Re: tcpdump with snaplen set to 128

[Perry Smith <pedzsan () gmail com>]

On Oct 15, 2012, at 7:17 PM, Guy Harris wrote:

> On Oct 15, 2012, at 5:13 PM, Perry Smith <pedzsan () gmail com> wrote:
>
> > I'm wondering if maybe the iptrace format doesn't have both fields.
>
> From what we've been able to determine, it doesn't.  There *are* some fields in the iptrace per-packet header that we 
> haven't figured out yet; I don't know whether one of them happens to be the length of the packet on the wire or not - 
> if you could supply us with one of those captures, we could try to see whether the length on the wire is in one of 
> those fields.

I'd be happy to supply a sample.  Can you suggest a way to get it to you?

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe