How do I deal with this? The number of captured packets of specific routing protocol is greater than the total number of captured packets. It just doesn´t make sense.
Please let me know if it´s a bug or I´m missing something. Sadly I can´t attach a picture.
Try the Development Release (3.7.0) available from the Wireshark Download page.
The Protocol Hierarchy stats were redone in 6650 - hierarchy stats: Only increment the total packet count once per frame.
Thank you very much for your suggestion, but I need a little bit of help first. I´m trying to resolve this problem on virtual machine (Linux) and I´m not really familiar with this operating system. Can you please help me with installation of development release 3.7.0? I don´t know what to do with the source code tar.xz after decompresing.
UNIX: Installation and Build Instructions
There is a tools directory in the source tree that has Linux setup scripts. Pick the appropriate one for your OS and it will pull in the dependencies.
Thank you very much, I finally managed to install it. So I captured the packets again and it worked! It doesn´t show above 100% anymore. I´m going to run a few more tests with different network sizes and tx ranges, but for now I consider this problem solved. Here´s the new capture file: https://www.dropbox.com/s/fg0sd6p1cyl...
Asked: 2022-05-18 19:17:29 +0000
Seen: 702 times
Last updated: Jun 03 '22
Which version of Wireshark (
wireshark -v)? Which routing protocol?(Protocol Hierarchy is a work in progress)
I´m using Wireshark 3.2.3 and I´m analyzing B.A.T.M.A.N. Advanced MANET routing protocol. I am capturing packets in network with different TX range set (50, 75, 100, 125 meters) and different network size (10, 20, 30 devices). For every range and size I get something reasonable like 30% or 70% but only for 50 meters with 30 devices I start getting 120% which is absolutely wrong and I simply can´t work with that.
. 1. Can you analyse with a more current version, i.e. 3.6.5 (or you could give the 3.7.0 version a try)? 2. Can you share a 'good case' and 'bad case' capture file on a publicly accessible file share service and post a link here?
Does your traffic include B.A.T.M.A.N encapsulated in B.A.T.M.A.N?
Issue 7009 has a pcap attached. Right click the
Internetwork Datagram Protocollayer in the Packet Details, selectDecode As...from the popup and changeIDPtoBATADV. There are now 26 B.A.T.M.A.N packets in the 13 Frames.So I upgraded my wireshark to 3.6.5 and captured the traffic again. The results are the same. I attach link with dropbox shared screenshots of good and bad case. I hope you can access it. https://www.dropbox.com/s/z00jfndjinl...https://www.dropbox.com/s/jp29mg4oppi...
Can you provide capture files for the two cases?
The links I provided are not accessible?
The screen shots show the results but not the packets Wireshark used in calculating the stats.
Both screen shots have more BATMAN frames than LLC so would be nice to see the source packets.
I have been unable to find a sample capture with BATMAN using LLC.
Hello everyone, sorry for not posting but I had to figure out a lot of things before being able to actually post it here. I´m providing two capture files from wireshark - bad and good cases (bad is with 50m tx range and good is with 75m tx range as I mentioned before). Links: BAD - https://www.dropbox.com/s/elozz08pek6... GOOD - https://www.dropbox.com/s/p61devwqu1i...