This is our old Q&A Site. Please post any new questions and answers at

hi guys i have this really serious problem, i am using ssh, java and Wireshark in a loop, i remotely using ssh run wireshark on a remote machine and save a certain no. of captures in a pcap file in a certain directory, then automatically java code takes this pcap file,runs and outputs files with results, the problem is : my code works just fine when i run it over a pcap file that i generate Without using ssh! even though the saved pcap file looks so normal, BUT when the loop comes to the point when it runs the java code it crashes with exceptions caused by the pcap reader class in the library i am using, now i do not understand what might be causing this but i'm almost sure the problem is with the pcap file generated through ssh, but i am NEW TO SSH and i do not have any idea what might cause this ! any suggestions ??? also i filter the pcap file for tcp packets only, do i need to like filter the ssh packets or sth do they have weird format ?

Script for ssh


for (( c=1; c<=$1; c++ ))
    iperf -s &
    sleep 2
    ssh labpc3 -X /home/yasmin/ 
    killall iperf
    ssh labpc3 java -jar /home/yasmin/Desktop/code.jar $c
    ssh labpc3 /home/yasmin/ $c

the script for running wireshark

asked 16 Jun '15, 12:18

yas1234's gravatar image

accept rate: 0%

edited 16 Jun '15, 12:24

Guy%20Harris's gravatar image

Guy Harris ♦♦

So how are those files being generated? What command are you using to generate the pcap files?

What Java library are you using to read the pcap files?

(16 Jun '15, 12:26) Guy Harris ♦♦

i am using iperf to generate traffic from computer a to computer b ..and i just run wireshark and capture those packets on the sender side, and i save it on the computer ..using this script

wireshark -i eth1 -k -c 700 -w  ~/dev/shm/new.pcap   &
sleep  5

and goes back to that loop in my Q and the java takes the saved pcap file as input...etc the library is not the prroblem it"s a library in my university used by only us, it's trusted ,the problem is in the ssh with wireshark

(16 Jun '15, 13:31) yas1234

because when i don"t use ssh as i said before and i run wireshark locally and save the file..the java code takes the file and runs the way it should..but when the input to the java code is generated remotely i get there's something i do not know about ssh that may be causing this..that's my own vision of the problem ..maybe im wrong...

(16 Jun '15, 13:32) yas1234

the library is not the prroblem

Does that library support reading pcap-ng files? If not, then the library IS the problem, as Wireshark writes pcap-ng files, not pcap files, by default.

(16 Jun '15, 18:02) Guy Harris ♦♦

no it just supports pcap files, but i added in my command -X pcap and still it is not what u think?

(17 Jun '15, 01:49) yas1234

what do you get if you run the following commands on the created capture file that is causing the java exception?

file new.pcap
capinfos new.pcap

(17 Jun '15, 06:43) Kurt Knochner ♦

I think you need to read the Wireshark documentation, which does NOT say that -X pcap will cause Wireshark to write pcap files rather than pcap-ng files. It says so because it WON'T do so.

I also think that, unless you actually want a Wireshark window to pop up, you should just use dumpcap to produce the capture files; dumpcap has a -P option to force pcap files.

(17 Jun '15, 10:34) Guy Harris ♦♦
showing 5 of 7 show 2 more comments
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 16 Jun '15, 12:18

question was seen: 1,334 times

last updated: 17 Jun '15, 10:34

p​o​w​e​r​e​d by O​S​Q​A