Wireshark mailing list archives

Re: Packet Size limited during capture message

From: Brian Oleksa <oleksab () darkcornersoftware com>
Date: Tue, 23 Mar 2010 20:40:32 -0400

Guy

The snaplen was set to 150 when using tshark.
I see a Frame that says (for example):     Frame 7 (341 bytes on wire, 
150 bytes captured).

But looking at the detailed view of this packet...  it actually looks 
good until you get to the end... it is truncated.

And NO... the pcap file doesn't crash when the dissector is removed. I 
can load about 70% of it and hit stop....but
if I let it go any further it will crash wireshark.

Like I said in my email to martin.... if I followed all the wireshark 
coding standards... shouldn't the code handle this..??

What should be my next step..??

Thanks for your help

Brian



Guy Harris wrote:

On Mar 21, 2010, at 9:14 PM, Brian Oleksa wrote:

But I was able to run the pcap file and stop the loading process before 
it crashed and one thing that I noticed
was in the info column it said "Packet Size limited during capture".


In the detail view for the packet that has "Packet Size limited during capture", the topmost line ("Frame {N}") 
should say "{N} bytes on wire, {M} bytes captured" (it might also give some numbers of bits).  Is {N} greater than 
{M}?  If so, that's the problem - the packets were captured with a snapshot length specified, so that at most the 
first {M} bytes of the packet were saved to the file.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Packet Size limited during capture message, (continued)
- - - Re: Packet Size limited during capture message Jakub Zawadzki (Mar 23)
    - Re: Packet Size limited during capture message Mike Morrin (Mar 23)
    - Re: Packet Size limited during capture message Maynard, Chris (Mar 23)
    - Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
    - Re: Packet Size limited during capture message Maynard, Chris (Mar 23)
    - Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
    - Re: Packet Size limited during capture message Maynard, Chris (Mar 24)
    - Re: Packet Size limited during capture message Martin Visser (Mar 23)
    - Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Guy Harris (Mar 23)
  - Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
    - Re: Packet Size limited during capture message Guy Harris (Mar 23)
    - Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
    - Re: Packet Size limited during capture message Bill Meier (Mar 23)
    - Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
    - Re: Packet Size limited during capture message Bill Meier (Mar 23)
    - Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
    - Re: Packet Size limited during capture message Bill Meier (Mar 23)
    - Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
    - Re: Packet Size limited during capture message Brian Oleksa (Mar 24)
    - Re: Packet Size limited during capture message Maynard, Chris (Mar 24)

(Thread continues...)