> where's the packet header info
Nowhere. `dumpRaw` generates it.
> in particular the size
It's the size of the array that was handed to it. The `dumpRaw` code in pcap4j does:
pcap_pkthdr header = new pcap_pkthdr();
header.len = header.caplen = packet.length;
header.ts = new timeval();
header.ts.tv_sec = new NativeLong(timestamp.getTime() / 1000L);
switch (timestampPrecision) {
case MICRO:
header.ts.tv_usec = new NativeLong(timestamp.getNanos() / 1000L);
break;
case NANO:
header.ts.tv_usec = new NativeLong(timestamp.getNanos());
break;
default:
throw new AssertionError("Never get here.");
}
The astute reader will note that the time stamp is the current time, and the packet length and captured length are the length of the array.
In theory, that length should be 8192; however, it appears to be 268435456, from the error message.
268435456 is 0x10000000; I'm not sure how 0x2000 - 8192 - turned into 0x10000000. pcap4j eventually ends up calling libpcap's `pcap_dump()`, so I'm not sure why this generated a damaged pcap file rather than a pcap file full of exactly-8192-byte-long packets (*neither* of which will work as desired).
↧
