Wireshark-users: Re: [Wireshark-users] Check Internet Protocol Total Length

From: "Maynard, Chris" <Christopher.Maynard@xxxxxxx>
Date: Tue, 25 Apr 2017 17:00:28 +0000
You shouldn’t need to do anything.  If you’re not seeing the Expert Info displayed, then the length is correct.  If you suspect that the header length is incorrect, then please share a capture file with us.
- Chris

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Chris Miller
Sent: Tuesday, April 25, 2017 4:44 AM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Check Internet Protocol Total Length

Hi,

I’m using tshark to translate previously-captured pcap files to text (tshark -V -r file.pcap).  Searching help I’ve found many useful options (including this translate itself, and turning on checksum checking).  However I would like to turn on  Internet Protocol Total Length checking - if possible.

I have files that I believe to be the output of tshark, with this:
      Internet Protocol Version 4, Src: 10.168.16.1, Dst: 10.168.16.10
          0100 .... = Version: 4
          .... 0101 = Header Length: 20 bytes
          Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
          Total Length: 61
              [Expert Info (Error/Protocol): IPv4 total length exceeds packet length (50 bytes)]
                  [IPv4 total length exceeds packet length (50 bytes)]
                 [Severity level: Error]
                  [Group: Protocol]

But using tshark myself I can't get the “expert info” output.  I’ve tried “-z expert” and many combinations of the other parameters to this, but no luck.

So, can anyone tell me what I need to do?

Thanks.
CONFIDENTIALITY NOTICE: This message is the property of International Game Technology PLC and/or its subsidiaries and may contain proprietary, confidential or trade secret information.  This message is intended solely for the use of the addressee.  If you are not the intended recipient and have received this message in error, please delete this message from your system. Any unauthorized reading, distribution, copying, or other use of this message or its attachments is strictly prohibited.

<<attachment: winmail.dat>>