Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12884] sshdump only captures a few packets

Wireshark-bugs: [Wireshark-bugs] [Bug 12884] sshdump only captures a few packets

Date: Tue, 13 Sep 2016 13:28:35 +0000

Comment # 12 on bug 12884 from Graham Bloice

Adding the modifications to disable g_debug, I got the output:

   
E:\Wireshark\build64\run\RelWithDebInfo\extcap\sshdump.exe--extcap-interfacessh--capture--remote-hostssh-host--remote-usernamegraham--remote-passwordXXXXXXXXXXXX--remote-interfaceeth0--remote-capture-bintcpdump--fifoc:\temp\sshdump--debugRunning:
'tcpdump' -i 'eth0' -w - -f 'not ((host fe80::5efe:a00:20f or host 10.0.2.15 or
host fe80::48cf:f21:d2b2:b88c) and port 22)'

After stopping the process I now get a pcap file in the --fifo location, but it
is corrupt, similar in a manner reported by the gui:

    .\capinfos.exe C:\temp\sshdump
capinfos: An error occurred after reading 1 packets from "C:\temp\sshdump": The
file appears to be damaged or corrupt.
(pcap: File has 3932171-byte packet, bigger than maximum of 262144)

You are receiving this mail because:

You are watching all bug changes.

References:
- [Wireshark-bugs] [Bug 12884] New: sshdump only captures a few packets
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12892] TRANSUM: RTE-based response time analysis plugin
Next by Date: [Wireshark-bugs] [Bug 12892] TRANSUM: RTE-based response time analysis plugin
Previous by thread: [Wireshark-bugs] [Bug 12884] sshdump only captures a few packets
Next by thread: [Wireshark-bugs] [Bug 12884] sshdump only captures a few packets
Index(es):
- Date
- Thread