Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] pcap with packet size >64k ?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Németh Márton <nm127@xxxxxxxxxxx>
Date: Mon, 07 Jan 2008 22:00:08 +0100
Hi,

check WTAP_MAX_PACKET_SIZE in wireshark/wiretap/wiretap.h. I don't know if
it is enough to change only at that place but this is a place I know.

	Márton Németh

warlord wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
> 
> Hi everyone
> 
> Second try:  I'd like to start a little project based on Wireshark. What
> I need to be able to do though is process pcaps that include my own
> protocol, which means packet sizes > 64k, preferably up to 2.1-4.3 gig.
> After all, the pcap file format allows for packets this size.
> 
> Is there something like a central max_size variable which is all I need
> to change to be able to open pcaps this size? I do NOT want to capture
> those packets from the wire. This is just about pcaps.
> 
> Help, anyone? Otherwise the project is dead before it even started.
> 
> wrl
> 
> warlord wrote:
> | Yoyo
> |
> | So I'm playing around with wireshark, a custom dissector, a hex editor
> | and a test pcap file. The pccap file format supports a size field of 32
> | bit(though I'd prefer that to be 64 bit).
> |
> | When I set my packet size to > 0xffff though, I get a warning from
> | wireshark that the packet is too big and can't be processed. Is there a
> | way around that? I need support for packets bigger than 65535.
> |
> | My packet type in the pcap is "Null/Unknown" btw(my own type actually),
> | and I have an example dissector for it which seems to work fine. So it's
> | not a problem of ethernet or something with a 16 bit size field. Thanks
> | for your help,
> |
> | wrl
> |
> |
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
> 
> - --
> dreaming in digital - living in realtime - thinking in binary - talking
> in IP - welcome to our world
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> 
> iD8DBQFHgjiB9A36oltxjVQRA8iyAKC2ZUSevK8D81YKU9Ydvq6W99lv6wCgprxo
> PnkCYvKS068WCVZ1FrfCJ6Q=
> =6x2J
> -----END PGP SIGNATURE-----
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube