Wireshark · Ethereal-dev: RE: [Ethereal-dev] Bug in compressed sniffer file decode

[Jeff Foster <jfoste@xxxxxxxxxxxx>]

 

NIA Distributed Sniffer Pro 4.2 reports, "Failed to open file", when performing this test.

 

Jeff Foster

jfoste@xxxxxxxxxxx

 

-----Original Message-----
From: Greg Morris [mailto:gmorris@xxxxxxxxxx]
Sent: Friday, September 05, 2003 3:53 PM
To: guy@xxxxxxxxxxxx; gram@xxxxxxxxxxxxxxx
Cc: ethereal-dev@xxxxxxxxxxxx
Subject: Re: [Ethereal-dev] Bug in compressed sniffer file decode

Well,

 

I did the gzip and then rename of the original cap file to caz...

 

Ethereal works great with the file... But if I try to open the newly created caz file with Sniffer, it crashes. So apparently they are doing something other then just a gzip of the file.

 

Greg

>>> Gilbert Ramirez <gram@xxxxxxxxxxxxxxx> 9/5/2003 1:55:09 PM >>>

On Fri, 2003-09-05 at 14:23, Guy Harris wrote:
>
> On Sep 3, 2003, at 2:35 PM, Gilbert Ramirez wrote:
>
> > \If you do this:
> >
> > gzip -dc < Snif6.caz > Snif6.cap
> >
> > then load Snif6.cap in ethereal, all 250 packets appear to be there,
> > *and* match the dissection of Snif6.caz (before it goes bad, that is).
>
> What happens if you then do
>
>     gzip Snif6.cap
>     mv Snif6.cap.gz Snif6.caz (on UNIX) or ren Snif6.cap.gz Snif6.caz (on
> Windows)
>
> and try to read the resulting .caz file in a Sniffer?
>
> If it works, presumably that means the Sniffer doesn't check the
> CRC-32.  If it doesn't work, presumably that means that the Sniffer is
> using some other CRC-32 algorithm.
>
>


I don't have access to NAI Sniffer. Greg? Anyone?

--gilbert

_______________________________________________
Ethereal-dev mailing list
Ethereal-dev@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-dev