Hi,
I’m using tshark to translate previously-captured pcap files to text (tshark -V -r file.pcap). Searching help I’ve found many useful options (including this translate itself, and turning on checksum checking). However I would like to turn on Internet Protocol Total Length checking - if possible.
I have files that I believe to be the output of tshark, with this:
Internet Protocol Version 4, Src: 10.168.16.1, Dst: 10.168.16.10
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 61
[Expert Info (Error/Protocol): IPv4 total length exceeds packet length (50 bytes)]
[IPv4 total length exceeds packet length (50 bytes)]
[Severity level: Error]
[Group: Protocol]
But using tshark myself I can't get the “expert info” output. I’ve tried “-z expert” and many combinations of the other parameters to this, but no luck.
So, can anyone tell me what I need to do?
Thanks.