Wireshark mailing list archives

Re: tcpdump with snaplen set to 128

From: Perry Smith <pedzsan () gmail com>
Date: Mon, 15 Oct 2012 19:13:55 -0500


On Oct 15, 2012, at 7:00 PM, Guy Harris wrote:


On Oct 15, 2012, at 4:01 PM, Perry Smith <pedzsan () gmail com> wrote:

Frame Length and Capture Length both say 128 bytes.


As I suspected.

Back on my original question: would you say that sense the Frame Length is bogus, wireshark is doing as well as 
expected?


Yes.


Thanks.  For future googlers:

on AIX, iptrace with the -B -S <snaplen> will produce this.  Adding -T to cause iptrace to create a tcpdump format file 
works around the issue.

I'm wondering if maybe the iptrace format doesn't have both fields.

Thank you,
Perry Smith

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

tcpdump with snaplen set to 128 Perry Smith (Oct 15)
- Re: tcpdump with snaplen set to 128 Guy Harris (Oct 15)
  - Re: tcpdump with snaplen set to 128 Perry Smith (Oct 15)
    - Re: tcpdump with snaplen set to 128 Guy Harris (Oct 15)
    - Re: tcpdump with snaplen set to 128 Perry Smith (Oct 15)
    - Re: tcpdump with snaplen set to 128 Guy Harris (Oct 15)
    - Re: tcpdump with snaplen set to 128 Perry Smith (Oct 15)
    - Re: tcpdump with snaplen set to 128 Guy Harris (Oct 15)
    - Re: tcpdump with snaplen set to 128 Perry Smith (Oct 16)
    - Re: tcpdump with snaplen set to 128 Guy Harris (Oct 16)
    - Re: tcpdump with snaplen set to 128 Perry Smith (Oct 18)