Wireshark-users: Re: [Wireshark-users] Upgraded wireshark to 1.2.6 but now old pcap files cannot
From: Kok-Yong Tan <ktan@xxxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Mar 2010 21:41:07 -0400

On Mar 23, 2010, at 21:36, Guy Harris wrote:


On Mar 23, 2010, at 6:29 PM, Kok-Yong Tan wrote:

I've just upgraded wireshark via MacPorts to version 1.2.6 on a PPC
MacOS 10.4.11 system with Xcode 2.5 installed.  Previous pcap files
which were readable in prior versions suddenly cannot be read. I'm
getting this error:

The capture file appears to be damaged or corrupt (pcap: File has
4294901760-byte packet, bigger than maximum of 65535)

What does "wireshark -v" print?


It prints:

wireshark 1.2.6

Copyright 1998-2010 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled with GTK+ 2.18.7, with GLib 2.22.5, with libpcap 1.0.0, with libz 1.2.4, without POSIX capabilities, without libpcre, without SMI, with c-ares 1.7.0, with Lua 5.1, without GnuTLS, without Gcrypt, with MIT Kerberos, without
GeoIP, without PortAudio, without AirPcap.

Running on Darwin 8.11.0 (MacOS 10.4.11), with libpcap version 1.0.0.

Built using gcc 4.0.1 (Apple Computer, Inc. build 5370).

--
Reality Artisans, Inc.             #   Network Wrangling and Delousing
P.O. Box 565, Gracie Station       #   Apple Certified Consultant
New York, NY 10028-0019            #   Apple Consultants Network member
<http://www.realityartisans.com>   #   Apple Developer Connection member
(212) 369-4876 (Voice) # My PGP public key can be found at <https://keyserver.pgp.com>