Scott Solmonson wrote:
> Greetings- I'm using a bare-source-built Ethereal v0.10.14 on OSX:
>
> Compiled with GTK+ 2.8.9, with GLib 2.8.5, with libpcap 0.8.3, with libz
> 1.2.3, with libpcre 6.4, without UCD-SNMP or Net-SNMP, without ADNS.
> Running with libpcap version 0.8.3 on Darwin 7.9.0.
Darwin 7.9.0 is the core of OS X 10.3.9, but the libz that comes with
10.3.9 is libz 1.1.4.
You're presumably building with some other version of libz...
> And I'm experiencing some very strange behavior- I have pcap files that
> tcpdump can read just fine (they're not invalid)-
> Yet Ethereal can not read them.
>
> The same thing happens when I try to do a live capture from any interface-
>
> The error (and byte size) is always the same:
>
> "The capture file appears to be damaged or corrupt.
> (pcap: File has 1137181850-byte packet, bigger than maximum of 65535)"
...and libz is used to read both compressed and uncompressed files (it
handles figuring out whether they're compressed or not).
> I have various versions of tcpdump and libpcap on here, and they all work
> fine for both live capture and from-file reads, additionally tethereal
> works
> flawlessly- so something screwy is going on with Ethereal here.
Tethereal doesn't do random access on files - Ethereal does.
There is a long and sad story in wiretap/file_wrappers.c about this. Look
for the comment that starts "OK, now this is tricky."
I suspect the libz you're building with somehow defeats the heroic efforts
I put into "wiretap/file_wrappers.c" to try to cope with various flavors
of libz brokenness, and this is causing random access to the file not to
work.
Try uninstalling the Shiny New Libz, and do "make distclean", run
configure, and redo the make in the Ethereal source directory.
Or change the Shiny New Libz to forcibly define "z_off_t" to "long" in its
"zconf.h" file, and then do "make clean" and "make" in the Ethereal source
directory.
