First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

how to export a stripped capture file to k12 ?

  • retag add tags

Wireshark got wrong packet length displayed if I open a k12 text file that was I exported to k12 from a stripped pcap file (ex: using tcpdump -s <small_len>).

Is that a bug? Or would you wanna implement a parameter in editcap or checkbox in Wireshark to fill more |00| to k12 for a stripped capture file?

Just a suggestion. Or is there any other solution to my problem?

PT's avatar
1
PT
asked 2021-12-22 07:31:01 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Or is there any other solution to my problem?

Export the file to a format that supports the notion of a packet having an "actual length" and a "captured length".

k12 text files are NOT such a format. That is the cause of your problem; it is not something that the Wireshark developer's can fix (we don't define that format, Tektronix did).

One such format is called "pcap format". Another such format is called "pcapng format". Wireshark is capable of reading and writing both those formats.

Guy Harris's avatar
19.9k
Guy Harris
answered 2021-12-24 11:12:03 +0000
edit flag offensive 0 remove flag delete link
more

Comments

If I wanna fill many 0x00 in it to keep Wireshark can reload K12 file correctly. (I mean, use 0x00 to keep captured length = 'actual' length) What can I do? To write a program by myself?

PT's avatar PT (2022-01-04 09:31:10 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer