Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] captured file can not be understood by Tshark

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 02 Jan 2007 23:52:08 -0800

joyce wrote:

Thanks for your reply. What the "libpcap-format file header" looks like?
It looks like the first 24 bytes of a pcap-version file that your system generates and that Wireshark *can* read. To undo the damage your system did, if you have another log file from that system, you could copy the first 24 bytes from that file and combine it with one of the damaged files, e.g., on UN*X systems (and perhaps on Windows with Cygwin) you could do 

   (dd if=good_log_file bs=24 count=1; cat bad_log_file) >fixed_log_file
Who made the system that's generating those damaged log files? You should file a bug report with them.
  • Follow-Ups:
    • Re: [Wireshark-users] captured file can not be understood by Tshark
      • From: joyce
  • References:
    • Re: [Wireshark-users] captured file can not be understood by Tshark
      • From: joyce
  • Prev by Date: Re: [Wireshark-users] captured file can not be understood by Tshark
  • Next by Date: Re: [Wireshark-users] captured file can not be understood by Tshark
  • Previous by thread: Re: [Wireshark-users] captured file can not be understood by Tshark
  • Next by thread: Re: [Wireshark-users] captured file can not be understood by Tshark
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation