This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

capture pcap file causing exceptions in java when generated via ssh

0

hi guys i have this really serious problem, i am using ssh, java and Wireshark in a loop, i remotely using ssh run wireshark on a remote machine and save a certain no. of captures in a pcap file in a certain directory, then automatically java code takes this pcap file,runs and outputs files with results, the problem is : my code works just fine when i run it over a pcap file that i generate Without using ssh! even though the saved pcap file looks so normal, BUT when the loop comes to the point when it runs the java code it crashes with exceptions caused by the pcap reader class in the library i am using, now i do not understand what might be causing this but i'm almost sure the problem is with the pcap file generated through ssh, but i am NEW TO SSH and i do not have any idea what might cause this ! any suggestions ??? also i filter the pcap file for tcp packets only, do i need to like filter the ssh packets or sth do they have weird format ?

Script for ssh

#!/bin/bash

for (( c=1; c<=$1; c++ ))
do
iperf -s &
sleep 2
ssh labpc3 -X /home/yasmin/command.sh
killall iperf
ssh labpc3 java -jar /home/yasmin/Desktop/code.jar $c
ssh labpc3 /home/yasmin/plot.sh $c
done

the script for running wireshark

asked 16 Jun ‘15, 12:18

yas1234's gravatar image

yas1234
16182023
accept rate: 0%

edited 16 Jun ‘15, 12:24

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

So how are those files being generated? What command are you using to generate the pcap files?

What Java library are you using to read the pcap files?

(16 Jun ‘15, 12:26) Guy Harris ♦♦

i am using iperf to generate traffic from computer a to computer b ..and i just run wireshark and capture those packets on the sender side, and i save it on the computer ..using this script

#!/bin/bash
wireshark -i eth1 -k -c 700 -w  ~/dev/shm/new.pcap   &
sleep  5

and goes back to that loop in my Q and the java takes the saved pcap file as input…etc the library is not the prroblem it"s a library in my university used by only us, it’s trusted ,the problem is in the ssh with wireshark

(16 Jun ‘15, 13:31) yas1234

because when i don"t use ssh as i said before and i run wireshark locally and save the file..the java code takes the file and runs the way it should..but when the input to the java code is generated remotely i get exceptions..so there’s something i do not know about ssh that may be causing this..that’s my own vision of the problem ..maybe im wrong…

(16 Jun ‘15, 13:32) yas1234

the library is not the prroblem

Does that library support reading pcap-ng files? If not, then the library IS the problem, as Wireshark writes pcap-ng files, not pcap files, by default.

(16 Jun ‘15, 18:02) Guy Harris ♦♦

no it just supports pcap files, but i added in my command -X pcap and still it is not working…so what u think?

(17 Jun ‘15, 01:49) yas1234

what do you get if you run the following commands on the created capture file that is causing the java exception?

file new.pcap
capinfos new.pcap

(17 Jun ‘15, 06:43) Kurt Knochner ♦

I think you need to read the Wireshark documentation, which does NOT say that -X pcap will cause Wireshark to write pcap files rather than pcap-ng files. It says so because it WON’T do so.

I also think that, unless you actually want a Wireshark window to pop up, you should just use dumpcap to produce the capture files; dumpcap has a -P option to force pcap files.

(17 Jun ‘15, 10:34) Guy Harris ♦♦
showing 5 of 7 show 2 more comments