I'm trying to use ethereal to display FDDI packets captured by tcpdump.
e.g.
tcpdump -i fta0 -s 128 -w /var/tmp/x.x
ethereal -r /var/tmp/x.x
However, ethereal displays all packets as "void frame" regardless of
packet size or type. If I capture with ethereal into a file, a
subsequent display of the packets works OK.
Any idea how I can display tcpdump captured FDDI packets with ethereal?
Thanks,
Stuart
Environment: Compaq Tru64 UNIX V4.0F + patch kit 5, ethereal.v19
Background:
I'm using tcpdump in a rollover mode, i.e. let it run for say 15 mins,
then start another tcpdump, 30 seconds later kill the first tcpdump and
so on. The plan is to have a sequence of small manageable files with a
brief overlap between them but with no packets missing. When I do this
rollover capture with ethereal I have problems:
1. I do not want ethereal to display anything when it's just capturing
to a log file but I have not found a way to prevent the graphical
display
2. when two ethereals are running on the same system the second
occasionally displays "malformed address"
3. the second ethereal occasionally core dumps:
tcpdump: Using kernel BPF filter
** ERROR **: file tvbuff.c: line 399 (compute_offset_length): assertion
failed:
(length >= -1)
aborting...
# file core*
core.ethereal.v19.s1021.0: core dump, generated from 'ethereal.v19'
