Wireshark mailing list archives
Check Internet Protocol Total Length
From: Chris Miller <oily.rag () gmail com>
Date: Tue, 25 Apr 2017 09:43:45 +0100
Hi, I’m using tshark to translate previously-captured pcap files to text (tshark -V -r file.pcap). Searching help I’ve found many useful options (including this translate itself, and turning on checksum checking). However I would like to turn on Internet Protocol Total Length checking - if possible. I have files that I believe to be the output of tshark, with this: Internet Protocol Version 4, Src: 10.168.16.1, Dst: 10.168.16.10 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 61 [Expert Info (Error/Protocol): IPv4 total length exceeds packet length (50 bytes)] [IPv4 total length exceeds packet length (50 bytes)] [Severity level: Error] [Group: Protocol] But using tshark myself I can't get the “expert info” output. I’ve tried “-z expert” and many combinations of the other parameters to this, but no luck. So, can anyone tell me what I need to do? Thanks.
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Check Internet Protocol Total Length Chris Miller (Apr 25)
- Re: Check Internet Protocol Total Length Maynard, Chris (Apr 25)