Most frequently that's due to using FTP and not setting binary mode. Does the file's checksum change from machine to machine after copying it?
no. iIuse scp to copy from machine to machine.
The PCAP/Wiretap library is supposed to figure out the endianism of the host where the file was generated automatically so normally there's no problem with that. (I frequently look at capture files from SPARC machines on my Intel laptop, including with 0.99.3.)
I did that too in the past. Which is not the case... I just tried to open some files with my intel based minimac and they do not work... oddly enough capture works only if you are seeing packets in real-time, if instead you try to capture without it fails to open them.
Same behaviour here. I look at them in real time usually, even over remote X connection. The issue here is that it doesn't appear to be an endianess issue, the file header is read ok, so it is the first packet's, with the second packet I see a very odd thing:
pcapio.c writes this:
ts_sec 7D91FF44 44FF917D ts_usec 5BE20800 0008E25B incl_len 56010000 00000156 orig_len 56010000 00000156
wiretap's libpcap.c reads this:
ts_sec 07010016 16000107 ts_usec CB05E505 05E505CB incl_len 32040A00 000A0432 orig_len 01053304 04330501
Uh. thats odd.
So there's an issue here but it has nothing to do with endianity... neither it does with FTP which BTW i didn't use.
Andreas Fink Fink Consulting GmbH --------------------------------------------------------------- Tel: +41-61-6666332 Fax: +41-61-6666331 Mobile: +41-79-2457333 Address: Clarastrasse 3, 4058 Basel, Switzerland --------------------------------------------------------------- ICQ: 8239353 Yahoo: finkconsulting SMS: +41792457333
|
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@wireshark.org
http://www.wireshark.org/mailman/listinfo/wireshark-dev
