Wireshark · Ethereal-dev: Re: [Ethereal-dev] incorrect packet length

Ethereal-dev: Re: [Ethereal-dev] incorrect packet length

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Fri, 6 Dec 2002 15:44:11 -0800

On Fri, Dec 06, 2002 at 10:36:44PM +0100, J.Smith wrote:
> I've tried to verify this behaviour by loading the attached file
> 'incorrect-packet-length.single-packet.trace' in both ethereal/tethereal and
> in tcpdump (using the '-r' option). Tcpdump then correctly states the total
> packet size as 'len 1500', while (t)ethereal incorrectly reports the total
> packet size as '1514'.

Incorrectly?  The packet *is* 1514 bytes long - 14 bytes of Ethernet
header, 20 bytes of IP header, 20 bytes of TCP header, and 1460 bytes of
TCP payload.

There are 1500 bytes of Ethernet *payload*; that's what tcpdump is
reporting.  That's the maximum amount of MAC client data according to
3.1.1 "MAC frame format" in IEEE Std 802.3-2002 - but that doesn't
include the destination address, source address, and length/type fields
in the Ethernet header, nor does it include the FCS at the end.

Follow-Ups:
- Re: [Ethereal-dev] incorrect packet length
  - From: J.Smith

References:
- [Ethereal-dev] incorrect packet length
  - From: J.Smith

Prev by Date: [Ethereal-dev] incorrect packet length
Next by Date: Re: [Ethereal-dev] incorrect packet length
Previous by thread: [Ethereal-dev] incorrect packet length
Next by thread: Re: [Ethereal-dev] incorrect packet length
Index(es):
- Date
- Thread