First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

unrecognized libpcap format error message

  • retag add tags

Hello,

I'm running Wireshark within GNS3. When I create a topology in GNS3 and click on a link between, say, two routers and select "Start capture" then Start Wireshark, everything works fine. However, when I stop a capture and try to restart a new capture, I ALWAYS get the message "Unrecognized libpcap format or not libpcap data."

I have tried uninstalling winpcap, rebooting, reinstalling then rebooting again, but the problem persists. How can I fix this? The only work around it to completely stop Wireshark and restart it from within GNS3.

I'm on a Win10 PC running the latest version of Wireshark (v2.6.5).

Thanks,

Andy

hikerguy's avatar
1
hikerguy
asked 2018-12-31 01:52:36 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

This message means that 1) Wireshark is reading a capture from a pipe, rather than capturing on a network adapter and 2) whatever is writing to the pipe didn't write it in one of the standard Wireshark capture file formats, namely pcap and pcapng.

"Whatever is writing to the pipe" is presumably GNS3. There is at least one GNS3 issue about this - issue #2235.

Guy Harris's avatar
19.9k
Guy Harris
answered 2018-12-31 02:12:42 +0000
edit flag offensive 0 remove flag delete link
more

Comments

or rather in this case, 2) whatever is writing to the pipe isn't aware the reading is restarted and thus needs to write a PCAP global header first. This is one of the reasons the extcap interface was created.

Jaap's avatar Jaap (2018-12-31 10:59:21 +0000) edit
more
  • delete

Hence this is an issue with GNS3, not Wireshark. (That's why I changed the messages issued in those cases to recommend that people report the problems to the people maintaining the program that's writing to the pipe.)

Guy Harris's avatar Guy Harris (2018-12-31 18:22:15 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer