ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online

Wireshark-users: Re: [Wireshark-users] Upgraded wireshark to 1.2.6 but now old pcap files cannot

From: Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Mar 2010 22:45:35 -0400

On Mar 23, 2010, at 22:32, Guy Harris wrote:


On Mar 23, 2010, at 7:04 PM, Kok-Yong Tan wrote:

I'm not sure.  I wiped the entire MacPorts installation and the
whole /opt/local tree and restarted from scratch by downloading the
Tiger version of MacPorts, installing it, then typing "port install
wireshark".

If it was built with a version of libz earlier than 1.2.4, this might either be

	1) a bug in libz 1.2.4

or

2) a bug in Wireshark, where it was using libz incorrectly in a fashion that happened to work with earlier versions of libz but doesn't work with libz 1.2.4

as

1) somebody else had a similar problem with Wireshark on Gentoo Linux, and Wireshark was using libz 1.2.4 there

and

2) one of the changes in libz 1.2.4 was the "Wholesale replacement of gz* functions with faster versions", those being the routines Wireshark uses to read capture files when built with libz support.

Those routines are used even to read *uncompressed* files (the gz* routines in libz handle figuring out whether the file is compressed or not, and hides that from the application reading the file).


Any recommendations? Can I build the version of libz that predates this wholesale replacement of gz* functions? Do you know which one that was?
--
Reality Artisans, Inc.             #   Network Wrangling and Delousing
P.O. Box 565, Gracie Station       #   Apple Certified Consultant
New York, NY 10028-0019            #   Apple Consultants Network member
<http://www.realityartisans.com>   #   Apple Developer Connection member
(212) 369-4876 (Voice) # My PGP public key can be found at <https://keyserver.pgp.com>