Description of problem: tcpslice(8) on RHEL4 (x86_64) failed to slice the tcpdump binary file. Same steps works on RHEL4 (x86) Version-Release number of selected component (if applicable): tcpdump-3.8.2-12.el4_6.1 (x86_64) How reproducible: Always Steps to Reproduce: 1. Create tcpdump capture file. tcpdump -w mytcpdump.bin (at least 10sec) 2. Find out timestamp. tcpdump -tt -r mytcpdump.bin 1234329816.684648 arp who-has abc (Broadcast) tell xyz 3. Check the time # tcpslice -d 1234329816.684648 +3 ./mytcpdump.bin start 1234329816.684648 stop 1234329819.684648 4. Split the file # tcpslice -w mytcpdump_slice.bin 1234329816.684648 +3 ./mytcpdump.bin tcpslice: problems finding end packet of file ./mytcpdump.bin 5. See the file # tcpslice -R ./mytcpdump.bin tcpslice: couldn't find final packet in file ./mytcpdump.bin # file /usr/sbin/tcpslice /usr/sbin/tcpslice: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.4.0, dynamically linked (uses shared libs), stripped Actual results: tcpslice can not split the file. Expected results: tcpslice split the data from original file. tcpslice can dump timestamps of the first and the last packet. Additional info: Same steps works on RHEL4(ia32)
As RHEL-4.9 is last update for RHEL-4 and it is not suitable for new features and should address only security, performance and critical issues, I'm closing that bugzilla WONTFIX. If this functionality is still missing in RHEL-5, feel free to clone that bugzilla against it.