Wireshark mailing list archives
Re: Identification of Fragmented UDP Packets
From: Guy Harris <guy () alum mit edu>
Date: Thu, 21 Jan 2010 19:53:55 -0800
On Jan 21, 2010, at 7:34 PM, Eddie wrote:
I foolishly followed the WireShark manual, and followed it's instructions, for tcpdump, to capture the complete packets. Except it doesn't. LOL Frame Length: 1514 Capture Length: 1500
That'll prevent reassembly. It couldn't reassemble the packet - there was data missing at the end of the first fragment, so there'd be a hole in the middle of the reassembled packet.
Maybe the doc needs updating. :)
The doc probably needs *fixing*; it was probably *never* wrong. Even *before* "-s 0" was supported by tcpdump, "-s 65535" worked (and Wireshark/TShark/dumpcap without "-s", and "tcpdump -s 0", do the exact same thing at the libpcap/WinPcap layer that "tcpdump -s 65535" do). "Use the MTU with -s" is not only too much work (picking a value that's too big should be just fine, except perhaps with really old versions of libpcap on some OSes), it's also misleading, as you don't want the "MTU" in the sense of the biggest *payload*, you want the maximum *link-layer* packet size. Where is that in the Wireshark manual? I'll look at fixing it. ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Identification of Fragmented UDP Packets Eddie (Jan 21)
- Re: Identification of Fragmented UDP Packets Guy Harris (Jan 21)
- Re: Identification of Fragmented UDP Packets Eddie (Jan 21)
- Re: Identification of Fragmented UDP Packets Guy Harris (Jan 21)
- Re: Identification of Fragmented UDP Packets Eddie (Jan 21)
- Re: Identification of Fragmented UDP Packets Guy Harris (Jan 21)
- Re: Identification of Fragmented UDP Packets Eddie (Jan 21)
- Re: Identification of Fragmented UDP Packets Guy Harris (Jan 21)
- Re: Identification of Fragmented UDP Packets Eddie (Jan 21)
- Re: Identification of Fragmented UDP Packets Guy Harris (Jan 21)
- Re: Identification of Fragmented UDP Packets Eddie (Jan 21)
- Re: Identification of Fragmented UDP Packets Guy Harris (Jan 21)