Closed patrickpreuss closed 5 years ago
DirkDuesentrieb
commented
6 years ago I need some more details to understand what went wrong. Can you provide your "diagnose sniffer ..." statement and the packet header output of the first packet? For example
diagnose sniffer packet any 'icmp' 6 10 a 2018-03-08 15:02:27.524817 manage in 10.132.24.11 -> 10.160.10.5: icmp: echo request
patrickpreuss
commented
6 years ago will try to reproduce it in the next days.
isujosh
commented
6 years ago I have got exactly the same issue. Here's my header information with the first couple of octets removed.
FG-FIREWALL # diag sniffer packet port1 'dst host XX.XX.98.156' 6
interfaces=[port1] filters=[dst host XX.XX.98.156] 0.434878 port1 -- XX.XX.68.44.64765 -> XX.XX.98.156.443: syn 1147345031
isujosh
commented
6 years ago Got this working now - forgot to add the 'a' option!
DirkDuesentrieb
commented
5 years ago With version 1.4 relative timestamps are allowed. So I hope this issue is solved for all users that miss the hint with the 'a' for (recommended) absolute timestamps.
it is possible to produce corrupt pcap files: created output file fgsniffer.pcap with 1 packets.
capinfos: An error occurred after reading 0 packets from "fgsniffer.pcap": The file appears to be damaged or corrupt.. (pcap: File has 9548520-byte packet, bigger than maximum of 262144)