Wireshark · Wireshark-dev: Re: [Wireshark-dev] Portability issue of capture files.

Wireshark-dev: Re: [Wireshark-dev] Portability issue of capture files.

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Thu, 07 Sep 2006 03:13:00 -0700

Andreas Fink wrote:

I'm capturing data on a linux machine (fedora5) with tcpdump -s0-wdumpfile.cap. Transfer the file to the mac and try to open it withwireshark. I get weird errors saying it couldnt open it because packetsize is bigger than 65k or something like that. Same is if I capturewith ethereal on that linux box and transfer the file to the mac.


What happens if you try to read those files with tcpdump on the Mac?

Is this a endian problem maybe?

Not if the Linux machine is an x86-based PC, because an x86-based Macand an x86-based PC are both little-endian. (The Wireshark binary iseither x86-only, or universal with an x86 binary included, right?)

References:
- [Wireshark-dev] Portability issue of capture files.
  - From: Andreas Fink

Prev by Date: Re: [Wireshark-dev] Portability issue of capture files.
Next by Date: Re: [Wireshark-dev] A plugin dissector and fragmented messages
Previous by thread: Re: [Wireshark-dev] Portability issue of capture files.
Next by thread: [Wireshark-dev] display filter on a field that appears more than once in a message
Index(es):
- Date
- Thread