Wireshark-users: Re: [Wireshark-users] tcpdump with snaplen set to 128

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 15 Oct 2012 19:20:34 -0700
On Oct 15, 2012, at 6:41 PM, Perry Smith <pedzsan@xxxxxxxxx> wrote:

> I'd be happy to supply a sample.  Can you suggest a way to get it to you?

The best way would probably be to file a bug at

	http://bugs.wireshark.org/

asking for an enhancement to try to find out the "on-the-wire" packet length in iptrace packets, and attach the capture.  File it against the product "Wireshark" and the component "Capture file support (libwiretap)".  Attachments *can* be marked as private, so that, for example, capture files can be made readable only by Wireshark developers in the right group (Gerald, who's that?), but a quick test didn't show how to mark it as such *at the time you attach it*.

Indicate in the bug what the "on-the-wire" packet length(s) for the packet(s) in question should be; one packet that was longer, on the wire, than the snapshot length should suffice.

We may mark it as "WONTFIX" if there's no "on the wire" packet length we could find; otherwise, if we find it, we'll fix it.