Wireshark · Wireshark-users: Re: [Wireshark-users] tcpdump with snaplen set to 128

Wireshark-users: Re: [Wireshark-users] tcpdump with snaplen set to 128

From: Perry Smith <pedzsan@xxxxxxxxx>

Date: Mon, 15 Oct 2012 20:41:06 -0500

On Oct 15, 2012, at 7:17 PM, Guy Harris wrote:

> 
> On Oct 15, 2012, at 5:13 PM, Perry Smith <pedzsan@xxxxxxxxx> wrote:
> 
>> I'm wondering if maybe the iptrace format doesn't have both fields.
> 
> From what we've been able to determine, it doesn't.  There *are* some fields in the iptrace per-packet header that we haven't figured out yet; I don't know whether one of them happens to be the length of the packet on the wire or not - if you could supply us with one of those captures, we could try to see whether the length on the wire is in one of those fields.

I'd be happy to supply a sample.  Can you suggest a way to get it to you?

Follow-Ups:
- Re: [Wireshark-users] tcpdump with snaplen set to 128
  - From: Guy Harris

References:
- [Wireshark-users] tcpdump with snaplen set to 128
  - From: Perry Smith
- Re: [Wireshark-users] tcpdump with snaplen set to 128
  - From: Guy Harris
- Re: [Wireshark-users] tcpdump with snaplen set to 128
  - From: Perry Smith
- Re: [Wireshark-users] tcpdump with snaplen set to 128
  - From: Guy Harris
- Re: [Wireshark-users] tcpdump with snaplen set to 128
  - From: Perry Smith
- Re: [Wireshark-users] tcpdump with snaplen set to 128
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] tcpdump with snaplen set to 128
Next by Date: Re: [Wireshark-users] tcpdump with snaplen set to 128
Previous by thread: Re: [Wireshark-users] tcpdump with snaplen set to 128
Next by thread: Re: [Wireshark-users] tcpdump with snaplen set to 128
Index(es):
- Date
- Thread