Wireshark · Wireshark-users: Re: [Wireshark-users] tcpdump with snaplen set to 128

Wireshark-users: Re: [Wireshark-users] tcpdump with snaplen set to 128

From: Perry Smith <pedzsan@xxxxxxxxx>

Date: Mon, 15 Oct 2012 19:13:55 -0500

On Oct 15, 2012, at 7:00 PM, Guy Harris wrote:

> 
> On Oct 15, 2012, at 4:01 PM, Perry Smith <pedzsan@xxxxxxxxx> wrote:
> 
>> Frame Length and Capture Length both say 128 bytes.
> 
> As I suspected.
> 
>> Back on my original question: would you say that sense the Frame Length is bogus, wireshark is doing as well as expected?
> 
> Yes.

Thanks.  For future googlers:

on AIX, iptrace with the -B -S <snaplen> will produce this.  Adding -T to cause iptrace to create a tcpdump format file works around the issue.

I'm wondering if maybe the iptrace format doesn't have both fields.

Thank you,
Perry Smith

Follow-Ups:
- Re: [Wireshark-users] tcpdump with snaplen set to 128
  - From: Guy Harris

References:
- [Wireshark-users] tcpdump with snaplen set to 128
  - From: Perry Smith
- Re: [Wireshark-users] tcpdump with snaplen set to 128
  - From: Guy Harris
- Re: [Wireshark-users] tcpdump with snaplen set to 128
  - From: Perry Smith
- Re: [Wireshark-users] tcpdump with snaplen set to 128
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] tcpdump with snaplen set to 128
Next by Date: Re: [Wireshark-users] tcpdump with snaplen set to 128
Previous by thread: Re: [Wireshark-users] tcpdump with snaplen set to 128
Next by thread: Re: [Wireshark-users] tcpdump with snaplen set to 128
Index(es):
- Date
- Thread