Wireshark · Ethereal-dev: Re: [Ethereal-dev] Bug in compressed sniffer file decode

Ethereal-dev: Re: [Ethereal-dev] Bug in compressed sniffer file decode

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 3 Sep 2003 17:41:58 -0700


On Wednesday, September 3, 2003, at 5:32 PM, Guy Harris wrote:

Or perhaps:

	1) they're not putting in valid CRCs;

	2) they don't check the CRCs;

	3) neither does WinZip;

	4) gunzip, zlib, and Stuffit Expander do, however.


If I do

	gzcat Snif6.caz >snif6.cap
	gzip < snif6.cap > snif6.cap.gz
	cmp -l Snif6.caz snif6.cap.gz

it reports:

     5   0 252
     6   0 211
     7   0 126
     8   0  77
    10  13   3
  8550 253 243
  8551  10 364
  8552 270 174
  8553 317 150

Bytes 5, 6, 7, and 8 are probably the last modified time, and byte 10is probably the OS on which the compression was done:


	{machine}% file Snif6.caz snif6.cap.gz

Snif6.caz: gzip compressed data, deflated, last modified: Wed Dec31 16:00:00 1969, os: Win/32snif6.cap.gz: gzip compressed data, deflated, last modified: Wed Sep3 17:33:15 2003, os: Unix


Perhaps bytes 8550 through 8553 are a CRC-32?

Follow-Ups:
- Re: [Ethereal-dev] Bug in compressed sniffer file decode
  - From: Guy Harris

References:
- Re: [Ethereal-dev] Bug in compressed sniffer file decode
  - From: Martin Regner
- Re: [Ethereal-dev] Bug in compressed sniffer file decode
  - From: Guy Harris
- Re: [Ethereal-dev] Bug in compressed sniffer file decode
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] Bug in compressed sniffer file decode
Next by Date: Re: [Ethereal-dev] Bug in compressed sniffer file decode
Previous by thread: Re: [Ethereal-dev] Bug in compressed sniffer file decode
Next by thread: Re: [Ethereal-dev] Bug in compressed sniffer file decode
Index(es):
- Date
- Thread