Wireshark-users: [Wireshark-users] Pcap file isn't a capture file in a format TShark understands
What happens on tchui1-rhel3 if you run the command "tshark -v" - *not* "./tshark -v", just "tshark -v" - from a directory other than the Wireshark source directory?
It is the same:
[thot@tchui1-rhel3 thot]$ tshark -v
TShark 0.99.7
Copyright 1998-2007 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled with GLib 2.2.3, with libpcap 0.7.2, with libz 1.1.4, without libpcre,
with SMI 0.4.5, without ADNS, without Lua, without GnuTLS, without Gcrypt, with
MIT Kerberos.
NOTE: this build doesn't support the "matches" operator for Wireshark filter
syntax.
Running on Linux 2.4.21-32.ELsmp, with libpcap (version unknown).
Built using gcc 3.2.3 20030502 (ASPLinux 3.2.3-59asp).
[thot@tchui1-rhel3 thot]$ tshark -r udp.pcap -T pdml
tshark: The file "udp.pcap" isn't a capture file in a format TShark understands.
One thing that I just notice is that the tshark is "manually copied" (not using RPM, YUM, etc) along with the necessary .so files into a specific directory. Then the admin set the PATH and LD_LIBRARY_PATH which point to that specific directory.
Moreover, the machine is installed with ethereal too (using RPM) and it returns the same thing:
[thot@tchui1-rhel3 thot]$ tethereal -v
tethereal 0.10.10
Compiled with GLib 1.2.10, with libpcap 0.7.2, with libz 1.1.4, without libpcre,
without UCD-SNMP or Net-SNMP, without ADNS.
NOTE: this build doesn't support the "matches" operator for Ethereal filter
syntax.
Running with libpcap (version unknown) on Linux 2.4.21-32.ELsmp.
[thot@tchui1-rhel3 thot]$ tethereal -r udp.pcap -T pdml
tethereal: The file "udp.pcap" isn't a capture file in a format Tethereal understands.
I know it is a kinda weird setup...but do you have any idea?
Thanks,
Kahou
