"File has packet larger than file's snapshot length." warnings

["Turney, Cal" <cal.turney () emc com>]

Hi,

The patch for Bug 8808 causes a console warning to be displayed if the snaplen (wth->snapshot_length) in the global 
header of the capture file does not match the packet size (hdr->hdr.incl_len).  We are seeing thousands of "File has 
packet larger than file's snapshot length." warnings because of a bug in our company's hybrid tcpdump app used for 
capturing traffic directly on the customer's NAS equipment.  The snaplen option of the app is functional but it 
hard-codes a snaplen of 1516 in the global header.  This bug has been around for at least five years and possibly 
forever.

Just curious.  Does anyone know of an app that uses or pays attention to the global snaplen value?  Wireshark prior to 
r49999, UN!X tcpdump, and MS Netmon do not.  They compare the packet size to the original length of the packet (in 
Wireshark:  tvb_length(tvb) and tvb_reported_length(tvb)).

The bug in our code will be fixed but our customers are very slow to upgrade their software so we will continue to see 
these warnings for at least two years.  Would anyone object to my adding an option in Preferences>Protocols>Frame to 
ignore these mismatches but set the default to NOT ignore them?

Thanks,
Cal

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe