Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Check Internet Protocol Total Length

From: "Maynard, Chris" <Christopher.Maynard () IGT com>
Date: Tue, 25 Apr 2017 17:00:28 +0000
You shouldn’t need to do anything.  If you’re not seeing the Expert Info displayed, then the length is correct.  If you 
suspect that the header length is incorrect, then please share a capture file with us.
- Chris

From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Chris 
Miller
Sent: Tuesday, April 25, 2017 4:44 AM
To: wireshark-users () wireshark org
Subject: [Wireshark-users] Check Internet Protocol Total Length

Hi,

I’m using tshark to translate previously-captured pcap files to text (tshark -V -r file.pcap).  Searching help I’ve 
found many useful options (including this translate itself, and turning on checksum checking).  However I would like to 
turn on  Internet Protocol Total Length checking - if possible.

I have files that I believe to be the output of tshark, with this:
      Internet Protocol Version 4, Src: 10.168.16.1, Dst: 10.168.16.10
          0100 .... = Version: 4
          .... 0101 = Header Length: 20 bytes
          Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
          Total Length: 61
              [Expert Info (Error/Protocol): IPv4 total length exceeds packet length (50 bytes)]
                  [IPv4 total length exceeds packet length (50 bytes)]
                 [Severity level: Error]
                  [Group: Protocol]

But using tshark myself I can't get the “expert info” output.  I’ve tried “-z expert” and many combinations of the 
other parameters to this, but no luck.

So, can anyone tell me what I need to do?

Thanks.
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and 
may contain proprietary, confidential or trade secret information.  This message is intended solely for the use of the 
addressee.  If you are not the intended recipient and have received this message in error, please delete this message 
from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is 
strictly prohibited.

<<attachment: winmail.dat>>

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: