Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-dev: Re: [Wireshark-dev] pcap with packet size >64k ?

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: warlord <warlord@xxxxxxxxxxx>
Date: Mon, 07 Jan 2008 23:12:50 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Nope that was not the one :/

wrl

Németh Márton wrote:
| Hi,
|
| check WTAP_MAX_PACKET_SIZE in wireshark/wiretap/wiretap.h. I don't know if
| it is enough to change only at that place but this is a place I know.
|
| 	Márton Németh
|
| warlord wrote:
| Hi everyone
|
| Second try:  I'd like to start a little project based on Wireshark. What
| I need to be able to do though is process pcaps that include my own
| protocol, which means packet sizes > 64k, preferably up to 2.1-4.3 gig.
| After all, the pcap file format allows for packets this size.
|
| Is there something like a central max_size variable which is all I need
| to change to be able to open pcaps this size? I do NOT want to capture
| those packets from the wire. This is just about pcaps.
|
| Help, anyone? Otherwise the project is dead before it even started.
|
| wrl
|
| warlord wrote:
| | Yoyo
| |
| | So I'm playing around with wireshark, a custom dissector, a hex editor
| | and a test pcap file. The pccap file format supports a size field of 32
| | bit(though I'd prefer that to be 64 bit).
| |
| | When I set my packet size to > 0xffff though, I get a warning from
| | wireshark that the packet is too big and can't be processed. Is there a
| | way around that? I need support for packets bigger than 65535.
| |
| | My packet type in the pcap is "Null/Unknown" btw(my own type actually),
| | and I have an example dissector for it which seems to work fine. So it's
| | not a problem of ethernet or something with a 16 bit size field. Thanks
| | for your help,
| |
| | wrl
| |
| |
| _______________________________________________
| Wireshark-dev mailing list
| Wireshark-dev@xxxxxxxxxxxxx
| http://www.wireshark.org/mailman/listinfo/wireshark-dev
|
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

| _______________________________________________
| Wireshark-dev mailing list
| Wireshark-dev@xxxxxxxxxxxxx
| http://www.wireshark.org/mailman/listinfo/wireshark-dev


- --
dreaming in digital - living in realtime - thinking in binary - talking
in IP - welcome to our world

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHgqPi9A36oltxjVQRA7xeAJ9MsB18GBITIsXxAiWoSMgnXAUXcACdGn6V
pPNPiyLp71GbCjr4A1WGNYA=
=oT6G
-----END PGP SIGNATURE-----
  • Follow-Ups:
    • Re: [Wireshark-dev] pcap with packet size >64k ?
      • From: Ulf Lamping
  • References:
    • [Wireshark-dev] pcap with packet size >64k ?
      • From: warlord
    • Re: [Wireshark-dev] pcap with packet size >64k ?
      • From: Németh Márton
  • Prev by Date: Re: [Wireshark-dev] pcap with packet size >64k ?
  • Next by Date: [Wireshark-dev] PortableApps build failure with SVN 24028
  • Previous by thread: Re: [Wireshark-dev] pcap with packet size >64k ?
  • Next by thread: Re: [Wireshark-dev] pcap with packet size >64k ?
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation