Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-bugs: [Wireshark-bugs] [Bug 8434] Crash (Null dereference) when loading capture files

Date: Fri, 19 Jul 2013 17:52:33 +0000

Comment # 4 on bug 8434 from
This may be an issue with how different pcap formats are handled.
I tried to use mergecap from the cli and failed on all attempts to merge
tcpdump files:

ifrantz@defiant:~/work/pcap/attA01$ file attA01.attA03.pcap
attA01.attA03.pcap: tcpdump capture file (little-endian) - version 2.4
(Ethernet, capture length 65535)
ifrantz@defiant:~/work/pcap/attA01$ file rjs.attA03.attA01.pcap
rjs.attA03.attA01.pcap: tcpdump capture file (little-endian) - version 2.4
(Ethernet, capture length 65535)
ifrantz@defiant:~/work/pcap/attA01$ mergecap -w attA01.pcap attA01.attA03.pcap
rjs.attA03.attA01.pcap
mergecap: Error reading rjs.attA03.attA01.pcap: Less data was read than was
expected

And the resulting file is much smaller than expected:
ifrantz@defiant:~/work/pcap/attA01$ ll attA01.attA03.pcap
rjs.attA03.attA01.pcap attA01.pcap
-rw-r--r-- 1 ifrantz ifrantz 184014 Jul 18 12:45 attA01.attA03.pcap
-rw-r--r-- 1 ifrantz ifrantz  27776 Jul 19 10:47 attA01.pcap
-rw-r--r-- 1 ifrantz ifrantz  24576 Jul 18 12:32 rjs.attA03.attA01.pcap


However, this works both on the cli and in the merge dialog when merging snoop
pcap files with no errors and the merge dialog properly goes away after
[Open]ing the file to merge.
ifrantz@defiant:~/work/pcap/oemdb1$ file attA03.pcap
attA03.pcap: Snoop capture file - version 2 (Ethernet)
ifrantz@defiant:~/work/pcap/oemdb1$ file attB03.pcap
attB03.pcap: Snoop capture file - version 2 (Ethernet)
ifrantz@defiant:~/work/pcap/oemdb1$ file oemdb1.pcap
oemdb1.pcap: pcap-ng capture file - version 1.0


You are receiving this mail because:
  • You are watching all bug changes.