-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Thx for making me retry Reinhard. No idea what I did wrong the first time, but this time it worked. After changing the variable in wtap.h and recompiling wireshark, I was able to open pcaps with packet sizes up to the specified size(for the test: 96k).
Looks like my project could actually work out. Now for the real work.... wrl P.s.: I didn't change env variables. All I did was edit wtap.h Reinhard Speyerer wrote: | warlord wrote: |> Good idea Ulf. I attached a small pcap which includes a hostname request |> sent to the nameserver. As I took the liberty to hexedit the IP |> addresses the checksum is wrong, but that doesn't matter. |> |> The two size fields in the pcap are 32 bits each, claiming the packet |> size was 4b 00 01 00(0x0001004b), which is 65611. When wireshark loads |> this pcap it complains about a packet size >65535. | | The solution proposed by Márton Németh works for me when I make sure that | the appropriate shared libraries are used, e.g. by using: | | $ perl -pi.bak -e 's/(#define.*WTAP_MAX_PACKET_SIZE).*/\1 262143/' wiretap/wtap.h | $ env LD_LIBRARY_PATH=/usr/local/wireshark-xxl/lib/ LD_RUN_PATH=/usr/local/wireshark-xxl/lib/ ./configure - --prefix=/usr/local/wireshark-xxl | $ env LD_LIBRARY_PATH=/usr/local/wireshark-xxl/lib/ LD_RUN_PATH=/usr/local/wireshark-xxl/lib/ make | $ env LD_LIBRARY_PATH=/usr/local/wireshark-xxl/lib/ LD_RUN_PATH=/usr/local/wireshark-xxl/lib/ make install | $ tshark -r /tmp/test2.pcap | tshark: "/tmp/test2.pcap" appears to be damaged or corrupt. | (pcap: File has 65611-byte packet, bigger than maximum of 65535) | $ /usr/local/wireshark-xxl/bin/tshark -r /tmp/test2.pcap | tshark: "/tmp/test2.pcap" appears to have been cut short in the middle of a packet. | | Regards, | Reinhard | | _______________________________________________ | Wireshark-dev mailing list | Wireshark-dev@wireshark.org | http://www.wireshark.org/mailman/listinfo/wireshark-dev - -- dreaming in digital - living in realtime - thinking in binary - talking in IP - welcome to our world -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHhhtL9A36oltxjVQRA8bLAJ9hzuCdhCke+XcSt7BLkgLDTrxuTgCfWjBD Bi6qAVzaLJwGjQDeRPJ4508= =RlJf -----END PGP SIGNATURE----- _______________________________________________ Wireshark-dev mailing list Wireshark-dev@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-dev
