#53 ssldump fails to read tcpdump file properly

open
decryption (15)
5
2008-12-17
2008-12-17
Anonymous
No

I have a tcpdump file created with:

tcpdump -s1500 -iem0 -w wnssl.dump port 443

Once I let it capture some packets and terminate it, the file is not really readable. I use the following to display the capture:

ssldump -nr wnssl.dump

It reads a couple packets (properly) and then prints

ERROR: Length mismatch

tcpdump -nr wnssl.dump displays all the packets.

The tcpdump file is attached.

Discussion

  • Nobody/Anonymous

    tcpdump capture file

     
  • dimrub

    dimrub - 2009-03-19

    This is probably due to -s 1500 and jumbo packets. Try using -s 0.

     
  • dimrub

    dimrub - 2009-03-19

    This is probably due to -s 1500 and jumbo packets. Try using -s 0.

     
  • Nobody/Anonymous

    The -s0 was the problem. It works fine now. Thanks.

     

Log in to post a comment.