> my _guess_ is that these messages you are looking at are normally
> smaller than the networks minimum message size, and instead of doing
> somethng "secure" to pad them out to the "right" minimum length, the
> NIC's involved are just using random data from a prior packet.
>
> you will notice that your IP len's are 40 wherease the ethernet packet
> length is 60 - 60 is the minimum ethernet macket size (irrc).
Yup (60 bytes of payload plus 4 bytes of CRC, as I remember).
40 bytes of IP plus 14 bytes of Ethernet header gives 54 bytes, which
requires 6 bytes to pad it out to 60 bytes of Ethernet payload - and a
lot of the packets appear to have about 6 bytes (e.g., "RCPT TO",
presumably left over from some SMTP transaction, in an HTTP packet).
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:[EMAIL PROTECTED]?body=unsubscribe
