Re: Lost bytes.

[Jefferson Ogata <Jefferson.Ogata () noaa gov>]

Matthew Comb wrote:
> Hi, new to this list.
>
> Have successfully translated some dump files into IPheader/TCPheader and 
> then data. Unfortunately the data seems to be missing approximately the 
> last 14 bytes of information in 1500 byte long packets.
>
> The packets do not appear to be fragmented. The flags and fragmentation 
> offset seem to be normal and apart from the fact the last little bit is 
> missing everything else is normal.
>
> I have triple checked against the dump files to make sure that it wasnt 
> a read error from my client. But the tcpdump output files are definately 
> short these bytes on these packets.
>
> Can anyone offer any assistance?
>
> Kind regards,
>
> Matt.

Silly question, but what snaplen are you using?

I always use 1514 on ethernets.

--
Jefferson Ogata <Jefferson.Ogata () noaa gov>
NOAA Computer Incident Response Team (N-CIRT) <ncirt () noaa gov>

-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe