>I have noticed that numerous packet captures have extra data in them,
>above and beyond the IP header reported length of the datagram. This
>extra data often breaks out into legible ASCII, including traffic
>that would normally be seen via web surfing, DNS, FTP, SMTP etc etc
>etc.
the capture was taken on ethernet, right? then there's no need to
worry. when ethernet handles very short packets, they transmit
junk at the end to make the packet longer than the minimal length.
the minimal length is from collision detection requirement.
itojun
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
