Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Portability issue of capture files.

From: Andreas Fink <andreas@xxxxxxxx>
Date: Thu, 7 Sep 2006 01:48:42 +0200
I recently compiled wireshark under MacOS X 10.4.7 on a intel machine. This time I succeeded even with GTK+2 after fiddling with a lot of options.
I'm preparing an installer for it for users without "fink" or "darwin ports".

But while using it, I find out a strange behaviour.

I'm capturing data on a linux machine (fedora5) with tcpdump -s0 -wdumpfile.cap. Transfer the file to the mac and try to open it with wireshark. I get weird errors saying it couldnt open it because packet size is bigger than 65k or something like that. Same is if I capture with ethereal on that linux box and transfer the file to the mac. I can capture on the mac fine with tcpdump and read it on the mac with wireshark but whatever comes from that linux machine is not working.

Is this a endian problem maybe? I never had this issue with previous versions of wireshark.
I built 0.99.3a.


Andreas Fink
Fink Consulting GmbH
---------------------------------------------------------------
Tel: +41-61-6666332 Fax: +41-61-6666331  Mobile: +41-79-2457333
Address: Clarastrasse 3, 4058 Basel, Switzerland
---------------------------------------------------------------
ICQ: 8239353
MSN: afink@xxxxxxxxxxxxxxxxxx AIM: smsrelay Skype: andreasfink
Yahoo: finkconsulting SMS: +41792457333