ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 4443] New: Capture fails after a few seconds

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Sat, 30 Jan 2010 22:34:03 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4443

           Summary: Capture fails after a few seconds
           Product: Wireshark
           Version: 1.2.6
          Platform: x86
        OS/Version: Linux (other)
            Status: NEW
          Severity: Major
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: wulfsolter@xxxxxxxxx


Created an attachment (id=4242)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4242)
Example of a capture by Dumpcap 1.2.6 that will not open in Wireshark 1.2.6

Build Information:
wireshark 1.2.6

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.5, with GLib 2.22.3, with libpcap 1.0.0, with libz
1.2.3.7, with POSIX capabilities (Linux), with libpcre 8.1, without SMI,
without
c-ares, without ADNS, without Lua, with GnuTLS 2.8.5, with Gcrypt 1.4.5, with
Heimdal Kerberos, without GeoIP, without PortAudio, without AirPcap.

Running on Linux 2.6.32-ARCH, with libpcap version 1.0.0, GnuTLS 2.8.5, Gcrypt
1.4.5.

Built using gcc 4.4.3.




On ArchLinux 2.6.32.6, other similar programs such as
ettercap/tcpdump/aircrack-ng suite, etc all run fine.

--
Listing capture interfaces shows packets coming in. After selecting an
interface and starting a session, there is a 2 second window of capture, after
which capture stops.  Dumpcap (1.2.6) will keep capturing, but Wireshark cannot
read files - reporting a "An error occurred while reading from the file
"/tmp/wiresharkXXXXxxxxxx": Less data was read than was expected." Said file
exists and keeps growing.

Browsing to open a dumpcap file, wireshark sees the format as "RedHad 6.1
tcpdump - libcap" with "Packets: error reading after 0 packets"

Attempting to open results in error: "The capture file appears to be damaged or
corrupt. (pcap: File has 3221647360-byte packet, bigger than maximum of 65535)"
with byte size being the size of the capture, growing with time.

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube