Wireshark · Wireshark-users: Re: [Wireshark-users] Capturing Giant Packets Only

Wireshark-users: Re: [Wireshark-users] Capturing Giant Packets Only

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 02 Jul 2008 10:01:20 -0700

Sheahan, John wrote:

I just discovered that some of my trunks are clocking lots of giantpackets and I wanted to know if there is a way to filter just for giants?

If giant packets are Ethernet frames > 1514 bytes (if you don't countthe FCS)/1518 bytes (if you count the FCS), a capture filter such as"greater 1515" (confusingly, the "greater" operation in thelibpcap/WinPcap filter parser is defined to mean "greater than or equalto") or "greater 1519", depending on whether your adapter supplies theFCS when capturing, should work.

Follow-Ups:
- Re: [Wireshark-users] Capturing Giant Packets Only
  - From: Sheahan, John

References:
- [Wireshark-users] Version 1.0.1 (SVN Rev 25639) - > Bug ?
  - From: MEHMET YALTI
- [Wireshark-users] Capturing Giant Packets Only
  - From: Sheahan, John

Prev by Date: Re: [Wireshark-users] Version 1.0.1 (SVN Rev 25639) - > Bug ?
Next by Date: Re: [Wireshark-users] snoop capture dissector error
Previous by thread: [Wireshark-users] Capturing Giant Packets Only
Next by thread: Re: [Wireshark-users] Capturing Giant Packets Only
Index(es):
- Date
- Thread