ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-dev: Re: [Ethereal-dev] Bug in compressed sniffer file decode

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Greg Morris" <gmorris@xxxxxxxxxx>
Date: Fri, 05 Sep 2003 14:53:17 -0600
Well,
 
I did the gzip and then rename of the original cap file to caz...
 
Ethereal works great with the file... But if I try to open the newly created caz file with Sniffer, it crashes. So apparently they are doing something other then just a gzip of the file.
 
Greg

>>> Gilbert Ramirez <gram@xxxxxxxxxxxxxxx> 9/5/2003 1:55:09 PM >>>
On Fri, 2003-09-05 at 14:23, Guy Harris wrote:
>
> On Sep 3, 2003, at 2:35 PM, Gilbert Ramirez wrote:
>
> > \If you do this:
> >
> > gzip -dc < Snif6.caz > Snif6.cap
> >
> > then load Snif6.cap in ethereal, all 250 packets appear to be there,
> > *and* match the dissection of Snif6.caz (before it goes bad, that is).
>
> What happens if you then do
>
>     gzip Snif6.cap
>     mv Snif6.cap.gz Snif6.caz (on UNIX) or ren Snif6.cap.gz Snif6.caz (on
> Windows)
>
> and try to read the resulting .caz file in a Sniffer?
>
> If it works, presumably that means the Sniffer doesn't check the
> CRC-32.  If it doesn't work, presumably that means that the Sniffer is
> using some other CRC-32 algorithm.
>
>


I don't have access to NAI Sniffer. Greg? Anyone?

--gilbert

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube