Anyone know how to successfully get a tcpdump capture to playback in showeq? I can get the other recording format to work, but I really would like to be able to look at some of this traffic using Wireshark. Here's a backtrace if any of this is helpful:

Core was generated by `showeq -j, --playback-tcpdump-filename=/var/tmp/showeqcapture.pcap --playback-s'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x000055d4db14967f in calcCRC16 (
p=0x7ffdf9f67001 <error: Cannot access memory at address 0x7ffdf9f67001>,
length=<optimized out>, seed=<optimized out>) at util.cpp:982
982 crc = crc >> 8 ^ crctab[(*(p++) ^ crc) & 0xFF];
[Current thread is 1 (Thread 0x7f88e32fc740 (LWP 2584))]
(gdb) bt
#0 0x000055d4db14967f in calcCRC16 (
p=0x7ffdf9f67001 <error: Cannot access memory at address 0x7ffdf9f67001>,
length=<optimized out>, seed=<optimized out>) at util.cpp:982
#1 0x000055d4db0f81b7 in EQPacketStream::calculateCRC (packet=...,
this=0x55d4dc60fc10) at packetstream.cpp:1216
#2 EQPacketStream::handlePacket (packet=..., this=<optimized out>)
at packetstream.cpp:531
#3 EQPacketStream::qt_invoke (this=<optimized out>, _id=<optimized out>,
_o=<optimized out>) at packetstream.moc:348
#4 0x000055d4db0ffc81 in EQPacket::dispatchPacket (packet=...,
this=0x55d4dc5ef250) at packet.cpp:654
#5 EQPacket::dispatchPacket (buffer=0x7ffdf9f612fe "`", size=<optimized out>,
this=0x55d4dc5ef250) at packet.cpp:578
#6 EQPacket::processPackets (this=this@entry=0x55d4dc5ef250) at packet.cpp:398
#7 0x000055d4db103a3c in EQPacket::processPackets (this=0x55d4dc5ef250)
at packet.moc:578
#8 EQPacket::qt_invoke (this=0x55d4dc5ef250, _id=<optimized out>,
_o=0x7ffdf9f633d0) at packet.moc:557
#9 0x00007f88e29c7fcc in QObject::activate_signal(QConnectionList*, QUObject*)
() from /usr/local/qt3/lib/libqt-mt.so.3
#10 0x00007f88e29c80f9 in QObject::activate_signal(int) ()
from /usr/local/qt3/lib/libqt-mt.so.3
#11 0x00007f88e29e3872 in QTimer::event(QEvent*) ()
---Type <return> to continue, or q <return> to quit---
t-mt.so.3
#12 0x00007f88e29751cb in QApplication::internalNotify(QObject*, QEvent*) () from /usr/local/qt3/lib/libqt-mt.so.3
#13 0x00007f88e2975596 in QApplication::notify(QObject*, QEvent*) () from /usr/local/qt3/lib/libqt-mt.so.3
#14 0x00007f88e296bb3e in QEventLoop::activateTimers() () from /usr/local/qt3/lib/libqt-mt.so.3
#15 0x00007f88e2931a79 in QEventLoop::processEvents(unsigned int) () from /usr/local/qt3/lib/libqt-mt.so.3
#16 0x00007f88e2987cd1 in QEventLoop::enterLoop() () from /usr/local/qt3/lib/libqt-mt.so.3
#17 0x00007f88e2987c62 in QEventLoop::exec() () from /usr/local/qt3/lib/libqt-mt.so.3
#18 0x000055d4db0cf3e0 in main (argc=<optimized out>, argv=<optimized out>) at main.cpp:712
(gdb)

Based previous experiences, I'm guessing it's due to ipv6 traffic. ShowEQ can't handle ipv6 at all, and since it's filtered out during SEQ's capture, it's not normally an issue. But giving it a raw tcpdump capture means the normal filtering isn't done, and ipv6 packets can result in bad memory access due to misinterpreted packet lengths, etc. It's on my list to fix eventually, but it's been pretty low priority.

In the mean time, adding "and ether proto 0x0800" to your tcpdump filter string should hopefully do the trick.


Edit: Also, if you don't want to re-capture, I think you can use tcpdump to refilter your existing capture into a new file without ipv6.

cn187 you are brilliant - yes that made it work! Thanks for the quick reply as well!