Summary: | ethereal cannot read files created by tcpdump | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Heiko Helmle <helman> |
Component: | Current packages | Assignee: | Gentoo Netmon project <netmon> |
Status: | RESOLVED NEEDINFO | ||
Severity: | normal | CC: | dan.dickey, dopey, soulse |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | Example dump file that does not work |
Description
Heiko Helmle
2005-04-01 06:34:20 UTC
i cant reproduce the problem, what versions are you using? me: ethereal-0.10.10 tcpdump-3.8.3-r1 Lilith marco # emerge info Portage 2.0.51.19 (selinux/2004.1/x86, gcc-3.3.5, glibc-2.3.4.20040808-r1, 2.6.10-hardened-r3 i686) ================================================================= System uname: 2.6.10-hardened-r3 i686 Intel(R) Pentium(R) 4 CPU 2.00GHz Gentoo Base System version 1.6.9 Python: dev-lang/python-2.3.4-r1 [2.3.4 (#1, Feb 16 2005, 22:47:46)] distcc 2.16 i386-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] dev-lang/python: 2.3.4-r1 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.5, 1.8.5-r3, 1.6.3, 1.4_p6, 1.7.9, 1.9.4 sys-devel/binutils: 2.15.92.0.2-r1 sys-devel/libtool: 1.5.10-r4 virtual/os-headers: 2.4.21-r1 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-O2 -mcpu=i386" CHOST="i386-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mcpu=i386" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs autoconfig ccache distlocks sandbox selinux sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/Linux/distributions/gentoo" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="X berkdb cdr crypt cups curl esd fam flac gdbm gif gtk imagemagick imlib java libwww motif mysql ncurses nls oggvorbis opengl pam perl png python qt readline selinux snmp sqlite ssl tcltk tcpd tiff x86 xml xml2 xmms zlib" Unset: ASFLAGS, CBUILD, CTARGET, LANG, LC_ALL, LDFLAGS libpcap-0.8.3-r1 tcpdump-3.8.3-r1 ethereal-0.10.10 i'll go attach the dumpfile that doesn't work on my ethereal. Created attachment 55250 [details]
Example dump file that does not work
it works here ... good for you :) I'll try recompile ethereal with CFLAGS=-O2 -march=i386 and see if it makes a difference. No luck, tried several combinations of CFLAGS... always the same error: The capture file appears to be damaged or corrupt. (pcap: File has 1623838720-byte packet, bigger than maximum of 65535) I also tried remerging libpcap a few times and i'm running out of ideas... *** Bug 87896 has been marked as a duplicate of this bug. *** Heiko, please use text/plain when submitting text attachements. sorry, but this IS a binary attachment (tcpdump format) err sorry I missed that. I get the same error but not trying to read tcpdump files. It happens when I try to use ethereal to capture packets on it's own. I found a gentoo forum post and USE=-snmp solved the problem for them (did it for me too). true. with snmp-support ripped out, ethereal can read the tcpdump-format again. USE="snmp" emerge ethereal and it still works for me if ethereal-0.10.11 still fails attach ethereal -v and I'll report this upstream. it it fixed in the latest version? I'll check this week - really short on time right now k the new version works fine for me :) |