Re: "File has packet larger than file's snapshot length." warnings

["Turney, Cal" <cal.turney () emc com>]

> > It is on Ethernet jumbo-capable Intel, Broadcom, and some others.  It looks like the original tcpdump developer 
> > hard-coded 1516 when he probably meant 1514.

> So jumbo frames appear to be larger than the snapshot length?

The warnings are triggered by jumbo frames and LSO frames:  any packet greater than 1516 bytes in length.

> > Are you saying that rather than adding an option to ignore snapshot_length/packet size discrepancies it might be 
> > best to not generate these warnings?

> Yes.  I.e., it might be best to just hardwire in the "ignore those discrepancies" option.

OK.  I'll submit a patch that adds the option "Do NOT issue a warning if the packet size exceeds the snapshot length in 
the capture header." in Preferences>Protocols>Frame and set the default to not issue a warning (checkmark set).  If 
unchecked, the warning will be "pcap: <n>-byte packet exceeds snapshot length of <n>." rather than "pcap: File has 
packet larger than file's snapshot length."    

Thanks.
 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe