Wireshark-bugs: [Wireshark-bugs] [Bug 11165] New: mergecap output wrong 'magic number'
| Bug ID |
11165
|
| Summary |
mergecap output wrong 'magic number'
|
| Product |
Wireshark
|
| Version |
1.12.3
|
| Hardware |
x86-64
|
| OS |
Windows 7
|
| Status |
UNCONFIRMED
|
| Severity |
Blocker
|
| Priority |
Low
|
| Component |
Capture file support (libwiretap)
|
| Assignee |
bugzilla-admin@wireshark.org
|
| Reporter |
jeevaka0@gmail.com
|
Build Information:
Mergecap 1.12.3 (v1.12.3-0-gbb3e9a0 from master-1.12)
--
After command:
mergecap -F pcap -w 1617_17.pcap 20150417160000.pcap 20150417170000.pcap
I had some trouble with the output file and checked the headers.
It seems that for the first two bytes of the header the nibbles get swapped
around in the output. I.e. 'd4 c3' instead of '4d 3c' making the 'endian
detection' to fail for pcap readers.
Two input files have big endian pcap headers which is uncommon. Perhaps
mergecap does not handle that well? Not that the rest of the hex dump does not
have any apparent problem.
$ od -N50 -tx1 20150417160000.pcap
0000000 4d 3c b2 a1 02 00 04 00 00 00 00 00 00 00 00 00
0000020 00 00 04 00 01 00 00 00 00 2e 31 55 e7 13 00 00
0000040 6e 00 00 00 6e 00 00 00 01 00 5e 00 1f 01 18 e7
0000060 28 06
0000062
$ od -N50 -tx1 20150417170000.pcap
0000000 4d 3c b2 a1 02 00 04 00 00 00 00 00 00 00 00 00
0000020 00 00 04 00 01 00 00 00 10 3c 31 55 0d 45 01 00
0000040 8e 00 00 00 8e 00 00 00 01 00 5e 00 1f 08 18 e7
0000060 28 06
0000062
$ od -N50 -tx1 1617_17.pcap
0000000 d4 c3 b2 a1 02 00 04 00 00 00 00 00 00 00 00 00
0000020 00 00 04 00 01 00 00 00 00 2e 31 55 05 00 00 00
0000040 6e 00 00 00 6e 00 00 00 01 00 5e 00 1f 01 18 e7
0000060 28 06
0000062
You are receiving this mail because:
- You are watching all bug changes.
