Wireshark-dev: [Wireshark-dev] pcapng decoding error when preamble is shortened
|
Hi, It seems Wireshark fails to decode captured packets with shortened preamble? Normally Ethernet packets have a preamble and SFD like this: But during transmission over Ethernet, sometimes the preamble arrives slightly shorter at the receiving end. Some bytes, or even half a byte(!), at the start of the preamble can go missing for various technical reasons. This is considered normal, and all Ethernet MACs are required to properly decode packets with shortened preamble, as well as packets where the preamble is a non-integer number of bytes.
Decoding failure when preamble is shortened:
Normal preamble, decoding successful:
I have attached a pcapng file with these two packets. Timmy Brolin
KARLSRUHE | MILAN | MULHOUSE | NIVELLES | PUNE | RAVENSBURG | SEOUL | SINGAPORE | TOKYO | WETZLAR |
Attachment:
shortened_preamble.pcapng
Description: shortened_preamble.pcapng
- Follow-Ups:
- Re: [Wireshark-dev] pcapng decoding error when preamble is shortened
- From: Jaap Keuter
- Re: [Wireshark-dev] pcapng decoding error when preamble is shortened
- Prev by Date: Re: [Wireshark-dev] What mean "Error: Found prohibited APIs in ..." error during build?
- Next by Date: Re: [Wireshark-dev] What mean "Error: Found prohibited APIs in ..." error during build?
- Previous by thread: Re: [Wireshark-dev] What mean "Error: Found prohibited APIs in ..." error during build?
- Next by thread: Re: [Wireshark-dev] pcapng decoding error when preamble is shortened
- Index(es):
- Get Wireshark
- Download
- Code of Conduct