Wireshark mailing list archives
Re: "File has packet larger than file's snapshot length." warnings
From: "Turney, Cal" <cal.turney () emc com>
Date: Sun, 14 Jul 2013 20:26:42 -0400
It is on Ethernet jumbo-capable Intel, Broadcom, and some others. It looks like the original tcpdump developer hard-coded 1516 when he probably meant 1514.
So jumbo frames appear to be larger than the snapshot length?
The warnings are triggered by jumbo frames and LSO frames: any packet greater than 1516 bytes in length.
Are you saying that rather than adding an option to ignore snapshot_length/packet size discrepancies it might be best to not generate these warnings?
Yes. I.e., it might be best to just hardwire in the "ignore those discrepancies" option.
OK. I'll submit a patch that adds the option "Do NOT issue a warning if the packet size exceeds the snapshot length in the capture header." in Preferences>Protocols>Frame and set the default to not issue a warning (checkmark set). If unchecked, the warning will be "pcap: <n>-byte packet exceeds snapshot length of <n>." rather than "pcap: File has packet larger than file's snapshot length." Thanks. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: "File has packet larger than file's snapshot length." warnings Turney, Cal (Jul 15)
- Re: "File has packet larger than file's snapshot length." warnings Guy Harris (Jul 15)