Wireshark · Wireshark-users: [Wireshark-users] Ethernet padding in tcpdump captures?

Wireshark-users: [Wireshark-users] Ethernet padding in tcpdump captures?

From: Andreas Sikkema <h323@xxxxxxxxxx>

Date: Mon, 4 Nov 2019 15:30:55 +0100

Hi,

I have this weird problem filtering out empty UDP messages on my (Linux) firewall and in the captures I noticed something I haven't seen before.

If I capture the traffic using tcpdump and open the files using Wireshark, I see Ethernet padding on the messages the firewall doesn't appear to match.

Since the UDP messages are empty they are below the 64bytes minimum Ethernet length so padding is to be expected on the wire, but I have never before seen Ethernet padding in captures made on PC hardware running Linux. Is this common?

Andreas Sikkema

Follow-Ups:
- Re: [Wireshark-users] Ethernet padding in tcpdump captures?
  - From: Jaap Keuter
- Re: [Wireshark-users] Ethernet padding in tcpdump captures?
  - From: Guy Harris

Prev by Date: Re: [Wireshark-users] Firefox not logging into $SSLKEYLOGFILE
Next by Date: Re: [Wireshark-users] Ethernet padding in tcpdump captures?
Previous by thread: Re: [Wireshark-users] Firefox not logging into $SSLKEYLOGFILE
Next by thread: Re: [Wireshark-users] Ethernet padding in tcpdump captures?
Index(es):
- Date
- Thread