Wireshark mailing list archives
Re: tcpdump with snaplen set to 128
From: Guy Harris <guy () alum mit edu>
Date: Mon, 15 Oct 2012 17:17:44 -0700
On Oct 15, 2012, at 5:13 PM, Perry Smith <pedzsan () gmail com> wrote:
I'm wondering if maybe the iptrace format doesn't have both fields.
From what we've been able to determine, it doesn't. There *are* some fields in the iptrace per-packet header that we haven't figured out yet; I don't know whether one of them happens to be the length of the packet on the wire or not - if you could supply us with one of those captures, we could try to see whether the length on the wire is in one of those fields.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- tcpdump with snaplen set to 128 Perry Smith (Oct 15)
- Re: tcpdump with snaplen set to 128 Guy Harris (Oct 15)
- Re: tcpdump with snaplen set to 128 Perry Smith (Oct 15)
- Re: tcpdump with snaplen set to 128 Guy Harris (Oct 15)
- Re: tcpdump with snaplen set to 128 Perry Smith (Oct 15)
- Re: tcpdump with snaplen set to 128 Guy Harris (Oct 15)
- Re: tcpdump with snaplen set to 128 Perry Smith (Oct 15)
- Re: tcpdump with snaplen set to 128 Guy Harris (Oct 15)
- Re: tcpdump with snaplen set to 128 Perry Smith (Oct 16)
- Re: tcpdump with snaplen set to 128 Guy Harris (Oct 16)
- Re: tcpdump with snaplen set to 128 Perry Smith (Oct 18)
- Re: tcpdump with snaplen set to 128 Perry Smith (Oct 15)
- Re: tcpdump with snaplen set to 128 Guy Harris (Oct 15)