Wireshark-bugs: [Wireshark-bugs] [Bug 7340] New: Netscreen - can't parse packet-header
Date: Wed, 6 Jun 2012 12:35:38 -0700 (PDT)

           Summary: Netscreen - can't parse packet-header
           Product: Wireshark
           Version: 1.6.8
          Platform: x86-64
        OS/Version: Windows 7
            Status: NEW
          Severity: Minor
          Priority: Low
         Component: Capture file support (libwiretap)
        AssignedTo: [email protected]
        ReportedBy: [email protected]

Created attachment 8563
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=8563
sample dns capture which exhibits this problem.

Build Information:
Version 1.6.8 (SVN Rev 42761 from /trunk-1.6)

Copyright 1998-2012 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO

Compiled (64-bit) with GTK+ 2.22.1, with GLib 2.26.1, with WinPcap (version
unknown), with libz 1.2.5, without POSIX capabilities, without libpcre, without
SMI, with c-ares 1.7.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with
Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio V19-devel (built May
22 2012), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.2 (packet.dll version, based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, without AirPcap.

Built using Microsoft Visual C++ 9.0 build 21022
After following http://wiki.wireshark.org/NetScreen, I configured a Juniper
SSG5 (ScreenOS 6.3.0r11.0) to snoop on DNS traffic. Once completed, I dumped
the log via Putty to a log file and then attempted to import it into Wireshark.
 I cleaned out the putty and ScreenOS commands in the log, so it only contains
the packet data (just like the netscreen.txt sample from the wiki).

The following error is thrown by Wireshark:
the capture file appears to be damanged or corrupt (netscreen: can't parse

I've attached the sample dns capture which exhibits this problem.

Only differences which appears to me is my capture shows the same packet
flowing through the different interfaces, which possibly is messing up the
wireshark:netscreen parser?

Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.