Wireshark mailing list archives
Pcap file isn't a capture file in a format TShark understands
From: kahou lei <kahou82 () gmail com>
Date: Tue, 26 Jan 2010 16:47:57 -0800
What happens on tchui1-rhel3 if you run the command "tshark -v" - *not* "./tshark -v", just "tshark -v" - from a directory other than the Wireshark source directory? It is the same: [thot@tchui1-rhel3 thot]$ tshark -v TShark 0.99.7 Copyright 1998-2007 Gerald Combs <gerald () wireshark org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled with GLib 2.2.3, with libpcap 0.7.2, with libz 1.1.4, without libpcre, with SMI 0.4.5, without ADNS, without Lua, without GnuTLS, without Gcrypt, with MIT Kerberos. NOTE: this build doesn't support the "matches" operator for Wireshark filter syntax. Running on Linux 2.4.21-32.ELsmp, with libpcap (version unknown). Built using gcc 3.2.3 20030502 (ASPLinux 3.2.3-59asp). [thot@tchui1-rhel3 thot]$ tshark -r udp.pcap -T pdml tshark: The file "udp.pcap" isn't a capture file in a format TShark understands. One thing that I just notice is that the tshark is "manually copied" (not using RPM, YUM, etc) along with the necessary .so files into a specific directory. Then the admin set the PATH and LD_LIBRARY_PATH which point to that specific directory. Moreover, the machine is installed with ethereal too (using RPM) and it returns the same thing: [thot@tchui1-rhel3 thot]$ tethereal -v tethereal 0.10.10 Compiled with GLib 1.2.10, with libpcap 0.7.2, with libz 1.1.4, without libpcre, without UCD-SNMP or Net-SNMP, without ADNS. NOTE: this build doesn't support the "matches" operator for Ethereal filter syntax. Running with libpcap (version unknown) on Linux 2.4.21-32.ELsmp. [thot@tchui1-rhel3 thot]$ tethereal -r udp.pcap -T pdml tethereal: The file "udp.pcap" isn't a capture file in a format Tethereal understands. I know it is a kinda weird setup...but do you have any idea? Thanks, Kahou
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Pcap file isn't a capture file in a format TShark understands kahou lei (Jan 22)
- Re: Pcap file isn't a capture file in a format TShark understands Guy Harris (Jan 22)
- <Possible follow-ups>
- Pcap file isn't a capture file in a format TShark understands kahou lei (Jan 27)