Packet capture and Wireshark
-
After downloading a packet capture and open it with wireshark, it seems data are corrupted. Wireshark said :
The capture file appears to be damaged or corrupt. (pcap: File has 1701323325-byte packet, bigger than maximum of 65535)
Always reproductible. All capture settings are default values. Never append with Pfsense v1.2.3.
-
I do packet captures on 1.2.3 systems all the time and they work fine for me.
Is this a full install or embedded? If it's embedded, install the "Packet Capture Fix" package and see if that makes a difference.
-
Sorry for my bad english. Packet captures works fine for me too on 1.2.3. This error occur on V2 Beta 4 (today snapshoot).
It's a full install. -
It works for me on 2.0 as well. Are you on i386 or amd64?
-
i386. Today I downgrade to this snapshoot :http://pingle.org/files/pfSense-Full-Update-2.0-BETA4-20101214-1319.tgz
Same problem. Wireshark is Version 1.2.9 on Win XP SP3.
I'm not sure : under certain amount (4 ou 5 lines in Pfsense GUI) of datas it seem to work.
This Pfsense is installed on a vm (Vmware ESX 3.5). Only wan interface is active. Pfsense + Squid 2.x + Lightsquid + Squidguard installed for testing as a proxy. -
I update Wireshark to the latest release. Same thing.
Looking at Wireshark after error message, the last frame displayed is always http:2 2010-12-15 21:15:13.709145 172.16.1.205 192.168.1.101 HTTP Continuation or non-HTTP traffic
HTTP Continuation or non-HTTP traffic is always displayed in info field
The header is :
Frame 2: 1314 bytes on wire (10512 bits), 1314 bytes captured (10512 bits)
Ethernet II, Src: 00:0c:29:c5:2c:76 (00:0c:29:c5:2c:76), Dst: 00:50:04:48:f6:e0 (00:50:04:48:f6:e0)
Internet Protocol, Src: 172.16.1.205 (172.16.1.205), Dst: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: dlms-cosem (4059), Seq: 1, Ack: 1, Len: 1260