Bug0048

Description: Can't load gzipped pcaps

You can load gzipped log files, so it follows you should be able to load gzipped pcaps? But you can't

exceptions.IOError: File does not have the right magic
File "/var/tmp/demo2/lib/python2.4/site-packages/pyflag/FlagFramework.py", line 372, in run_analysis
report.analyse(query)
File "/var/tmp/demo2/lib/python2.4/site-packages/pyflag/plugins/LoadData.py", line 473, in analyse
fsobj.load(mount_point, query['iosource'])
File "/var/tmp/demo2/lib/python2.4/site-packages/pyflag/plugins/NetworkForensics/PCAPFS.py", line 141, in load
pcap_file = pypcap.PyPCAP(self.fd)

Logged: 2007-09-13
Logged By: AlanLeigh
Assigned to
Status: Close

Get back to the BugIndex

It doesnt follow that at all - pcaps need to be seekable (because we need to retrieve the packets from the index). So they are more similar to disk images then log files.

You can load an sgziped or ewfed pcap file instead.

My bad - will leave open until I put in a better error message or ensure it is documented somewhere (FAQ even)

Bug0048

Search:

Toolbox