tcpdump with snaplen set to 128

[Perry Smith <pedzsan () gmail com>]

Hi,

With a fairly simple ftp trace where we capture only the first 128 bytes of data, wireshark displays that it did not 
see the previous segment.  The IP header says that it is a 1500 byte packet.  Wireshark is using the capture lengh of 
128 instead of the real packet length.  e.g. the next sequence is the current sequence plus the captured length, not 
the IP packet length.

It also confused the ack processing and says that the packet a particular ack is acking was never seen when in fact it 
was.

Is this a bug?  Or am I confused?

Thank you,
Perry Smith

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe