Hello all, With Wireshark Version 1.6.1 (SVN Rev 38096 from /trunk-1.6), I get the error "File has 65536-bye packet, bigger than maximum of of 65535". mtu size is 65520 which is correct accoding to the Mellanox User Guide. DEVICE=ib0 HWADDR= IPADDR=10.3.1.1 NETMASK=255.255.0.0 BOOTPROTO=static ONBOOT=yes MTU=65520 Would someone know why the error is occuring and if there is any solution in Wireshark to overcome this problem. Thanks, Paul Savoie asked 07 Sep '11, 08:30  pauljsavoie |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
An often occurring reason for this error is that the capture file somehow is corrupted.
So: (just to start at the beginning and to get this out of the way): Was the capture file copied/transferred before being read by Wireshark ? (Also: how was the capture file created ?)
The MTU size isn't the raw link-layer packet size; with an MTU of 65520, if the link-layer header length is 16 bytes or more, that means that the packet length will really be 65536, in which case Wireshark should increase its maximum packet size (and libpcap needs to increase its maximum packet size, and tcpdump needs to increase its default snapshot length).
Wireshark does have to check for a too-large packet, as does libpcap, in order to avoid some denial-of-service attacks with bad capture files, but the limit may need to be increased.
Hello Bill, We captured a new trace and took care to transfer the data as you suggested but the problem persisted.
Hello Guy, If your analysis is correct, are there config settings I can modify or Wireshark will needs to be modified?
I will check this site for the procedure to submit ane enhancemen request.
Thanks to you both for replying.
Cheers, Paul
If, with Infiniband, you can get 65536-byte packets, then Wireshark (and libpcap and tcpdump) need to be modified. Submit the enhancement request (with one of the Infiniband capture files, if possible) as a bug on the Wireshark Bugzilla.