Re: Ethernet padding in tcpdump captures?

[Jaap Keuter <jaap.keuter () xs4all nl>]

Hi Andreas,

Can you clarify your capture setup a little more? What interface are you capturing on? What is the direction of the 
packet flow you’re looking at (incoming or outgoing)? Where’’s the firewall in this context? 

Jaap


> On 4 Nov 2019, at 14:30, Andreas Sikkema <h323 () ramdyne nl> wrote:
>
> Hi,
>
> I have this weird problem filtering out empty UDP messages on my (Linux) firewall and in the captures I noticed 
> something I haven't seen before. 
>
> If I capture the traffic using tcpdump and open the files using Wireshark, I see Ethernet padding on the messages the 
> firewall doesn't appear to match. 
>
> Since the UDP messages are empty they are below the 64bytes minimum Ethernet length so padding is to be expected on 
> the wire, but I have never before seen Ethernet padding in captures made on PC hardware running Linux. Is this common?

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe