Wireshark-dev: [Wireshark-dev] Something about how to determine what is real data?(with padding
From: 蔡光宗 <acerguangzong@xxxxxxxxx>
Date: Fri, 9 Aug 2013 17:53:08 +0800

Dear Wireshark Developers:

       Hi, dear Wireshark Developers, thank you for your work on the Wireshark so we can use this powerful tool nowadays.

       I am study how to get the data via TCP, but I met some problems. When I use Wireshark to do some test, I find the reason and I don’t know how you solved it ?

内嵌图片 1

       When the packet’s length is bigger than 64Bytes, it has no problem. Ican use the formula() to calculate the length of the real data.

内嵌图片 3

But when the length is smaller than 64Bytes, the router will pad some “00” to the end of the packet and than send them out.Just like this:

内嵌图片 4

But why the padding data is belongs to the Ethernet II Layer ?(It is placed at the end of the packet.)

 

Can you give me some suggestions or tips about this situation ?(Explain why the padding data are placed at the end of the packet but belongs to the EthernetII, and how to determine what is real data?)

And if you can point out where i can find the determine function is really OK.

Thank you in advance.

Attachment: Padding_postion.jpg
Description: JPEG image