windows : memory error reading pcap file

[massimosala]

with the attached file, the first 4 packets are read and on the 5th

File "C:\Python27\lib\site-packages\dpkt\pcap.py", line 318, in iter buf = self.__f.read(hdr.caplen) MemoryError

pcap.py first line

$Id: pcap.py 77 2011-01-06 15:59:38Z dugsong $

NOTE : wireshark opens and parses the file without warnings.

!!! I tried to attach the pcap file, zipped, but it fails. the raw file is 19 Kb, please fix the upload or give me an email to send it.

[brifordwylie]

@massimosala you can email me the pcap at briford.wylie@gmail.com

[kbandla]

@massimosala also which OS+arch are you on?

I suspect the caplen for the pcap is corrupted (or wrong endian), leading python to read beyond file, leading to a MemoryError. We'll find out once we have a look at the pcap.

[massimosala]

I sent now the file to Brian. I am on Windows 7, google chrome, and I cannot upload the file here. And I am an IT tech, not a novice.

The file is written be me, from C#, after reading the docs. Wireshark decodes and displays all the 84 packets, dpkt bails out at the 5th.

[massimosala]

About caplen : do you mean a field in the file header or in the 5th packet header ?

[massimosala]

Now I am trying with other packets, captured by tcpdump on a linux box : same "memory error". So it can be about endianess and the bug is in dpkt or tcpdump ....

[massimosala]

Python 2.7.10

[brifordwylie]

Here's the pcap in question dpkt_memory_error.zip

[kbandla]

@massimosala I tested your pcap on windows 10 and it works just fine.

[kbandla]

Solution: In windows, you open binary files in 'rb' mode. That should fix this.

f = open('test.pcap', 'rb')   # open file in a binary mode
pcap = dpkt.pcap.Reader(f)

[massimosala]

I am ashamed to not think of that. Can I suggest you to add this to the docs ? Many thanks for your help.

[kbandla]

@massimosala no worries; I created a quick PR to raise an Exception when his happens on Windows.