Re: Upgraded wireshark to 1.2.6 but now old pcap files cannot be read

[Guy Harris <guy () alum mit edu>]

On Mar 23, 2010, at 7:04 PM, Kok-Yong Tan wrote:

> I'm not sure.  I wiped the entire MacPorts installation and the  
> whole /opt/local tree and restarted from scratch by downloading the  
> Tiger version of MacPorts, installing it, then typing "port install  
> wireshark".

If it was built with a version of libz earlier than 1.2.4, this might either be

        1) a bug in libz 1.2.4

or

        2) a bug in Wireshark, where it was using libz incorrectly in a fashion that happened to work with earlier 
versions of libz but doesn't work with libz 1.2.4

as

        1) somebody else had a similar problem with Wireshark on Gentoo Linux, and Wireshark was using libz 1.2.4 there

and

        2) one of the changes in libz 1.2.4 was the "Wholesale replacement of gz* functions with faster versions", 
those being the routines Wireshark uses to read capture files when built with libz support.

Those routines are used even to read *uncompressed* files (the gz* routines in libz handle figuring out whether the 
file is compressed or not, and hides that from the application reading the file).
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe