Wireshark · Wireshark-dev: Re: [Wireshark-dev] the feature of limiting packet size

Wireshark-dev: Re: [Wireshark-dev] the feature of limiting packet size

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Tue, 21 Jul 2009 03:06:00 -0700


On Jul 20, 2009, at 3:41 PM, Joshua (Shiwei) Zhao wrote:

I believe it's a bug there, at least in 1.0.4 I'm using.
I don't believe all packets have that big headers over 500 bytes.

What matters is whether all the data dissected in the packet is biggerthan the snapshot length; in an SMB request or response, for example,that would include any radio header the packet has, the 802.11 header,the IP header, the TCP header, the NetBIOS-over-TCP or SMB-over-TCPheader, and the entire SMB message, with the possible exception ofdata in a read reply or write request.

The code must checked the whole data payload size, instead of onlychecking the header length when it tries to dissect and throw anexecption.
I'll try to debug. Meanwhile any hints/suggestions are welcome.

Could you extract from the capture file one of the packets that'sclaimed to have been cut short and send it to us?

Follow-Ups:
- Re: [Wireshark-dev] the feature of limiting packet size
  - From: Joshua (Shiwei) Zhao

References:
- [Wireshark-dev] the feature of limiting packet size
  - From: Joshua (Shiwei) Zhao
- Re: [Wireshark-dev] the feature of limiting packet size
  - From: Guy Harris
- Re: [Wireshark-dev] the feature of limiting packet size
  - From: Joshua (Shiwei) Zhao
- Re: [Wireshark-dev] the feature of limiting packet size
  - From: Guy Harris
- Re: [Wireshark-dev] the feature of limiting packet size
  - From: Joshua (Shiwei) Zhao

Prev by Date: [Wireshark-dev] buildbot failure in Wireshark (development) on OSX-10.5-ppc
Next by Date: [Wireshark-dev] Missing diameter/eap.xml in 1.2.1?
Previous by thread: Re: [Wireshark-dev] the feature of limiting packet size
Next by thread: Re: [Wireshark-dev] the feature of limiting packet size
Index(es):
- Date
- Thread