Home page logo

wireshark logo Wireshark mailing list archives

Something about how to determine what is real data?(with padding "00")
From: 蔡光宗 <acerguangzong () gmail com>
Date: Fri, 9 Aug 2013 17:53:08 +0800

Dear Wireshark Developers:

       Hi, dear Wireshark Developers, thank you for your work on the
Wireshark so we can use this powerful tool nowadays.

       I am study how to get the data via TCP, but I met some problems.
When I use Wireshark to do some test, I find the reason and I don’t know
how you solved it ?

[image: 内嵌图片 1]

       When the packet’s length is bigger than 64Bytes, it has no problem.
Ican use the formula() to calculate the length of the real data.

[image: 内嵌图片 3]

But when the length is smaller than 64Bytes, the router will pad some “00”
to the end of the packet and than send them out.Just like this:

[image: 内嵌图片 4]

But why the padding data is belongs to the Ethernet II Layer ?(It is placed
at the end of the packet.)

Can you give me some suggestions or tips about this situation ?(Explain why
the padding data are placed at the end of the packet but belongs to the
EthernetII, and how to determine what is real data?)

And if you can point out where i can find the determine function is really

Thank you in advance.

Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]