Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] captured file can not be understood by Tshark
From: "joyce" <joyce.xie@xxxxxxxxxxxxxxxxxx>
Date: Wed, 3 Jan 2007 16:17:53 +0800
Hi Guy, It works fine! Yes, I think the problem is due to a bug of the system. Thanks a lot! Cheers! Joyce -----Original Message----- From: Guy Harris [mailto:guy@xxxxxxxxxxxx] Sent: Wednesday, January 03, 2007 3:52 PM To: joyce Cc: 'Community support list for Wireshark' Subject: Re: [Wireshark-users] captured file can not be understood by Tshark joyce wrote: > Thanks for your reply. What the "libpcap-format file header" looks like? > It looks like the first 24 bytes of a pcap-version file that your system generates and that Wireshark *can* read. To undo the damage your system did, if you have another log file from that system, you could copy the first 24 bytes from that file and combine it with one of the damaged files, e.g., on UN*X systems (and perhaps on Windows with Cygwin) you could do (dd if=good_log_file bs=24 count=1; cat bad_log_file) >fixed_log_file Who made the system that's generating those damaged log files? You should file a bug report with them.
- References:
- Re: [Wireshark-users] captured file can not be understood by Tshark
- From: Guy Harris
- Re: [Wireshark-users] captured file can not be understood by Tshark
- Prev by Date: Re: [Wireshark-users] captured file can not be understood by Tshark
- Next by Date: [Wireshark-users] Labelling unique IP:Port with a name?
- Previous by thread: Re: [Wireshark-users] captured file can not be understood by Tshark
- Next by thread: Re: [Wireshark-users] I see no captured packets at all
- Index(es):