FW: [Winpcap-users] I can't seem to read more than 16
bytes fromanoffline file
Gerald Combs
gerald at wireshark.org
Mon Oct 15 16:08:10 GMT 2007
Isaacks, John H wrote:
> I had ethereal write a new file then compared the two files.
> they are identical except for two bytes.
> 16 bytes into the each file, the one that reads fine has 0xFF 0xFF.
> the file that only reads 16 bytes per packet has 0x00 0x00
The field at offset 16 (starting at 0) is the snapshot length:
http://wiki.wireshark.org/Development/LibpcapFileFormat. What do the
bytes at offsets 18 and 19 look like? The snaplen field is 4 bytes long
and includes them as well.
(...and why are you still using Ethereal? :-)
More information about the Winpcap-users
mailing list