Wireshark-bugs: [Wireshark-bugs] [Bug 6663] Large packet length crashes Wireshark
Date: Mon, 12 Dec 2011 13:36:51 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663

--- Comment #2 from Chris Maynard <christopher.maynard@xxxxxxxxx> 2011-12-12 13:36:50 PST ---
Looks like the file format has possibly changed since AppVersion 5.1.1.2?  The
file format is described here:
http://www.varsanofiev.com/inside/airopeekv9.htm, and indicates:

<VersionInfo>
    <FileVersion>9</FileVersion>
    <AppVersion>5.1.1.2</AppVersion>
    <ProdVersion>2.0.1.0</ProdVersion>
</VersionInfo>

But the attached capture file has:
<VersionInfo>
    <FileVersion>9</FileVersion>
    <AppVersion>5.1.2.4</AppVersion>
    <ProdVersion>2.0.2.0</ProdVersion>
</VersionInfo>

I notice also:
<PacketCount>37</PacketCount>
... yet capinfos reports only 35 packets.

For the packet tags, there is no 09,00 tag.  Instead, it appears as 09,ff. 
Here are the tags:
pkts [+ 8 pad bytes of 0x00]
00,00 ffffffff (frame length including fcs)
01,00 40241d38 (lsb of timestamp)
02,00 586963b2 (msb of timestamp)
03,00 00000100 (flags and status)
04,00 01000000 (channel number)
05,00 16000000 (rate)
06,00 50000000 (signal level in %)
07,00 f1ffffff (signal level in dBm)
08,00 00000000 (noise level in %)
09,ff ffffffff (09,00 = noise level in dBm; 09,ff = ???)

-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.