Did you open the file on the host on which it was captured? Or did you transfer the file from the capturing host to the host on which you try to read it? The error message that you get usually appears after the file has been transferred to another host with FTP in ASCII mode instead of BINARY mode.
(FYI dumpcap writes libpcap based files which can not contain packets larger than 65535 bytes, so the file is most probably corrupted somehow)
Cheers,
Sake
On 14 mei 2010, at 16:36, Joseph Laibach wrote:
> Is there a way to remove the 65535 maximum from the reading of a capture?
>
> Thanks
>
> Joe
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Joseph Laibach
> Sent: Tuesday, May 11, 2010 11:36 AM
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] The capture file appears to be damaged or corrupt. (pcap: Files has 109736-byte packet, bigger than maximum of 65535)
>
> I'm running version 1.2.7 64bit.
>
> -----Original Message-----
> From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jaap Keuter
> Sent: Tuesday, May 11, 2010 11:29 AM
> To: Community support list for Wireshark
> Subject: Re: [Wireshark-users] The capture file appears to be damaged or corrupt. (pcap: Files has 109736-byte packet, bigger than maximum of 65535)
>
> But what release of Wireshark are you using?
>
> Thanks,
> Jaap
>
> Send from my iPhone
>
> On 11 mei 2010, at 16:37, Joseph Laibach <jlaibach@xxxxxxxxxxxxx> wrote:
>
>> I am having an issue with some of the capture files. Some captures
>> files spit back an error that the capture file appears to be damaged
>> or corrupt. The capture is running on a Windows 2003 Sever R2 64bit,
>> with 2 gigs of memory and a Inetl Xeon 2.33ghz processor.
>>
>>
>>
>> I am capturing with dumpcap. The syntax I am using is as follows: C:
>> \"Program Files"\Wireshark\dumpcap.exe -i \Device\NPF_
>> {ECC9D35A-826A-4A4F-B634-656EAD4EC7C9} -w d:\SFTI_capture -b files:
>> 10000 -a filesize:8192 -B 128 -s 10000000
>>
>>
>>
>> I added the –s 10000000 to try and fix the large byte packet issue b
>> ut that hasn’t worked.
>>
>>
>>
>> Anyone have any suggestions on how to eliminated the corruption of
>> capture files?
>>
>>
>>
>> Thanks
>>
>>
>>
>> Joe Laibach
>>
>>
>>
>>
>> This communication is for informational purposes only. It is not
>> intended as an offer or solicitation or as an official
>> confirmation. Market prices and other information are not
>> guaranteed as to completeness or accuracy and are subject to change
>> without notice. Schonfeld Group reserves the right to monitor and
>> review the content of all messages sent to or from this e-mail
>> address.
>> ___________________________________________________________________________
>
>
>> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx
>>>
>> Archives: http://www.wireshark.org/lists/wireshark-users
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> This communication is for informational purposes only. It is not intended as an offer or solicitation or as an official confirmation. Market prices and other information are not guaranteed as to completeness or accuracy and are subject to change without notice. Schonfeld Group reserves the right to monitor and review the content of all messages sent to or from this e-mail address.
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>
>
>
> This communication is for informational purposes only. It is not intended as an offer or solicitation or as an official confirmation. Market prices and other information are not guaranteed as to completeness or accuracy and are subject to change without notice. Schonfeld Group reserves the right to monitor and review the content of all messages sent to or from this e-mail address.
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
