Wireshark mailing list archives
Re: Packet Size limited during capture message
From: Brian Oleksa <oleksab () darkcornersoftware com>
Date: Mon, 22 Mar 2010 11:53:03 -0400
Chris All I did was create this dissector. All of the customers (whom are running our software) use this dissector that I created. The customer has captured 1000's of packets using this dissector with no problem. They sent me this .pcap file and told me that it crashes.... and I noticed the "Packet Size limited during capture" message. So I have no idea what program they used to capture the packets and what the value of snaplen was. Generally...if they want to take a snap shot of what is on the network... they just open up wireshark (most customers have winXp boxes)...let it run for a little bit... then do a stop and save as .pcap. But when they tried to play back this .pcap file it crashes. Is there anything else I can do..?? So I guess what you are saying is that my code is working properly....but the packet was too big ...so it truncated the packet (because the snaplen was too small) therefore making the code crash because it was expecting a "end of packet code"... which it never got because it was truncated..?? Is my assumption correct..?? Thanks, Brian Maynard, Chris wrote:
"Packet Size limited during capture" tells me that the packet was bigger than the snaplen set, so the packet was truncated when captured. In Wireshark, the snaplen is set in the capture options dialog using the "Limit each packet to ___ bytes" option, and with dumpcap, tshark and tcpdump it is set via the "-s <snaplen>" option. If not specified, tcpdump uses a default snaplen of 68 (or 96, depending on the platform). Which program did you use to capture the packets and what was the value of the snaplen vs. what was the expected number of bytes for the packet in question? Too bad the snaplen information isn't available through capinfos, but you can find out the snaplen via Wireshark's Statistics -> Summary window, listed as "Packet size limit". - Chris -----Original Message----- From: wireshark-dev-bounces () wireshark org [mailto:wireshark-dev-bounces () wireshark org] On Behalf Of Mike Morrin Sent: Monday, March 22, 2010 2:59 AM To: Developer support list for Wireshark Subject: Re: [Wireshark-dev] Packet Size limited during capture message When I run a pcap file with my dissector in place wireshark crashes (win32.dll error). But I was able to run the pcap file and stop the loading process before it crashed and one thing that I noticed was in the info column it said "Packet Size limited during capture". I never saw this before...does anybody know what this means..?? Could this be why it was crashing..?? MM- I have seen "Packet Size limited during capture" due to a bug where a dissector assumed that a PDU always had a data segment at the end, but occasionally one didn't. That would not directly cause your crash, you probably have 2 bugs. Try running with a breakpoint in do_throw() (around line 182 in except .c), on a trace that has only the packet(s) that cause the problem. CONFIDENTIALITY NOTICE: The contents of this email are confidential and for the exclusive use of the intended recipient. If you receive this email in error, please delete it from your system immediately and notify us either by email, telephone or fax. You should not copy, forward, or otherwise disclose the content of the email. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Packet Size limited during capture message Brian Oleksa (Mar 21)
- Re: Packet Size limited during capture message Mike Morrin (Mar 22)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 22)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 22)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Jakub Zawadzki (Mar 23)
- Re: Packet Size limited during capture message Mike Morrin (Mar 23)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 24)
- Re: Packet Size limited during capture message Maynard, Chris (Mar 22)
- Re: Packet Size limited during capture message Martin Visser (Mar 23)
- Re: Packet Size limited during capture message Brian Oleksa (Mar 23)
- Re: Packet Size limited during capture message Mike Morrin (Mar 22)