This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Frame is too long

0

if a send more than 255 bytes, wireshark showing frame too long. I have set max size of 65536 in my code. can any one rep;y this issue?

asked 08 Jun '17, 01:59

san46's gravatar image

san46
6112
accept rate: 0%

My code? What's that?

(08 Jun '17, 02:56) Jaap ♦

What capture device do you capture from? The pipe feed must produce correct PCAP format frames.

(08 Jun '17, 04:57) Jaap ♦

PCAP format is correct. its

        uint magic_num = 0xa1b2c3d4;    // used for endianness
        short version_major = 2;        // version
        short version_minor = 4;        // version
        int thiszone = 0;               // zone (unused)
        uint sigfigs = 0;               // significant figures (unused)
        // earlier uint snaplen = 65536;
        uint snaplen = 65535;           // snapshot length (max value)
        uint network = 195;
(09 Jun '17, 01:47) san46

That is the file header, now you have to look at the individual frame headers. It must adhere to this format

(09 Jun '17, 02:12) Jaap ♦

packet header is also fine. I have attached my file to your email . pls check & reply

(09 Jun '17, 02:33) san46

Well, I don't C# so there's little point in sending me code. Post a link to a pcap file and we'll see what we can do.

(09 Jun '17, 04:12) Jaap ♦

Hi Jaap,

Thanks for reply. Bug fixed. it was issue in data type for a variable which i defined to compare with packet length.

(09 Jun '17, 06:38) san46
showing 5 of 7 show 2 more comments

One Answer:

0

In the end, buggy code generating the pcap stream triggered this defence in Wireshark.

answered 09 Jun '17, 10:10

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%