How do I deal with this? The number of captured packets of specific routing protocol is greater than the total number of captured packets. It just doesn´t make sense.
Please let me know if it´s a bug or I´m missing something. Sadly I can´t attach a picture.
Try the Development Release (3.7.0) available from the Wireshark Download page.
The Protocol Hierarchy stats were redone in 6650 - hierarchy stats: Only increment the total packet count once per frame.
Thank you very much for your suggestion, but I need a little bit of help first. I´m trying to resolve this problem on virtual machine (Linux) and I´m not really familiar with this operating system. Can you please help me with installation of development release 3.7.0? I don´t know what to do with the source code tar.xz after decompresing.
UNIX: Installation and Build Instructions
There is a tools directory in the source tree that has Linux setup scripts. Pick the appropriate one for your OS and it will pull in the dependencies.
Thank you very much, I finally managed to install it. So I captured the packets again and it worked! It doesn´t show above 100% anymore. I´m going to run a few more tests with different network sizes and tx ranges, but for now I consider this problem solved. Here´s the new capture file: https://www.dropbox.com/s/fg0sd6p1cyl...
Asked: 2022-05-18 19:17:29 +0000
Seen: 492 times
Last updated: Jun 03 '22
Which version of Wireshark (
wireshark -v)? Which routing protocol?(Protocol Hierarchy is a work in progress)
I´m using Wireshark 3.2.3 and I´m analyzing B.A.T.M.A.N. Advanced MANET routing protocol. I am capturing packets in network with different TX range set (50, 75, 100, 125 meters) and different network size (10, 20, 30 devices). For every range and size I get something reasonable like 30% or 70% but only for 50 meters with 30 devices I start getting 120% which is absolutely wrong and I simply can´t work with that.
. 1. Can you analyse with a more current version, i.e. 3.6.5 (or you could give the 3.7.0 version a try)? 2. Can you share a 'good case' and 'bad case' capture file on a publicly accessible file share service and post a link here?
Does your traffic include B.A.T.M.A.N encapsulated in B.A.T.M.A.N?
Issue 7009 has a pcap attached. Right click the
Internetwork Datagram Protocollayer in the Packet Details, selectDecode As...from the popup and changeIDPtoBATADV. There are now 26 B.A.T.M.A.N packets in the 13 Frames.So I upgraded my wireshark to 3.6.5 and captured the traffic again. The results are the same. I attach link with dropbox shared screenshots of good and bad case. I hope you can access it. https://www.dropbox.com/s/z00jfndjinl...https://www.dropbox.com/s/jp29mg4oppi...