warlord wrote: > Good idea Ulf. I attached a small pcap which includes a hostname request > sent to the nameserver. As I took the liberty to hexedit the IP > addresses the checksum is wrong, but that doesn't matter. > > The two size fields in the pcap are 32 bits each, claiming the packet > size was 4b 00 01 00(0x0001004b), which is 65611. When wireshark loads > this pcap it complains about a packet size >65535.
The solution proposed by Márton Németh works for me when I make sure that the appropriate shared libraries are used, e.g. by using: $ perl -pi.bak -e 's/(#define.*WTAP_MAX_PACKET_SIZE).*/\1 262143/' wiretap/wtap.h $ env LD_LIBRARY_PATH=/usr/local/wireshark-xxl/lib/ LD_RUN_PATH=/usr/local/wireshark-xxl/lib/ ./configure --prefix=/usr/local/wireshark-xxl $ env LD_LIBRARY_PATH=/usr/local/wireshark-xxl/lib/ LD_RUN_PATH=/usr/local/wireshark-xxl/lib/ make $ env LD_LIBRARY_PATH=/usr/local/wireshark-xxl/lib/ LD_RUN_PATH=/usr/local/wireshark-xxl/lib/ make install $ tshark -r /tmp/test2.pcap tshark: "/tmp/test2.pcap" appears to be damaged or corrupt. (pcap: File has 65611-byte packet, bigger than maximum of 65535) $ /usr/local/wireshark-xxl/bin/tshark -r /tmp/test2.pcap tshark: "/tmp/test2.pcap" appears to have been cut short in the middle of a packet. Regards, Reinhard _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
