(new Soapbox())->shout(array_map('strtoupper', $opinions)); //Shaun's blog


Me, elsewhere

GitHub
parseword
Miscellaneous public code

snuze
A PHP API client for Reddit

Twitter
@parseword
I don't tweet much

XMPP chat
xmpp@shaunc.com
(Pidgin, Miranda, Swift, etc.)


Perfect is the enemy of good enough.

Properly using tcpdump with Wireshark to avoid stanag4607 errors

Posted November 09, 2015 by shaun

For a long time, I could do a packet capture on a Linux machine by redirecting the output of tcpdump to a file, and Ethereal would open it up no problem. Somewhere along the way, Wireshark started choking on these files. Every now and then I still forget and try to do something like this:

    tcpdump -nn -vv -S -X -s0 -i eth0 port 53 > /tmp/dns.cap

That captures a bunch of packets in human-readable form, but Wireshark refuses to open the file. It gives an error along the lines of:

    The capture file appears to be damaged or corrupt.
    (stanag4607: File has 976238138d-byte packet, bigger than maximum of 262144)

If you find yourself looking at this error, make sure to use the -w flag to tcpdump instead of redirecting stdout:

    tcpdump -nn -vv -S -X -s0 -i eth0 port 53 -w /tmp/dns.cap

This generates a binary pcap file that Wireshark happily opens up.



Recent articles

📰 Compiling Doxygen on FreeBSD without LaTeX and Ghostscript

📰 Introducing Snuze, a PHP client for the Reddit API

📰 jisusaiche: Java's installer telemetry

📰 BIND client log error "query_find: query_getdb failed"

📰 Resolving "The lang/perl5.24 port has been deleted: Has expired" portmaster error

📰 Armagaddon2 interim fix for Firefox 56 and other old versions

📰 Strange DNS queries: qname "miep", qtype ANY

📰 Undeliverable as addressed: A massive broken spam campaign?

📰 Using WITH_META_MODE and ccache for FreeBSD build boosts

📰 Resolving subversion error E000013: Unable to create pristine install stream

📰 Enhancements to SmokePing's AnotherDNS probe

📰 Generating vanity DNSSEC key tags

📰 DDoS involving forged packets from 23.225.141.70

📰 Website integrity monitoring through version control

📰 SpamAssassin 3.4.2 fixes security problems, adds HashBL and phishing plugins

▲ Back to top | Permalink to this page