Hello,
I am trying to check for all NFS WRITE RPC requests in a packet capture
that's around 27GB in size. I know that all NFS WRITEs are 1MB in size, so
there should be ~27K NFS WRITE requests in the capture, but tshark (and
also wireshark) give up after exactly 4095.
# ls -lh merged.pcap
-rwxrwx
On Fri, Jan 26, 2024, 4:27 AM Linux Smiths wrote:
>
> Can someone confirm this or if anyone has used wireshark/tshark to decode
> RPC streams greater than 4GB your confirmation will be helpful too. Btw
> I've tried all the protocol preferences and nothing helps.
>
> Thanks,
> LS
>
>
It's a known
Thanks John, that was really helpful!
This isn't documented and also Google search for "wireshark 4GB limit"
doesn't yield anything helpful.
What makes things worse is if we split capture files into say 2GB chunks
wireshark/tshark cannot correctly decode the individual files also since
the RPC reco
