|
Well, The files do not cmp well. See attached. It's not just the header that is different it appears to be different throughout the files. I created the caz file by loading the original cap file into Sniffer version 4.7 and then performing a save as... I create the gz file with cygwin gzip as recommended.
Greg
>>> Guy Harris <guy@xxxxxxxxxxxx> 9/6/2003 2:48:44 AM >>>
On Fri, Sep 05, 2003 at 02:53:17PM -0600, Greg Morris wrote:
> I did the gzip and then rename of the original cap file to caz...
So are the original .caz file, and the file that's the result of
uncompressing (and ignoring the error) and recompressing, the same size?
They should be.
If they are, then, if you have a system with a UNIX-compatible "cmp"
command (most UNIX-compatible OSes do, and Windows with Cygwin might),
what does "cmp -l" on the two files say? It should report 4 or 5 bytes
at the beginning being different (time stamp of original file, and
perhaps the OS on which the compression was done), and should report 4
bytes just before the end being different (CRC-32).
> Ethereal works great with the file... But if I try to open the newly
> created caz file with Sniffer, it crashes.
Quality. I sincerely hope that's the result of some obscure corner case
they forgot to handle, rather than just leaving out an obvious error
check....
> So apparently they are doing
> something other then just a gzip of the file.
Not much more, based on the result of my uncompress-and-recompress
experiment - the only differences between the .caz file and the result of
uncompressing and recompressing were the ones I noted (time stamp of
original file, OS on which compression was done, CRC-32).
|
