On Saturday 24 Apr 2004 1:30 am, Joe Marcus Clarke wrote:
> I'm spawning tethereal-0.10.3 in Java on Windows 2000 SP4.  I'm
> reading bytes from stdout, and writing them to a file.  The resulting
> capture file is corrupt.  It either claims to have been truncated in
> mid-packet, or it claims that one packet far exceeds the max capture
> size of 65535.
>
> I thought this must have something to do with my Java code (even
> though it works fine on Solaris and FreeBSD).  So I took the same
> command line, and did a simple redirect to a file:
>
> tethereal -s 65535 -w - > outfile
>
> The resulting outfile has the same problem.  Again, this command
> works fine on Solaris and FreeBSD (and I assume all flavors of UNIX).
>  I've tried both WinPcap 2.3 and 3.0, and both exhibit the same
> behavior.  If needed, I can produce one of the bad capture files. 
> However, I think this is pretty reproduceable as it's now happened on
> two different Windows 2000 machines.
Binary / text mode? If the file is written in text mode it will be 
corrupt on Windows but OK in *nix. Check by opening the file in a hex 
editor and finding CR LF (0D 0A) in pairs.
> I searched the archives, but didn't find anything relating to this.
> Ideally, what I'd like to be able to do is use -w <filename>, but
> Process.destroy() (in Java) calls TerminateProcess() on Windows, and
> this doesn't give tethereal a chance to flush its output buffer.  If
> tethereal flushed after each packet that might do it, but it only
> seems to do that if the output file is stdout.  Any advice would be
> greatly appreciated.  Thanks.
As a general fix that would slow down tethereal, but it would be OK as a 
command-line option.
-- 
Richard Urwin