Ethereal-users: RE: [ethereal-users] problems with reading in NG (DOS)sniffer fil es
Guy
The capture was done with tethereal. I will generate another
tethereal capture and a tcpdump capture from the same box, then try to
convert one or the other to ngsniffer format.
Just tried it and here were the results:
enesone# ./tethereal -F ngsniffer -r /root/localsks.pcap -w
/root/localsks.enc
Message: pcap: File has 949976507-byte packet, bigger than maximum of 65535
tethereal: The capture file appears to be damaged or corrupt.
enesone# ./tethereal -F ngsniffer -r /root/localsks.tcpdump -w
/root/localsks.enc
Message: pcap: File has 949976507-byte packet, bigger than maximum of 65535
tethereal: The capture file appears to be damaged or corrupt.
enesone#
this is what you get if you try to re-read with tethereal:
enesone# ./tethereal -V -r /root/localsks.pcap
Frame 1 (0 on wire, 0 captured)
Arrival Time: Nov 13, 1919 03:13:40.1310
Time delta from previous packet: 0.000000 seconds
Frame Number: 1
Packet Length: 0 bytes
Capture Length: 0 bytes
Message: pcap: File has 949976507-byte packet, bigger than maximum of 65535
tethereal: The capture file appears to be damaged or corrupt.
here is some output from tcpdump -r /root/localsks.pcap:
19:22:47.831335 255.38.2.zip > 0.0.zip: at-#6 25
19:22:47.932507 255.38.2.zip > 0.0.zip: at-#6 25
19:22:48.101238 255.38.2.zip > 0.0.zip: at-#6 25
19:22:49.701335 192.168.0.177.netbios-dgm > 192.168.0.255.netbios-dgm: udp
212
19:22:50.189853 arp who-has 192.168.0.178 tell 192.168.0.100
19:22:50.492238 arp who-has 192.168.0.202 tell 192.168.0.100
19:22:50.632343 0:c0:2:a5:44:30 Broadcast 8137 60:
ffff 0022 0004 0000 0000 ffff ffff ffff
0452 0000 0000 00c0 02a5 4430 4013 0003
0004 0000 0000 0000 0000 0000 0000
I'll forward the capture files if you want them.
diana
-----Original Message-----
From: Guy Harris
To: Eichert, Diana
Cc: 'ethereal-users@xxxxxxxx'
Sent: 2/7/00 5:32 PM
Subject: Re: [ethereal-users] problems with reading in NG (DOS)sniffer files
> I'm having problems importing files into SnifferPro saved from
> ethereal.
I.e., you did a capture in Ethereal, and then tried to save it in
Sniffer(DOS) format, and Sniffer Pro couldn't read it?
For whatever reason, it appears that the pcap-format capture file you
sent out is corrupt....