I might be making a silly assumption here, but you said you made the captures using tcpdump. To me that indicates that the file was not created on the Windows XP machine.
Is there any chance that you transferred the file from a Unix/Linux box to the XP machine in ASCII mode? That could cause the file to get corrupt.
On Sat, Feb 20, 2010 at 1:14 AM, prashanth s
<prbanglore@xxxxxxxxx> wrote:
Hi Guy Harris,
Thanks for the response.
When I click on the " file" at the bottom, it gives a window of the form : "Wireshark : 2 expert infos".
Mine is a windows xp machine. It is the same machine on which the pcaps showed all the info on opening them (two days ago).
I need to try running Tshark still.
The same pcaps however are opening on other machines(collegue's machine) and displaying all the info correctly.
I havn't done any software update in the last two days. I used today a cd (Nokia 5800 XpressMusic cd) that comes with Nokia phone, but there was no updation or installation done.(I have checked the installed softwares).
5-6 hours back my saystem hanged and I had to forcibly shutdown the pc and this forcibly closed all the pcaps as well.
Regards,
Prashanth
On Sat, Feb 20, 2010 at 2:17 AM, Guy Harris
<guy@xxxxxxxxxxxx> wrote:
On Feb 19, 2010, at 12:30 PM, prashanth s wrote:
> It shows in the pcap at the bottom: Packets: 3481 Displayed: 3481 Marked : 0
> But actually only the first frame is displayed.
If this is on a UN*X (Linux, *BSD, Solaris, Mac OS X, etc.), what does the "file" command say when you run it on the pcap file?
What happens if you run TShark on it? Does it print all the packets?
Is the machine on which it was working OK the same machine as the machine where it isn't working? If so, did you change anything (for example, updating any software, including libraries), in the past couple of days?
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
