>> It is on Ethernet jumbo-capable Intel, Broadcom, and some others. It looks >> like the original tcpdump developer hard-coded 1516 when he probably meant >> 1514.
>So jumbo frames appear to be larger than the snapshot length? The warnings are triggered by jumbo frames and LSO frames: any packet greater than 1516 bytes in length. >> Are you saying that rather than adding an option to ignore >> snapshot_length/packet size discrepancies it might be best to not generate >> these warnings? >Yes. I.e., it might be best to just hardwire in the "ignore those >discrepancies" option. OK. I'll submit a patch that adds the option "Do NOT issue a warning if the packet size exceeds the snapshot length in the capture header." in Preferences>Protocols>Frame and set the default to not issue a warning (checkmark set). If unchecked, the warning will be "pcap: <n>-byte packet exceeds snapshot length of <n>." rather than "pcap: File has packet larger than file's snapshot length." Thanks. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
