Wireshark mailing list archives
Re: Ethernet padding in tcpdump captures?
From: Jaap Keuter <jaap.keuter () xs4all nl>
Date: Mon, 4 Nov 2019 15:12:05 +0000
Hi Andreas, Can you clarify your capture setup a little more? What interface are you capturing on? What is the direction of the packet flow you’re looking at (incoming or outgoing)? Where’’s the firewall in this context? Jaap
On 4 Nov 2019, at 14:30, Andreas Sikkema <h323 () ramdyne nl> wrote: Hi, I have this weird problem filtering out empty UDP messages on my (Linux) firewall and in the captures I noticed something I haven't seen before. If I capture the traffic using tcpdump and open the files using Wireshark, I see Ethernet padding on the messages the firewall doesn't appear to match. Since the UDP messages are empty they are below the 64bytes minimum Ethernet length so padding is to be expected on the wire, but I have never before seen Ethernet padding in captures made on PC hardware running Linux. Is this common?
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Ethernet padding in tcpdump captures? Andreas Sikkema (Nov 04)
- Re: Ethernet padding in tcpdump captures? Jaap Keuter (Nov 04)
- Re: Ethernet padding in tcpdump captures? Andreas Sikkema (Nov 04)
- Re: Ethernet padding in tcpdump captures? Guy Harris (Nov 04)
- Re: Ethernet padding in tcpdump captures? Andreas Sikkema (Nov 05)
- Re: Ethernet padding in tcpdump captures? Jaap Keuter (Nov 04)