Closed frankvandenhurk closed 2 years ago
As you can see, the missing bytes are exactly the difference between 1514 and the actual length of the pakcet. Looks like there are valid packets with more than 1514 bytes?
Indeed. I don't really have an explanation for this, other than the MTU being higher than 1500 (but maybe I'm missing something). Have you verified the actual MTU?
In any case, you can tell spin-pcap-reader to deal with this by increasing 1514 to some other number with the -s
flag. But that has the downside that more time is spent on handling each packet, which increases the number of packets that spin-pcap-reader doesn't see.
I'v checked the config of the Unifi network and is was on default (1500). Changed it to 1452 to test, but still error's:
spin-pcap-reader: caplen 6000 != len 33638, spin-pcap-reader: Truncated IP packet: 27638 bytes missing spin-pcap-reader: caplen 6000 != len 7358, spin-pcap-reader: Truncated IP packet: 1358 bytes missing spin-pcap-reader: caplen 6000 != len 11738, spin-pcap-reader: Truncated IP packet: 5738 bytes missing spin-pcap-reader: caplen 6000 != len 17578, spin-pcap-reader: Truncated IP packet: 11578 bytes missing
I think that's similar to what you have reported in issue #92 so let's continue the conversation there.
Hi,
Just added a VLAN with regular windows machines instead of just IoT devices. Spin-pcap-reader gives the following error's:
As you can see, the missing bytes are exactly the difference between 1514 and the actual length of the pakcet. Looks like there are valid packets with more than 1514 bytes?
NB: I have a network build with components from Unifi and haven't changed the MTU settings