Can you extend the capture length (snaplen) to capture the full headers? In the capture file, frame.cap_len = 64 bytes.
The header lengths (in bytes) are ethernet (14) + VLAN (4) + IP (20) + TCP (20 + options). The TCP header lengths (tcp.hdr_len) in the capture are all 32 bytes. 14 + 4 + 20 + 32 = 70 bytes (sum all header lengths) On Sat, Oct 2, 2021 at 10:24 AM Minaev Andrey via Wireshark-dev < wireshark-dev@wireshark.org> wrote: > Version 3.4.8 (v3.4.8-0-g3e1ffae201b8) > > Copyright 1998-2021 Gerald Combs <ger...@wireshark.org> and contributors. > License GPLv2+: GNU GPL version 2 or later < > https://www.gnu.org/licenses/gpl-2.0.html> This is free software; see the > source for copying conditions. There is NO warranty; not even for > MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. > > Compiled (64-bit) with Qt 5.15.2, with libpcap, with GLib 2.52.3, with > zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with > GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, > with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with > Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with > automatic updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP > (using bundled resampler), with Minizip. > > Running on 64-bit Windows 10 (1709), build 16299, with Intel(R) Core(TM) > i7-7700 CPU @ 3.60GHz (with SSE4.2), with 16247 MB of physical memory, with > locale C, with light display mode, without HiDPI, with Npcap version 1.31, > based on libpcap version 1.10.1-PRE-GIT, with GnuTLS 3.6.3, with Gcrypt > 1.8.3, with brotli 1.0.2, with AirPcap 4.1.1 build 1800, binary plugins > supported (21 loaded). Built using Microsoft Visual Studio 2019 (VC++ > 14.29, build 30040). > > > > Hello, I think I found a bug. When you open a traffic dump, the net.cap > file, and try to look at the Statistics → TCP Stream graphs, the error > "Selected packet isnt a TCP segment or is truncated" is displayed. But > why a complete tcp packet is needed is not clear. For example, the "Round > trip time" report is based on the time the packet was sent and the ACK > received, and this does not require the entire packet. Some networking > equipment allows only the packet headers to be dumped, without the payload, > as shown in the traffic dump in the net.cap file. > ------------------------------ > УВЕДОМЛЕНИЕ О КОНФИДЕНЦИАЛЬНОСТИ OZON: Настоящее письмо и приложенные к > нему документы содержат конфиденциальную информацию и предназначены > адресату письма. Если Вы не являетесь адресатом письма или получили его по > ошибке, пожалуйста, сообщите об этом отправителю и удалите письмо и > приложения к нему со всех ваших устройств. Копирование, пересылка или > распространение письма и приложений к нему лицами, которым письмо не > предназначалось, нарушают закон и строго запрещены. OZON CONFIDENTIALITY > NOTICE: This email and any documents attached to it contain confidential > information addressed to the intended recipient. If you are not the > intended recipient or have received this email in error, please notify the > sender and delete this email and all attachments hereto from all your > devices. Copying, distribution or dissemination of this email and its > attachments by any persons whom the email has not been intended to, are > unlawful and strictly prohibited. > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
