Wireshark-dev: [Wireshark-dev] Something about how to determine what is real data?(with padding
Dear Wireshark Developers:
Hi, dear Wireshark
Developers, thank you for your work on the Wireshark so we can use this
powerful tool nowadays.
I am study how to get the
data via TCP, but I met some problems. When I use Wireshark to do some test, I find
the reason and I don’t know how you solved it ?
When the packet’s length is
bigger than 64Bytes, it has no problem. Ican use the formula() to calculate the
length of the real data.
But when the length is smaller than 64Bytes, the router will pad some “00”
to the end of the packet and than send them out.Just like this:
But why the padding data is belongs to the Ethernet II Layer ?(It is
placed at the end of the packet.)
Can you give me some suggestions or tips about this situation ?(Explain
why the padding data are placed at the end of the packet but belongs to the
EthernetII, and how to determine what is real data?)
And if you can point out where i can find the determine function is really OK.
Thank you in advance.
Attachment:
Padding_postion.jpg
Description: JPEG image