You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2010-01-29 04:37:12
- SkinnyJ
- Member
- Registered: 2008-09-20
- Posts: 18
Wireshark problem
Just installed Wireshark. Ran setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+EIP' /usr/bin/dumpcap in order to get the interfaces to show up. I was able to run one capture successfully, but after a reboot, Wireshark will show 2 or 3 packets and then stop displaying any additional packets. I save the capture, then reopen the saved file and get the following message:
The capture file appears to be damaged or corrupt.
(pcap: File has 182652111-byte packet, bigger than maxiumum of 65535)
The number varies depending on how long I let it run.
To my untrained eye, it looks like all the data is viewed as one huge packet instead of individual packets.
This is happening to me on two different machines: a 64-bit desktop running testing, and a 32-bit laptop running core.
I have tried uninstalling and reinstalling on both machines with no luck. Are there some configuration files that may be left behind that I need to delete, then reinstall?
Any other ideas on a fix?
Thanks in advance!
Offline
#2 2010-01-29 09:16:40
- thisismynewhandle
- Member
- Registered: 2010-01-29
- Posts: 7
Re: Wireshark problem
I'm having the same problems on a 64-bit install.
Everything was fine yesterday, but I think the most recent Wireshark update may have caused this. I haven't found a solution yet, though.
Offline
#3 2010-01-29 16:02:53
- Keeler
- Member
- Registered: 2010-01-19
- Posts: 10
Re: Wireshark problem
I'm having the same problem. Googling for this problem is useless. It worked for a while, like you two said, but something happened and all I know is that it was after I ran setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+EIP' /usr/bin/dumpcap. I don't know if that's the problem, though. Perhaps it's a problem with the new wireshark package or one of it's dependencies.
Offline
#4 2010-01-29 16:06:37
- nopper
- Member
- Registered: 2008-08-07
- Posts: 7
- Website
Re: Wireshark problem
Same here. I've tried rebuiliding libpcap and wireshark, but without success
ArchPwn - http://www.archpwn.org
PacketManipulator - http://manipulator.umitproject.org
Offline
#5 2010-01-29 16:09:50
- Keeler
- Member
- Registered: 2010-01-19
- Posts: 10
Re: Wireshark problem
Same here. I've tried rebuiliding libpcap and wireshark, but without success
Rebuilding didn't work for me either. tcpdump doesn't seem to have any trouble reading or writing, but a file written with tcpdump and opened with wireshark gives the same error.
Offline
#6 2010-01-29 16:12:54
- djgera
- Developer
- From: Buenos Aires - Argentina
- Registered: 2008-12-24
- Posts: 723
- Website
Re: Wireshark problem
Offline
#7 2010-01-29 16:17:05
- Keeler
- Member
- Registered: 2010-01-19
- Posts: 10
Re: Wireshark problem
Thanks. I wasn't sure if that was the same bug, but I went ahead and tried the fix. I downgraded from zlib-1.2.3.7-1 to the closest one I could find in /var/cache/pacman/pkg, which was zlib-1.2.3.4-4-x86_64.pkg.tar.gz. Wireshark is working normally.
Thanks zlib. 
Last edited by Keeler (2010-01-29 16:18:32)
Offline
Pages: 1