Red Hat Bugzilla – Bug 484851
tcpslice doesn't work on x86_64
Last modified: 2010-03-18 12:18:25 EDT
Description of problem:
tcpslice(8) on RHEL4 (x86_64) failed to slice the tcpdump binary file.
Same steps works on RHEL4 (x86)
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Create tcpdump capture file.
tcpdump -w mytcpdump.bin (at least 10sec)
2. Find out timestamp.
tcpdump -tt -r mytcpdump.bin
1234329816.684648 arp who-has abc (Broadcast) tell xyz
3. Check the time
# tcpslice -d 1234329816.684648 +3 ./mytcpdump.bin
4. Split the file
# tcpslice -w mytcpdump_slice.bin 1234329816.684648 +3 ./mytcpdump.bin
tcpslice: problems finding end packet of file ./mytcpdump.bin
5. See the file
# tcpslice -R ./mytcpdump.bin
tcpslice: couldn't find final packet in file ./mytcpdump.bin
# file /usr/sbin/tcpslice
/usr/sbin/tcpslice: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.4.0, dynamically linked (uses shared libs), stripped
tcpslice can not split the file.
tcpslice split the data from original file.
tcpslice can dump timestamps of the first and the last packet.
Same steps works on RHEL4(ia32)
As RHEL-4.9 is last update for RHEL-4 and it is not suitable for new features
and should address only security, performance and critical issues, I'm closing
that bugzilla WONTFIX. If this functionality is still missing in RHEL-5, feel
free to clone that bugzilla against it.