ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online
Wireshark logo

Ethereal-users: [Ethereal-users] Strange capture file.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Yann Rapaport <yann.rapaport@xxxxxxxxx>
Date: Mon, 04 Feb 2002 10:44:32 +0100
Hi.

I have got a problem using tethereal.
I am capturing icmpv6 packets in a file, using the following syntax:
tethereal -c 10 -i atm0 -w capture.pcap

Sometimes, tethereal and ethereal seem unable to read the capture file
as v6 packets:
-------------------------------------------------------------------------------------------

tethereal -V -r capture_bug.pcap

Frame 1 (104 on wire, 104 captured)
    Arrival Time: Feb  1, 2002 20:17:04.313283
    Time delta from previous packet: 0.000000 seconds
    Time relative to first packet: 0.000000 seconds
    Frame Number: 1
    Packet Length: 104 bytes
    Capture Length: 104 bytes
Raw packet data
    No link information available
Internet Protocol
    Header length: 0 bytes (bogus, must be at least 20)
-------------------------------------------------------------------------------------------

tethereal -x -r capture_bug.pcap

  1   0.000000          N/A -> N/A          IP Bogus IP header length
(0, must be at least 20)

0000  60 00 00 00 00 40 3a fe 3f fe 03 04 01 24 22 20   `....@:.?....$"
0010  00 00 00 00 00 00 00 51 3f fe 03 04 01 24 24 20   .......Q?....$$
0020  00 00 00 00 00 00 01 39 80 00 80 a4 eb 02 00 00   .......9........

0030  60 e9 5a 3c 96 9e 07 00 08 09 0a 0b 0c 0d 0e 0f   `.Z<............

0040  10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f   ................

0050  20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f    !"#$%&'()*+,-./

0060  30 31 32 33 34 35 36 37
01234567
--------------------------------------------------------------------------------------------

I tried to dump the packet using tcpdump:
--------------------------------------------------------------------------------------------

tcpdump6 -r capture_bug.pcap -vvvv -s 1000

20:17:04.313283 3ffe:304:124:2220:0:0:0:51 >
3ffe:304:124:2420:0:0:0:139: icmp: echo request 60162/0 [ttl 254]
--------------------------------------------------------------------------------------------

Am I doing something wrong?
Is it a bug of tethereal?
I have joined my capture file in libpcap format if anyone can help me.

Thanks.

Attachment: capture.pcap
Description: Binary data

begin:vcard 
n:Rapaport;Yann
tel;cell:+33 (0)6 30 92 66 82
tel;fax:+33 (0)1 39 30 92 11
tel;work:+33 (0)1 39 30 92 20
x-mozilla-html:FALSE
url:http://www.6wind.com
org:6WIND SA;Customer Support
version:2.1
email;internet:yann.rapaport@xxxxxxxxx
title:Customer Support Engineer
adr;quoted-printable:;;Central Gare=0D=0AB=E2t C=0D=0A1, pl. Charles de Gaule=0D=0A;Montigny-le-bretonneux;;78180;France
fn:Yann Rapaport
end:vcard
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube