On 08/09/13 05:53, 蔡光宗 wrote:
Dear Wireshark Developers:
Hi, dear Wireshark Developers, thank you for your work on the
Wireshark so we can use this powerful tool nowadays.
I am study how to get the data via TCP, but I met some problems.
When I use Wireshark to do some test, I find the reason and I don’t know
how you solved it ?
内嵌图片 1
When the packet’s length is bigger than 64Bytes, it has no problem. Ican
use the formula() to calculate the length of the real data.
内嵌图片 3
But when the length is smaller than 64Bytes, the router will pad some
“00” to the end of the packet and than send them out.Just like this:
内嵌图片 4
But why the padding data is belongs to the Ethernet II Layer ?(It is
placed at the end of the packet.)
Because the minimum frame size for Ethernet is 64 bytes. Packets
smaller than that must be padded out to 64 bytes. See:
http://wiki.wireshark.org/Ethernet#Allowed_Packet_Lengths
Googling for "ethernet minimum frame size" will also give some
historical perspective as to why the minimum frame size was necessary.
For example:
http://answers.yahoo.com/question/index?qid=20070827093139AAhV7yK
