Wireshark mailing list archives
why does wireshark believe that libpcap has a 65535 max packet size?
From: Sam Roberts <vieuxtech () gmail com>
Date: Wed, 23 Nov 2011 16:16:11 -0800
See definiton of WTAP_MAX_PACKET_SIZE, and use in wiretap/libpcap.c. Seems to me it should be checking this (untested): if (hdr->hdr.incl_len > wth->snapshot_length) { // not WTAP_MAX_PACKET_SIZE! Attached file can be read by tcpdump, but wireshark chokes on it. And yes, the IP and TCP packets are fake/invalid, but the pcap is valid! Cheers, Sam
Attachment:
_.pcap.zip
Description:
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- why does wireshark believe that libpcap has a 65535 max packet size? Sam Roberts (Nov 23)
- Re: why does wireshark believe that libpcap has a 65535 max packet size? Guy Harris (Nov 23)
- Re: why does wireshark believe that libpcap has a 65535 max packet size? Sam Roberts (Nov 23)
- Re: why does wireshark believe that libpcap has a 65535 max packet size? Guy Harris (Nov 23)