<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>I can't seem to read more than 16 bytes from an offline file</TITLE>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.6000.16544" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=john.isaacks@eds.com href="mailto:john.isaacks@eds.com">Isaacks, John
H</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Monday, October 15, 2007 6:46
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> RE: [Winpcap-users] I can't seem
to read more than 16 bytesfromanoffline file</DIV>
<DIV><FONT size=2></FONT><BR></DIV>
<DIV dir=ltr align=left><SPAN class=748104413-15102007><FONT face=Arial
color=#0000ff size=2>yes, I can use ethereal to view the original file, it
looks fine.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=748104413-15102007><FONT face=Arial
color=#0000ff size=2>my program used to work but only lately has
quit.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=748104413-15102007><FONT face=Arial
color=#0000ff size=2>I was thinking it has some type of security patch
that broke it but that doesn't explain why ethereal can view the file without
problems.</FONT></SPAN></DIV>
<DIV dir=ltr align=left><SPAN class=748104413-15102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=748104413-15102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV></BLOCKQUOTE>
<DIV align=left><SPAN class=748104413-15102007><FONT face=Arial color=#0000ff
size=2>Wireshark does not use WinPcap to read trace files (it has its own
internal routines).</FONT></SPAN></DIV>
<DIV align=left><SPAN class=748104413-15102007></SPAN><SPAN
class=748104413-15102007><FONT face=Arial color=#0000ff size=2>The security
patch that caused the release of WinPcap 4.0.1 (I think this is what you are
referring to) has nothing to do with reading trace files (it's a fix in the
kernel driver).</FONT></SPAN></DIV>
<DIV align=left><SPAN class=748104413-15102007></SPAN><SPAN
class=748104413-15102007><FONT face=Arial color=#0000ff size=2>Can you please
provide the capture file, so that I can try understanding what's going
on?</FONT></SPAN></DIV>
<DIV align=left><SPAN class=748104413-15102007><FONT face=Arial color=#0000ff
size=2></FONT></SPAN> </DIV>
<DIV align=left><SPAN class=748104413-15102007><FONT face=Arial color=#0000ff
size=2>Have a nice day</FONT></SPAN></DIV>
<DIV align=left><SPAN class=748104413-15102007><FONT face=Arial color=#0000ff
size=2>GV</FONT></SPAN></DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV dir=ltr align=left><SPAN class=748104413-15102007><FONT face=Arial
color=#0000ff size=2></FONT></SPAN> </DIV>
<DIV dir=ltr align=left><SPAN class=748104413-15102007><FONT face=Arial
color=#0000ff size=2>I copied the example programs exactly and they can only
read 16 bytes at a time.</FONT></SPAN></DIV>
<DIV><FONT face=Arial color=#0000ff size=2></FONT> </DIV><!-- Converted from text/rtf format -->
<P><SPAN lang=en-us><FONT face=Arial size=2>John Isaacks</FONT></SPAN>
<BR><SPAN lang=en-us><FONT face=Arial size=2>EDS - ITMS Production
support</FONT></SPAN> </P>
<DIV> </DIV><BR>
<BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
<DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> winpcap-users-bounces@winpcap.org
[mailto:winpcap-users-bounces@winpcap.org] <B>On Behalf Of </B>Gianluca
Varenni<BR><B>Sent:</B> Friday, October 12, 2007 11:49 PM<BR><B>To:</B>
winpcap-users@winpcap.org<BR><B>Subject:</B> Re: [Winpcap-users] I can't
seem to read more than 16 bytes fromanoffline file<BR></FONT><BR></DIV>
<DIV></DIV>
<DIV><FONT size=2>Does wireshark/ethereal open the same file
properly?</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>Have a nice day</FONT></DIV>
<DIV><FONT size=2>GV</FONT></DIV>
<DIV> </DIV>
<DIV><FONT size=2></FONT> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=john.isaacks@eds.com href="mailto:john.isaacks@eds.com">Isaacks,
John H</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A
title=winpcap-users@winpcap.org
href="mailto:winpcap-users@winpcap.org">winpcap-users@winpcap.org</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, October 12, 2007 2:01
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> [Winpcap-users] I can't seem
to read more than 16 bytes from anoffline file</DIV>
<DIV><BR></DIV><!-- Converted from text/rtf format --><BR>
<P><FONT face=Arial size=2>I'm trying to read a captured ethereal file (
pcap ).</FONT> <BR><FONT face=Arial size=2>My code used to work fine, but
now doesn't work on any of my machines.</FONT> <BR><FONT face=Arial
size=2>I was using 3.1 but I have installed lastest 4.0.1 on my pc and I
get the same results as before.</FONT> <BR><FONT face=Arial size=2>I have
reverted to simple readfile.c example and the</FONT> <FONT
face="Courier New" color=#0000ff size=2>const</FONT><FONT
face="Courier New" size=2> </FONT><FONT face="Courier New" color=#0000ff
size=2>struct</FONT><FONT face="Courier New" size=2> pcap_pkthdr
*header->caplen is always 16 bytes ( 0x10 )</FONT></P>
<P><FONT face=Arial size=2>I even tried the readfile_ex.c version and I
get the same 16 bytes as the caplen.</FONT> </P><BR>
<P><FONT face=Arial size=4>John Isaacks</FONT> <BR><FONT face=Arial
size=2>EDS - ITMS Production support</FONT> <BR><FONT face=Arial size=2>MS
216</FONT> <BR><FONT face=Arial size=2>3450 Lakeside Dr</FONT> <BR><FONT
face=Arial size=2>Miramar, FL 33027-3277</FONT> </P>
<P><FONT face=Arial> </FONT><FONT face=Arial
size=2>Phone:+1-954-433-6653</FONT> <BR><FONT face=Arial size=2>+</FONT>
<A href="mailto:john.isaacks@eds.com"><U><FONT face=Arial color=#0000ff
size=2>mailto:john.isaacks@eds.com</FONT></U></A> </P><BR>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BLOCKQUOTE>
<P>
<HR>
<P></P>_______________________________________________<BR>Winpcap-users
mailing
list<BR>Winpcap-users@winpcap.org<BR>https://www.winpcap.org/mailman/listinfo/winpcap-users<BR></BLOCKQUOTE></BODY></HTML>