-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 Yoyo
So I'm playing around with wireshark, a custom dissector, a hex editor and a test pcap file. The pccap file format supports a size field of 32 bit(though I'd prefer that to be 64 bit). When I set my packet size to > 0xffff though, I get a warning from wireshark that the packet is too big and can't be processed. Is there a way around that? I need support for packets bigger than 65535. My packet type in the pcap is "Null/Unknown" btw(my own type actually), and I have an example dissector for it which seems to work fine. So it's not a problem of ethernet or something with a 16 bit size field. Thanks for your help, wrl - -- dreaming in digital - living in realtime - thinking in binary - talking in IP - welcome to our world -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdUZE9A36oltxjVQRA7kyAJ4uq/a8kTEOgzRQHLmf2vOsqD3aHACgmYd2 2N3REgxqjotv2SnaiJCSY+4= =+Yq5 -----END PGP SIGNATURE----- _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
