Wireshark · Ethereal-users: [Ethereal-users] [ethereal-dev] Messages exceeding 1500 octets resulting in Malformed frames. Are th

Ethereal-users: [Ethereal-users] [ethereal-dev] Messages exceeding 1500 octets resulting in Malf

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Dick Gooris <gooris@xxxxxxxxxx>

Date: Wed, 03 Jan 2001 10:49:47 +0100

*,

I am working on an analyzer section and made some major progress
- thanks to the README files and lot of examples :-)

Almost the first message I received was about 3036 octets long. This
means that the message I get is Malformed. I received the first 1500
octets which I believe is the standard ethernet boundary. The remaining
1536 octets are coming in two extra separate messages. The last two
message are not recognizable in the way I did with the first.

Therefore I need to work with sequence numbers and so, which require
some
new procedures or more coding in the area of the ethereal body, rather 
than programming on packet-sapphire.c/h files.

I guess I am not the first one who cannot (fully) decode a message
longer 
than 1500 octets. Are there any functions/procedures available or
examples
from existing packet-*.c files. ( I had difficuties to find these, or
overlooked ? )

There is no necessity to solve this in realtime. There should be an easy 
way to access the tvbuff of the next associated message, or to
concatenate
then beforehand, because the TCP/IP header indicates limitted data in
the
data section.

Hope you can help.

Many thanks in advance,

	- Dick Gooris          The Netherlands

Follow-Ups:
- [Ethereal-users] Re: [ethereal-dev] Messages exceeding 1500 octets resulting in Malformed frames. Are there functions to deal with this to concatenate the associated buffers before decoding ?
  - From: Richard Sharpe

Prev by Date: Re: [Ethereal-users] Etheral not capturing sent packets in NT?
Next by Date: [Ethereal-users] Re: [ethereal-dev] Messages exceeding 1500 octets resulting in Malformed frames. Are there functions to deal with this to concatenate the associated buffers before decoding ?
Previous by thread: Re: [Ethereal-users] Etheral not capturing sent packets in NT?
Next by thread: [Ethereal-users] Re: [ethereal-dev] Messages exceeding 1500 octets resulting in Malformed frames. Are there functions to deal with this to concatenate the associated buffers before decoding ?
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$