This is our old Q&A Site. Please post any new questions and answers at

I am capturing TCP SYN traffic with dumpcap.

dumpcap -i 3 -f "tcp[tcpflags] ==2" -b filesize:1000 -w filename.pcapng

The resulting files are loaded in wireshark, but wireshark finds the file to be corrupt. I get a warning: "The capture file appears to have been cut short in the middle of a packet."

The filesize dumpcap creates is 992 KB (1.015.808 bytes)

Version information: C:\Program Files\Wireshark>dumpcap -v Dumpcap 1.10.6 (v1.10.6 from master-1.10)

Copyright 1998-2014 Gerald Combs [email protected] and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities, without libnl.

Running on 64-bit Windows 7 Service Pack 1, build 7601, without WinPcap. Intel(R) Core(TM)2 Duo CPU P8600 @ 2.40GHz, with 3996MB of physical memory.

Built using Microsoft Visual C++ 10.0 build 40219 See for more information. C:\Program Files\Wireshark>

asked 15 May '14, 06:17

Joop's gravatar image

accept rate: 0%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 15 May '14, 06:17

question was seen: 1,899 times

last updated: 15 May '14, 06:17

p​o​w​e​r​e​d by O​S​Q​A