On Feb 18, 2014, at 1:23 PM, Dirk Jagdmann <d...@cubic.org> wrote: > I also doubt that 95% of the use cases are asking for > reported/captured length. Personally I typically work on code to show the user > protocol (SSL, HTTP, DCE/RPC) and if a frame was truncated while capturing > (captured_length < actual_length) I can often not continue with dissecting the > user protocol, since I miss parts of the data.
You *can* continue dissecting the protocol. You just get an exception, so that the user sees that the data was in the packet, but the snapshot length was set too short to capture it. Stopping dissection just because the data to be dissected was cut off by a snapshot length is entirely the wrong thing to do, as it can make it look as if the packet didn't have the data in question. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
