when i filter the pcap file i seen one error which i never seen before ie: (Error creating filter for this stream. A transport or network layer header is needed) what does that mean could you please tel me.. And how can i rectify this for further assistance.. Thanks asked 11 Nov '13, 23:33  eva edited 11 Nov '13, 23:34 |
One Answer:
That error message will be shown if the TCP or UDP header was not fully captured. This could be due to size limitations during the capture process (Option -s, GUI: Capture -> Options: Double click an interface -> Limit each packet to). I was able to generate the error message by capturing only 44 bytes of each frame. The resulting TCP header does contain the ports, but nothing else. If you try to follow a TCP Stream you will get that error messages. You can check your capture file, to figure out if the full frame was captured or just the first n bytes. If you look at the frame in the details pane, you'll see the frame size and the captured size in the first 'line'.
You can also look at the TCP/UDP header and check if there is something missing. Regards answered 12 Nov '13, 04:08  Kurt Knochner ♦ |
