Hi Guy,
It works fine! Yes, I think the problem is due to a bug of the system.
Thanks a lot!
Cheers!
Joyce
-----Original Message-----
From: Guy Harris [mailto:guy@xxxxxxxxxxxx]
Sent: Wednesday, January 03, 2007 3:52 PM
To: joyce
Cc: 'Community support list for Wireshark'
Subject: Re: [Wireshark-users] captured file can not be understood by Tshark
joyce wrote:
> Thanks for your reply. What the "libpcap-format file header" looks like?
>
It looks like the first 24 bytes of a pcap-version file that your system
generates and that Wireshark *can* read. To undo the damage your system
did, if you have another log file from that system, you could copy the
first 24 bytes from that file and combine it with one of the damaged
files, e.g., on UN*X systems (and perhaps on Windows with Cygwin) you
could do
(dd if=good_log_file bs=24 count=1; cat bad_log_file) >fixed_log_file
Who made the system that's generating those damaged log files? You
should file a bug report with them.
