I am capturing TCP SYN traffic with dumpcap. dumpcap -i 3 -f "tcp[tcpflags] ==2" -b filesize:1000 -w filename.pcapng The resulting files are loaded in wireshark, but wireshark finds the file to be corrupt. I get a warning: "The capture file appears to have been cut short in the middle of a packet." The filesize dumpcap creates is 992 KB (1.015.808 bytes) Version information: C:\Program Files\Wireshark>dumpcap -v Dumpcap 1.10.6 (v1.10.6 from master-1.10) Copyright 1998-2014 Gerald Combs [email protected] and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities, without libnl. Running on 64-bit Windows 7 Service Pack 1, build 7601, without WinPcap. Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, with 3996MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 See http://www.wireshark.org for more information. C:\Program Files\Wireshark> asked 15 May '14, 06:17  Joop |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
