![wireshark logo](/images/wireshark-logo.png)
Wireshark mailing list archives
Re: Packet Size limited during capture message
From: Brian Oleksa <oleksab () darkcornersoftware com>
Date: Tue, 23 Mar 2010 20:40:32 -0400
Guy The snaplen was set to 150 when using tshark. I see a Frame that says (for example): Frame 7 (341 bytes on wire, 150 bytes captured). But looking at the detailed view of this packet... it actually looks good until you get to the end... it is truncated. And NO... the pcap file doesn't crash when the dissector is removed. I can load about 70% of it and hit stop....but if I let it go any further it will crash wireshark. Like I said in my email to martin.... if I followed all the wireshark coding standards... shouldn't the code handle this..?? What should be my next step..?? Thanks for your help Brian Guy Harris wrote:
On Mar 21, 2010, at 9:14 PM, Brian Oleksa wrote:But I was able to run the pcap file and stop the loading process before it crashed and one thing that I noticed was in the info column it said "Packet Size limited during capture".In the detail view for the packet that has "Packet Size limited during capture", the topmost line ("Frame {N}") should say "{N} bytes on wire, {M} bytes captured" (it might also give some numbers of bits). Is {N} greater than {M}? If so, that's the problem - the packets were captured with a snapshot length specified, so that at most the first {M} bytes of the packet were saved to the file. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Packet Size limited during capture message, (continued)
- Re: Packet Size limited during capture message Jakub Zawadzki (Mar 23)
- Re: Packet Size limited during capture message Mike Morrin (Mar 23)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 24)
- Re: Packet Size limited during capture message Martin Visser (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Guy Harris (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Bill Meier (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Bill Meier (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Bill Meier (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 24)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 24)