Im currently using the fallowing script to capture packets.. 
#!/usr/usc/perl/5.6.1/bin/perl
use strict;
use warnings;
$|++;

my $dev = shift @ARGV;
$dev ||= 'eth1';

my $filter_string = 'dst port 111';
#my $filter_string = 'udp';

my $snaplen = 65500;
my $promisc = 0;
my $timeout = 0;
my $count = -1;

use Net::Pcap;

my $err = '';
my $cap_dev;
my $filter = '';
my $net = -256;

$cap_dev = Net::Pcap::open_live($dev, $snaplen, $promisc, $timeout, \$
+err);
die "$err\n" if $err;

Net::Pcap::compile($cap_dev, \$filter, $filter_string, 0, -256)
        and die "compile: $err\n";

Net::Pcap::setfilter($cap_dev, $filter);
Net::Pcap::loop($cap_dev, $count, \&callback, 'woot');
Net::Pcap::close($cap_dev);
exit 0;

sub callback {
        my ($user_data, $hdr, $pkt) = @_;
        warn "packet!\n";
        my %header = %$hdr;
        process_packet(\%header, $pkt);
        my $len = length $pkt;
        warn "$header{len} $header{caplen} $len\n";
}

sub process_packet {
        my ($hdr, $pkt) = @_;
        my $len = length $pkt;
        warn "$hdr->{len} $hdr->{caplen} $len\n";
}

[download]
Now when i send a 5550 byte packet, I get this: 
root@a05s24:~/scanner# perl dn3.pl
packet!
1514 1514 1514
1514 1514 1514

[download]
I have the snaplen high in the script, and TCPdump pics up the packet fine: 
23:27:26.508174 IP 37.X.X.X.57114 > a05s24.sunrpc: UDP, length 5550

[download]
At this point im pretty stumped :( Anyone with Pcap experience please help me on this little error.

In reply to Getting packets over 1500 Bytes pcap. by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.