Wireshark-dev: [Wireshark-dev] pcap with packet size >64k ?
From: warlord <warlord@xxxxxxxxxxx>
Date: Mon, 07 Jan 2008 15:34:41 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Hi everyone

Second try:  I'd like to start a little project based on Wireshark. What
I need to be able to do though is process pcaps that include my own
protocol, which means packet sizes > 64k, preferably up to 2.1-4.3 gig.
After all, the pcap file format allows for packets this size.

Is there something like a central max_size variable which is all I need
to change to be able to open pcaps this size? I do NOT want to capture
those packets from the wire. This is just about pcaps.

Help, anyone? Otherwise the project is dead before it even started.

wrl

warlord wrote:
| Yoyo
|
| So I'm playing around with wireshark, a custom dissector, a hex editor
| and a test pcap file. The pccap file format supports a size field of 32
| bit(though I'd prefer that to be 64 bit).
|
| When I set my packet size to > 0xffff though, I get a warning from
| wireshark that the packet is too big and can't be processed. Is there a
| way around that? I need support for packets bigger than 65535.
|
| My packet type in the pcap is "Null/Unknown" btw(my own type actually),
| and I have an example dissector for it which seems to work fine. So it's
| not a problem of ethernet or something with a 16 bit size field. Thanks
| for your help,
|
| wrl
|
|
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

- --
dreaming in digital - living in realtime - thinking in binary - talking
in IP - welcome to our world

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHgjiB9A36oltxjVQRA8iyAKC2ZUSevK8D81YKU9Ydvq6W99lv6wCgprxo
PnkCYvKS068WCVZ1FrfCJ6Q=
=6x2J
-----END PGP SIGNATURE-----