Wireshark-dev: Re: [Wireshark-dev] Issue in Data record Transfer Request code...
From: "Anders Broman" <[email protected]>
Date: Thu, 9 Nov 2006 23:36:11 +0100

If you implemented TCP reassembly that code might be buggy…




Från: [email protected] [mailto:[email protected]] För prashanth joshi
Skickat: den 9 november 2006 22:43
Till: Developer support list for Wireshark
Ämne: [Wireshark-dev] Issue in Data record Transfer Request code...


prashanth joshi <[email protected]> wrote:


We have written parsing code for the "Data Record Transfer Request".

The code wroks fine for some of the trace files we have. But for one trace file which has captured GTP packets over UDP our code is not working correct. If we run ethereal without our code addition it shows around 560 packets. However if we run the ethereal with our code addition the following error message shows up:

" The capture file appears to be damaged or corrupt.
(pcap: File has 3858759680-byte packet, bigger than maximum of 65535) "


And there is an option "OK".  If we click on that then we do get the ethereal display , but now only 466 packets are shown.

Please any one tell me the reason behind this. I am also not understanding how to fix this becos our code acts only from the "Data Record Transfer Request" in the GTP packet. In that case I dont understand how our code is affecting the other packets being received.





Everyone is raving about the all-new Yahoo! Mail beta.