Check Internet Protocol Total Length

[Chris Miller <oily.rag () gmail com>]

Hi,



I’m using tshark to translate previously-captured pcap files to text
(tshark -V -r file.pcap).  Searching help I’ve found many useful options
(including this translate itself, and turning on checksum checking).
However I would like to turn on  Internet Protocol Total Length checking -
if possible.



I have files that I believe to be the output of tshark, with this:

      Internet Protocol Version 4, Src: 10.168.16.1, Dst: 10.168.16.10

          0100 .... = Version: 4

          .... 0101 = Header Length: 20 bytes

          Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)

          Total Length: 61

              [Expert Info (Error/Protocol): IPv4 total length exceeds
packet length (50 bytes)]

                  [IPv4 total length exceeds packet length (50 bytes)]

                 [Severity level: Error]

                  [Group: Protocol]



But using tshark myself I can't get the “expert info” output.  I’ve tried
“-z expert” and many combinations of the other parameters to this, but no
luck.



So, can anyone tell me what I need to do?



Thanks.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe