capture snaplen parameter -s not working

asked 2018-02-19 10:07:12 +0000

kuldip gravatar image

updated 2018-02-19 11:03:26 +0000

grahamb gravatar image

Using 2.0.13 version and upon trigerring opentionl ike below

"tshark -s 80"

expected behavior is that WS will capture only 80 bytes of any given packet if it exceeds to it. But its not working. it shows "Packet size limited during capture" but doesnt reduce it. May i know the behviour or this feature

1> will it reduce only when it goes to file and doesnt show on capture?

 43   0.999316   10.129.1.0 -> 10.129.1.0   TCP 154 rimsl > 61107 [PSH, ACK] Seq=91 Ack=1404 Win=24582 Len=88 TSval=208099 TSecr=207213
44   0.999501   10.129.1.0 -> 10.129.1.0   TCP 154 rimsl > 61107 [PSH, ACK] Seq=179 Ack=1404 Win=24582 Len=88 TSval=208099 TSecr=207213
 45   0.999672   10.129.1.0 -> 10.129.1.0   TCP 154 rimsl > 61107 [PSH, ACK] Seq=267 Ack=1404 Win=24582 Len=88 TSval=208099 TSecr=207213
 46   0.999842   10.129.1.0 -> 10.129.1.0   TCP 154 rimsl > 61107 [PSH, ACK] Seq=355 Ack=1404 Win=24582 Len=88 TSval=208099 TSecr=207213
 47   1.000058   10.129.1.0 -> 10.129.1.0   TCP 66 61107 > rimsl [ACK] Seq=1404 Ack=443 Win=24583 Len=0 TSval=208100 TSecr=208099
 48   1.046312   10.129.1.0 -> 10.129.1.0   TCP 261 61721 > submitserver [PSH, ACK] Seq=1 Ack=1 Win=16519 Len=195 TSval=208146 TSecr=203152[Packet size limited during capture]
 49   1.046368   10.129.1.0 -> 10.129.1.0   TCP 66 submitserver > 61721 [ACK] Seq=1 Ack=196 Win=19855 Len=0 TSval=208146 TSecr=208146
 50   1.139877   10.129.1.0 -> 10.129.1.0   TCP 66 submitserver > 63491 [ACK] Seq=1 Ack=1 Win=19721 Len=0 TSval=208240 TSecr=203232
edit retag flag offensive close merge delete