Sebastien Roy wrote:
Seeing as snoop currently doesn't know the MTU, it's rather silly that
it prints any such error in any case. It assumes that everything has a
1500 MTU (and it doesn't know what MTU a link had when the packets were
captured in a capture file, does it?)... IMO, let the administrator
determine what packets have a bogus length, and let snoop just report
what it sees.
Note that snoop is also a file format defined in RFC 1761 (with
addition in 3827). The question is that if snoop, the program,
sees a packet size larger than the max size defined by the
datalink type (encoded in the snoop file format), what does it
do? I guess it does not need to do anything :-) Snoop's knowledge
of max size defined by the datalink type may be outdated. I guess
just setting the original/included length in the header as is
should be good enough. And when reading in such file, just print
out the info encoded as is.
--
K. Poon.
[email protected]
_______________________________________________
networking-discuss mailing list
[email protected]
