Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Default snaplen in man page

From: Martin Sehnoutka <msehnout@xxxxxxxxxx>
Date: Mon, 27 Mar 2017 09:46:27 +0200
Hello,

I'm investigating why Wireshark is dropping packets when capturing over
loopback and I think the man page is wrong with the default snaplen. It
says that the default size is 65535, but if I'm not mistaken the default
size is set in capture_opts.c which leads to WTAP_MAX_PACKET_SIZE in
wiretap/wtap.h and the value is 262144.

$ grep snaplen capture_opts.c
    capture_opts->default_options.has_snaplen     = FALSE;
    capture_opts->default_options.snaplen         = WTAP_MAX_PACKET_SIZE;

$ grep WTAP_MAX_PACKET_SIZE wiretap/wtap.h
#define WTAP_MAX_PACKET_SIZE    262144

When running wireshark it indeed seems like the default value is 262144
(it drops the same amount of packets, as it does without specifying any
snaplen). Should I fill in a bug report?

Regards,

-- 
Martin Sehnoutka | Associate Software Engineer
PGP: 5FD64AF5
UTC+1 (CET)
RED HAT | TRIED. TESTED. TRUSTED.


Attachment: signature.asc
Description: OpenPGP digital signature