Bug 43684 - truncated ip message is wrong
Summary: truncated ip message is wrong
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: tcpdump
Version: 7.0
Hardware: i386
OS: Linux
medium
low
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-06-06 07:45 UTC by Jesper Skov
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2001-06-06 07:45:20 UTC
Embargoed:

Attachments (Terms of Use)

Description Jesper Skov 2001-06-06 07:45:16 UTC 
When seeing short packets, tcpdump prints out a warning like this:

09:39:12.829833 < truncated-ip - 46 bytes missing!192.168.42.112 >
thinktwice: i
cmp: echo request
                         4500 005c 8719 0000 ff01 5ec3 c0a8 2a70
                         c0a8 2a03 0800 cee9 3412 0500 1402 0000
                         0000 0000 0800 0000 0c00 0000 1000

But as can be seen, it's printing the length of the packet in the
warning, not the number of bytes missing (60-46 = 14).

Jesper
Comment 1 Harald Hoyer 2001-06-20 08:23:52 UTC 
look at the packet header: 4500 005c
5c is the length. 5c is 92. tcpdump is right, cause 92-46 = 46!
Note You need to log in before you can comment on or make changes to this bug.