When trying to parse .pcap files from wireshark, collecting TCP packets. I am attempting to parse these files using the information listed here: https://wiki.wireshark.org/Development/LibpcapFileFormat
The TCP packets being sent accross have a paramerater state the size of the packet. However, often this size is greater than the wireshark packet header is set on top of each packet. However these packet sizes are much less then the snap len global packet header (which if I understand is the greatest a packet captured could be).
Is there a property of TCP I am not seeing? I don't understand how wireshark could be capturing less than the packet size itself.