 | 1 | initial version |
Packet 6 in the capture has both the length and captured length as 355 bytes. The total length field in the IPv4 header is 344 bytes; as RFC 791 section 3.1 says, "Total Length is the length of the datagram, measured in octets, including internet header and data." The packet also has a 14-byte Ethernet header, so the total length of the packet should be 344+14 = 358 bytes.
So the packet was written incorrectly. If it was written by code running in Scapy, either Scapy has a bug or the code running in Scapy has a bug.
If I use the View > Reload as File Format/Capture item to cause Wireshark to read the raw file and show the internal structure of the file, packet 6 has a captured length of 358 bytes and an "on the network length" of 355 bytes. It is never valid for the captured length to be larger than the on-the-network length.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
