Wireshark-users: Re: [Wireshark-users] tcpdump with snaplen set to 128

From: Perry Smith <pedzsan@xxxxxxxxx>
Date: Tue, 16 Oct 2012 09:47:35 -0500
On Oct 15, 2012, at 9:20 PM, Guy Harris wrote:

> 
> On Oct 15, 2012, at 6:41 PM, Perry Smith <pedzsan@xxxxxxxxx> wrote:
> 
>> I'd be happy to supply a sample.  Can you suggest a way to get it to you?
> 
> The best way would probably be to file a bug at
> 
> 	http://bugs.wireshark.org/

I can do that but wanted to point out that there are three ways to run iptrace.

One is just iptrace.  Wireshark knows how to use those file just fine.

Second is iptrace with -B.  This is where the problem arises.  -B uses the bpf filter from tcpdump but formats the output as an iptrace file.  This  is where we see the problem.

Third is iptrace with -B and -T.  Wireshark knows how to handle this file too.

It seems probable that this is an AIX bug.  I want to investigate this a little more to make sure the three statements above are correct.

Perry