Wireshark · Ethereal-dev: Re: [Ethereal-dev] Bug in compressed sniffer file decode

[Guy Harris <guy@xxxxxxxxxxxx>]

On Tuesday, September 2, 2003, at 4:03 PM, Greg Morris wrote:

> When attempting to decode a NAI Sniffer file CAZ.

".caz" files are, allegedly, just gzipped ".cap" files (or, rather, 
".cap" files compressed using gzip format; I don't know whether they're 
using gzip code).

However, if I rename that file to "snif6.cap.gz", and try to gunzip it, 
I get

	gunzip: snif6.cap.gz: invalid compressed data--crc error

so either

	1) the file got corrupted somehow

or

	2) ".caz" files aren't just gzipped ".cap" files

or

	3) there's a problem both with the gunzip on my machine and with the 
zlib on my machine.

If 1) is the case, I'm not sure what can be done.

If 2) is the case, we'd need to figure out how ".caz" files differ from 
gzipped files before we could do anything.

If 3) is the case, we'd need to get zlib fixed, or use our own 
uncompression code (which we will probably want to do eventually 
anyway, so that we can support fast random access to gzipped files).