Wireshark-dev: Re: [Wireshark-dev] Portability issue of capture files.
Andreas Fink wrote:
I recently compiled wireshark under MacOS X 10.4.7 on a intel machine.
This time I succeeded even with GTK+2 after fiddling with a lot of options.
I'm preparing an installer for it for users without "fink" or "darwin
ports".
But while using it, I find out a strange behaviour.
I'm capturing data on a linux machine (fedora5) with tcpdump -s0
-wdumpfile.cap. Transfer the file to the mac and try to open it with
wireshark. I get weird errors saying it couldnt open it because packet
size is bigger than 65k or something like that. Same is if I capture
with ethereal on that linux box and transfer the file to the mac. I can
capture on the mac fine with tcpdump and read it on the mac with
wireshark but whatever comes from that linux machine is not working.
Most frequently that's due to using FTP and not setting binary mode.
Does the file's checksum change from machine to machine after copying it?
The PCAP/Wiretap library is supposed to figure out the endianism of the
host where the file was generated automatically so normally there's no
problem with that. (I frequently look at capture files from SPARC
machines on my Intel laptop, including with 0.99.3.)