Dear Wireshark-community, I have captured a file from my Fritzbox (fritzbox-vcc0.eth with a size of 1.3 GB). When I try to open the file Wireshark (version 1.12.7) gives following error-note: The capture file appears to be damaged or corrupt. (pcap: File has 875560560-byte packet, bigger than maximum of 262144) When I try to analyze the phone-calls (Telephony - RTP - Show all streams) the programm does not find any stream though I made some phone-calls myself. According to the error-note I assume that the file is too big. Is there a way to split the file into smaller ones which can be read by Wireshark? Or is there another way to solve the problem? Thank you in advance T asked 18 Aug '15, 16:30  Martin_Brody |
One Answer:
Sounds more like there is at least one packet in the file that has a broken/damaged frame size value in the frame header meta data. You might want to try to fix the problem using pcapfix. If you want to split capture files into smaller files, use editcap (command line tool, installed together with Wireshark), e.g.
answered 18 Aug '15, 16:35  Jasper ♦♦ |
So how did you transfer the capture the file from the FRITZ!Box to your machine? And what operating system is your machine running? The most likely reasons for this are either that the FRITZ!Box wrote out a damaged capture file or that it got damaged in the process of transferring it to your machine.