Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Unable to open OpenVMS tcptrace

From: Bill Meier <wmeier@xxxxxxxxxxx>
Date: Thu, 11 Oct 2007 18:28:58 -0400
Abhik Sarkar wrote:

For a few versions now (since 0.99.5), I have been unable to open OpenVMS tcptrace files using Wireshark. A sample file is attached. In some cases, the File Open dialog preview shows is as an invalid Endance ERF file, sometimes an invalid Lucent/Ascend format and so on.

I guess it is because the heuristics of one wiretap file format reader is better than the others in case of plain text files. Is there some way this can be improved or it there something wrong with the capture itself?


I've tightened the heuristic used to identify Lucent/Ascend capture files so that now your example capture is no longer identified as a Lucent/Ascend file but is correctly identified as a VMS TCPIPTRACE capture file.

The fix will be available once 0.99.7 is released (or you can obtain or build a Wireshark development version: SVN #23152 or newer).

If you have examples of other VMS TCPIPTRACE files which are mis-identified (eg: as an ERF file), please let us know. (Note that the code to process capture ERF files has very recently been changed so it's possible that the situation has already improved in this case).

[For future reference: please use the Wireshark bugzilla (bugs.wireshark.org) to report problems and provide example capture files].

Thanks

Bill