[Winpcap-users] I can't seem to read more than 16 bytesfromanoffline file

[Gianluca Varenni]

I can't seem to read more than 16 bytes from an offline file
  ----- Original Message ----- 
  From: Isaacks, John H 
  To: winpcap-users at winpcap.org 
  Sent: Monday, October 15, 2007 6:46 AM
  Subject: RE: [Winpcap-users] I can't seem to read more than 16 bytesfromanoffline file


  yes, I can use ethereal to view the original file, it looks fine.
  my program used to work but only lately has quit.
  I was thinking it has some type of security patch that broke it but that doesn't explain why ethereal can view the file without problems.


Wireshark does not use WinPcap to read trace files (it has its own internal routines).
The security patch that caused the release of WinPcap 4.0.1 (I think this is what you are referring to) has nothing to do with reading trace files (it's a fix in the kernel driver).
Can you please provide the capture file, so that I can try understanding what's going on?

Have a nice day
GV

  I copied the example programs exactly and they can only read 16 bytes at a time.

  John Isaacks 
  EDS - ITMS Production support 





----------------------------------------------------------------------------
    From: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Gianluca Varenni
    Sent: Friday, October 12, 2007 11:49 PM
    To: winpcap-users at winpcap.org
    Subject: Re: [Winpcap-users] I can't seem to read more than 16 bytes fromanoffline file


    Does wireshark/ethereal open the same file properly?

    Have a nice day
    GV


      ----- Original Message ----- 
      From: Isaacks, John H 
      To: winpcap-users at winpcap.org 
      Sent: Friday, October 12, 2007 2:01 PM
      Subject: [Winpcap-users] I can't seem to read more than 16 bytes from anoffline file




      I'm trying to read a captured ethereal file ( pcap ). 
      My code used to work fine, but now doesn't work on any of my machines. 
      I was using 3.1 but I have installed lastest 4.0.1 on my pc and I get the same results as before. 
      I have reverted to simple readfile.c example and the const struct pcap_pkthdr *header->caplen is always 16 bytes ( 0x10 )

      I even tried the readfile_ex.c version and I get the same 16 bytes as the caplen. 



      John Isaacks 
      EDS - ITMS Production support 
      MS 216 
      3450 Lakeside Dr 
      Miramar, FL  33027-3277 

       Phone:+1-954-433-6653 
      + mailto:john.isaacks at eds.com 





--------------------------------------------------------------------------


      _______________________________________________
      Winpcap-users mailing list
      Winpcap-users at winpcap.org
      https://www.winpcap.org/mailman/listinfo/winpcap-users



------------------------------------------------------------------------------


  _______________________________________________
  Winpcap-users mailing list
  Winpcap-users at winpcap.org
  https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20071015/5d2271e7/attachment.htm