tcpdump: pcap_loop: invalid packet capture length 1698917240, bigger than snaplen of 262144 about fritap HOT 3 CLOSED

Thx for reporting this issue, we'll have a look into this.

Regarding your question if friTap is somewhere rewriting packets when running in full packet capture mode (-f). This should normally not the case, because in full packet capture mode tcpdump is used to to do the capture. During runtime all sockets of the target application are traced from friTap. Finally when the capture stops the created PCAP is filtered, in a way that only the application traffic remains in the PCAP. Therefore no rewriting should happen, but maybe there is some sort of logic bug.
The hooks for the plaintext traffic are still applied when friTap is running in full capture mode but not evaluated. Therefore it might be the case that this traffic is also inside the PCAP although this should be filtered away due to the traced sockets.

Internally friTap is invoking precompiled tcpdump binaries from here. Is the tcpdump error still present if you invoke tcpdump directly?
# tcpdump -i any -s 0 -w test_capture.pcap

Which tcpdump version are you invoking? Maybe there is a new release from tcpdump which could resolve this issue.

Regarding your last question. When doing a socket trace -sot its up to the user to do the PCAP capture and friTap is only responsible for tracing the network traffic of the target application and creates from that a Wireshark display filter.

from fritap.

Hi, I tested the latest version of friTap and the issue still persist. Or could it be due to the type of OS and the Device I'm using for testing?

from fritap.

There we actually some bugs in the --full_capture logic. Should be solved in the latest release. If not just reopen it and we will look into this. If possible, than provide us the used app and Android version so we able to reproduce this issue :-)

from fritap.