Wireshark · Wireshark-users: Re: [Wireshark-users] tcpdump capture for wireshark problems

Wireshark-users: Re: [Wireshark-users] tcpdump capture for wireshark problems

From: Sake Blok <sake@xxxxxxxxxx>

Date: Thu, 22 Nov 2007 12:55:08 +0100

On Thu, Nov 22, 2007 at 02:24:56PM +0300, Nikolay Shopik wrote:
> >  
> >>I'm trying to capture packtes with tcpdump and later view captured file 
> >>with wireshark but it always tell me what file captured in "middle of 
> >>something.."
> >
> >What is the exact message Wireshark displays?
>  
> The capture file appears to be damaged or corrupt.
> (pcap: Files has 2852126720-byte packet, bigger than maximum 65535)

Did you transfer the file with FTP? Any chance it has been transferred
in ASCII mode instead of BINARY mode? That would result in this error
message, as every 0x0a will be replaced by 0x0d0a when the file is
sent from a unix box to a windows box.

Cheers,

Sake

Follow-Ups:
- Re: [Wireshark-users] tcpdump capture for wireshark problems
  - From: Nikolay Shopik

References:
- [Wireshark-users] tcpdump capture for wireshark problems
  - From: Nikolay Shopik
- Re: [Wireshark-users] tcpdump capture for wireshark problems
  - From: Guy Harris
- Re: [Wireshark-users] tcpdump capture for wireshark problems
  - From: Nikolay Shopik

Prev by Date: Re: [Wireshark-users] tcpdump capture for wireshark problems
Next by Date: [Wireshark-users] Can i use Wireshark with SwitchSniffer?
Previous by thread: Re: [Wireshark-users] tcpdump capture for wireshark problems
Next by thread: Re: [Wireshark-users] tcpdump capture for wireshark problems
Index(es):
- Date
- Thread