without Lua, with GnuTLS 1.0.20, with
Gcrypt 1.2.0, with MIT Kerberos.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.

Running on Linux 2.6.9-42.ELsmp, with libpcap version 0.8.3.

Built using gcc 3.4.6 20060404 (Red Hat 3.4.6-9).

--
I was trying to capture some traces with filter IP address, I get the following
output.

15:18:47 [rkparc2:/opt/redknee]$ tshark -i bond0 -w
/tmp/10.173.67.1_parc2_bond1.trc -R ip.addr==10.173.67.1
Running as user "root" and group "root". This could be dangerous.
Capturing on bond0
Negative length
tshark: Error while capturing packets:
Please report this to the Wireshark developers.
(This is not a crash; please do not report it as such.)

164 packets dropped
15:19:17 [rkparc2:/opt/redknee]$ tshark -i bond0 -w
/tmp/10.173.67.1_parc2_bond1.trc -R "ip.addr==10.173.67.1"
Running as user "root" and group "root". This could be dangerous.
Capturing on bond0
Negative length
Negative length
Negative length


I tried the cmd line in other machine where I was expecting the same traffic.

It did capture some traffic but showing same "Negative length"

14:26:11 [rkparc3:/opt/redknee/product/s5600/parc/log]$ tshark -i bond0 -w
/tmp/10.173.67.1_parc3.trc -R "ip.addr==10.173.67.1"
Running as user "root" and group "root". This could be dangerous.
Capturing on bond0
1906 Negative length
Negative length


-- 
Configure bugmail: http://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube