Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Incl Size: 1514

That's the number of bytes of the frame that were captured. That's a full-size Ethernet packet, but without the FCS (which is often not provided to the host by the adapter, by default).

Orig Size: 1514

That's the number of bytes of frame that were on the wire. The Incl Size is equal to the Orig Size, so nothing was chopped off ("sliced") by the capture process having a snapshot length shorter than the maximum frame size.

However, the packets I am parsing.. which I guess would be the TCP packets payload, has its own size in the payload header which is 16244 Bytes.

The packets you're parsing would be the payload of the TCP segments.; a packet at a layer above the link layer can be larger than a single link-layer packet, and parsing that requires assembling multiple link-layer packets together. See SYN-bit's answer for the rest of your questions.