Wireshark-dev: Re: [Wireshark-dev] pcap with packet size >64k ?
From: warlord <[email protected]>
Date: Thu, 10 Jan 2008 14:19:43 +0100
Hash: RIPEMD160

Thx for making me retry Reinhard. No idea what I did wrong the first
time, but this time it worked. After changing the variable in wtap.h and
recompiling wireshark, I was able to open pcaps with packet sizes up to
the specified size(for the test: 96k).

Looks like my project could actually work out. Now for the real work....


P.s.: I didn't change env variables. All I did was edit wtap.h

Reinhard Speyerer wrote:
| warlord wrote:
|> Good idea Ulf. I attached a small pcap which includes a hostname request
|> sent to the nameserver. As I took the liberty to hexedit the IP
|> addresses the checksum is wrong, but that doesn't matter.
|> The two size fields in the pcap are 32 bits each, claiming the packet
|> size was 4b 00 01 00(0x0001004b), which is 65611. When wireshark loads
|> this pcap it complains about a packet size >65535.
| The solution proposed by Márton Németh works for me when I make sure that
| the appropriate shared libraries are used, e.g. by using:
| $ perl -pi.bak -e 's/(#define.*WTAP_MAX_PACKET_SIZE).*/\1 262143/'
| $ env LD_LIBRARY_PATH=/usr/local/wireshark-xxl/lib/
LD_RUN_PATH=/usr/local/wireshark-xxl/lib/ ./configure
- --prefix=/usr/local/wireshark-xxl
| $ env LD_LIBRARY_PATH=/usr/local/wireshark-xxl/lib/
LD_RUN_PATH=/usr/local/wireshark-xxl/lib/ make
| $ env LD_LIBRARY_PATH=/usr/local/wireshark-xxl/lib/
LD_RUN_PATH=/usr/local/wireshark-xxl/lib/ make install
| $ tshark -r /tmp/test2.pcap
| tshark: "/tmp/test2.pcap" appears to be damaged or corrupt.
| (pcap: File has 65611-byte packet, bigger than maximum of 65535)
| $ /usr/local/wireshark-xxl/bin/tshark -r /tmp/test2.pcap
| tshark: "/tmp/test2.pcap" appears to have been cut short in the middle
of a packet.
| Regards,
| Reinhard
| _______________________________________________
| Wireshark-dev mailing list
| [email protected]
| http://www.wireshark.org/mailman/listinfo/wireshark-dev

- --
dreaming in digital - living in realtime - thinking in binary - talking
in IP - welcome to our world

Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org