Re: tcpdump with snaplen set to 128

[Perry Smith <pedzsan () gmail com>]

On Oct 15, 2012, at 9:20 PM, Guy Harris wrote:

> On Oct 15, 2012, at 6:41 PM, Perry Smith <pedzsan () gmail com> wrote:
>
> > I'd be happy to supply a sample.  Can you suggest a way to get it to you?
>
> The best way would probably be to file a bug at
>
>       http://bugs.wireshark.org/

I can do that but wanted to point out that there are three ways to run iptrace.

One is just iptrace.  Wireshark knows how to use those file just fine.

Second is iptrace with -B.  This is where the problem arises.  -B uses the bpf filter from tcpdump but formats the 
output as an iptrace file.  This  is where we see the problem.

Third is iptrace with -B and -T.  Wireshark knows how to handle this file too.

It seems probable that this is an AIX bug.  I want to investigate this a little more to make sure the three statements 
above are correct.

Perry

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe