 | 1 | initial version |
Maybe check your code that is writing the pcap.
Here's scapy for the comment above. Writing this to a pcap comes into Wireshark with no issues.
a=Ether(dst="20:e5:2a:b6:93:f1",src="00:08:02:1c:47:ae",type="IPv4")/IP(version=4,ihl=5,tos=0x0,len=344,id=65,flags="DF",frag=0,ttl=128,proto="tcp",chksum=0x4d00,src="10.1.21.101",dst="8.8.8.8")/TCP(sport=49158,dport="http",seq=3457856379,ack=2093840789,dataofs=5,reserved=0,flags="PA",window=256,chksum=0xdce5,urgptr=0)/Raw(load='\x08\x1a\xc2>\xd2!?\x89\x1f\x11\x9dD\xf2\xa1PX\xe7\x13q\x9fX\xb6\xed\xca}\xb7\xd0~\xef\x9f\x1a[$\x92"eNW\xb8\xb9P@\x08\xfa1!\n>\x11\xd5\xb7T\xd5l\x1b\xd8\x84\x8cOx\xec\xd59\xad\xe2\xd8C\xa0\xb4_y\xaf\x13\x9c\x8a\xf5\xa8\xed\rK\x13\x9a\xcd\xa2\xe2\r\xc8\xd5\xc7\xda\x1cv\x9d\xd6\xa7\xc9&\xccU\x84\x96\x93\x86\xb4\xb17f\xcb\x97+\xebw\xb1\xc9-"\xb6n\x8a\xcf\x18q\x19o\xc3\xa7\x11\x1b+/\x0f\x0f`\xb1\xfe\xa5j\xe30\x02\x00\t\xd28\x12nh\xbe\x11\xa1;\x1b\xa5\x187\xc1\xea\x87[U%\xa9\xed\xda\x1d5\x1fN\x16\xa3V=\xea\xb3\xf6\xdc\xb2W\x13A\xee\xe4\xac\xdb\xa6\xd4\x03\xbc\x90\x8c|\xd3Y\x9ey\xca0\xd2\xbaC\x1a;\xe7\r~U\xa9\x1d\xb8\xb5\x16Y4\xa1\x805@\x96w\x80\xe2\x05\x9f|\xe1`\xc7\'\xc8\tbx\x08rs\xb3\xd8 j8y\x16v\x01\x1c\x94,\xc6~*u\xb0\xff]\xd9\xa7\xc1\xe7\xfe\xe7\x12|\xd2@V.\xf4\xe9\xd3\xd3)oE{~\rD\x84\xad\x80\x8an\x97&n\x1b\xb4e\xe4\x1bRY\x99 z\x188\xfaPG\xd0uW\x9d')
>>> a
<Ether dst=20:e5:2a:b6:93:f1 src=00:08:02:1c:47:ae type=IPv4 |<IP version=4 ihl=5 tos=0x0 len=344 id=65 flags=DF frag=0 ttl=128 proto=tcp chksum=0x4d00 src=10.1.21.101 dst=8.8.8.8 |<TCP sport=49158 dport=http seq=3457856379 ack=2093840789 dataofs=5 reserved=0 flags=PA window=256 chksum=0xdce5 urgptr=0 |<Raw load='\x08\x1a\xc2>\xd2!?\x89\x1f\x11\x9dD\xf2\xa1PX\xe7\x13q\x9fX\xb6\xed\xca}\xb7\xd0~\xef\x9f\x1a[$\x92"eNW\xb8\xb9P@\x08\xfa1!\n>\x11\xd5\xb7T\xd5l\x1b\xd8\x84\x8cOx\xec\xd59\xad\xe2\xd8C\xa0\xb4_y\xaf\x13\x9c\x8a\xf5\xa8\xed\rK\x13\x9a\xcd\xa2\xe2\r\xc8\xd5\xc7\xda\x1cv\x9d\xd6\xa7\xc9&\xccU\x84\x96\x93\x86\xb4\xb17f\xcb\x97+\xebw\xb1\xc9-"\xb6n\x8a\xcf\x18q\x19o\xc3\xa7\x11\x1b+/\x0f\x0f`\xb1\xfe\xa5j\xe30\x02\x00\t\xd28\x12nh\xbe\x11\xa1;\x1b\xa5\x187\xc1\xea\x87[U%\xa9\xed\xda\x1d5\x1fN\x16\xa3V=\xea\xb3\xf6\xdc\xb2W\x13A\xee\xe4\xac\xdb\xa6\xd4\x03\xbc\x90\x8c|\xd3Y\x9ey\xca0\xd2\xbaC\x1a;\xe7\r~U\xa9\x1d\xb8\xb5\x16Y4\xa1\x805@\x96w\x80\xe2\x05\x9f|\xe1`\xc7\'\xc8\tbx\x08rs\xb3\xd8 j8y\x16v\x01\x1c\x94,\xc6~*u\xb0\xff]\xd9\xa7\xc1\xe7\xfe\xe7\x12|\xd2@V.\xf4\xe9\xd3\xd3)oE{~\rD\x84\xad\x80\x8an\x97&n\x1b\xb4e\xe4\x1bRY\x99 z\x188\xfaPG\xd0uW\x9d' |>>>>
>>> wrpcap('asked2.pcap',a)
>>>