ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Packet Size limited during capture message

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Brian Oleksa <oleksab@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 23 Mar 2010 08:23:29 -0400
Chris
I just found out that this was captured using tshark.....but nobody knows what the snaplen was.
So my questions is.... My code is working correctly then....And that this was just a bad judgment of the wrong snaplen......correct..?? 

Thanks,
Brian



Maynard, Chris wrote:

"Packet Size limited during capture" tells me that the packet was bigger than the snaplen set, so the packet was truncated when captured.  In Wireshark, the snaplen is set in the capture options dialog using the "Limit each packet to ___ bytes" option, and with dumpcap, tshark and tcpdump it is set via the "-s <snaplen>" option.  If not specified, tcpdump uses a default snaplen of 68 (or 96, depending on the platform).  Which program did you use to capture the packets and what was the value of the snaplen vs. what was the expected number of bytes for the packet in question?

Too bad the snaplen information isn't available through capinfos, but you can find out the snaplen via Wireshark's Statistics -> Summary window, listed as "Packet size limit".

- Chris

-----Original Message-----
From: wireshark-dev-bounces@xxxxxxxxxxxxx [mailto:wireshark-dev-bounces@xxxxxxxxxxxxx] On Behalf Of Mike Morrin
Sent: Monday, March 22, 2010 2:59 AM
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Packet Size limited during capture message
When I run a pcap file with my dissector in place wireshark crashes (win32.dll error).
But I was able to run the pcap file and stop the loading process before it crashed and one thing that I noticed 
was in the info column it said "Packet Size limited during capture".
I never saw this before...does anybody know what this means..?? Could this be why it was crashing..?? 

MM- I have seen "Packet Size limited during capture" due to a bug where
a dissector assumed that a PDU always had a data segment at the end, but
occasionally one didn't.  That would not directly cause your crash, you
probably have 2 bugs.

Try running with a breakpoint in do_throw() (around line 182 in except
.c), on a trace that has only the packet(s) that cause the problem.



CONFIDENTIALITY NOTICE: The contents of this email are confidential
and for the exclusive use of the intended recipient. If you receive this
email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, 
forward, or otherwise disclose the content of the email.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube