Greetings- I'm using a bare-source-built Ethereal v0.10.14 on OSX:
Compiled with GTK+ 2.8.9, with GLib 2.8.5, with libpcap 0.8.3, with libz
1.2.3, with libpcre 6.4, without UCD-SNMP or Net-SNMP, without ADNS.
Running with libpcap version 0.8.3 on Darwin 7.9.0.
And I'm experiencing some very strange behavior- I have pcap files that
tcpdump can read just fine (they're not invalid)-
Yet Ethereal can not read them.
The same thing happens when I try to do a live capture from any interface-
The error (and byte size) is always the same:
"The capture file appears to be damaged or corrupt.
(pcap: File has 1137181850-byte packet, bigger than maximum of 65535)"
I have various versions of tcpdump and libpcap on here, and they all work
fine for both live capture and from-file reads, additionally tethereal works
flawlessly- so something screwy is going on with Ethereal here.
I've viewed the ktrace of me running Ethereal, opening a known-good pcap
file, clearing the error dialog box, then exiting normally.
After opening the file and reading it, I see it looking for an IOR.txt and
not finding it-
Then accessing /etc/localtime...
Hmmm one time some "valid" packets came through and their timestamps were
all wrong...
Anyway- any help would be appreciated- I have the full ktrace if anyone
would like it.
-SS
--
Scott Solmonson
Akamai Technologies, Inc.
AIM: scosolspeedera
Voice: 408.718.6290
http://www.akamai.com/
