-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Yoyo
So I'm playing around with wireshark, a custom dissector, a hex editor
and a test pcap file. The pccap file format supports a size field of 32
bit(though I'd prefer that to be 64 bit).
When I set my packet size to > 0xffff though, I get a warning from
wireshark that the packet is too big and can't be processed. Is there a
way around that? I need support for packets bigger than 65535.
My packet type in the pcap is "Null/Unknown" btw(my own type actually),
and I have an example dissector for it which seems to work fine. So it's
not a problem of ethernet or something with a 16 bit size field. Thanks
for your help,
wrl
- --
dreaming in digital - living in realtime - thinking in binary - talking
in IP - welcome to our world
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHdUZE9A36oltxjVQRA7kyAJ4uq/a8kTEOgzRQHLmf2vOsqD3aHACgmYd2
2N3REgxqjotv2SnaiJCSY+4=
=+Yq5
-----END PGP SIGNATURE-----