jerrypy
Reputation: 139
What does "raw packet data" field mean in Wireshark?
As you can see in first figure, what does that Raw packet data mean? What is the difference between normal tcp packet in figure 2?
FYI, I'm using Wireshark 2.2.0.
Upvotes: 3
Views: 13446
Answers (1)
sismo
Reputation: 346
Basically when you are capturing packets on an interface you have an associated link type to it (ethernet, 802.11, 802.15.4, etc).
Raw packet is used when you dont have any, the first bytes captured are directly the IPv6 or IPv4 header.
Raw IP; the packet begins with an IPv4 or IPv6 header, with the "version" field of the header indicating whether it's an IPv4 or IPv6 header.
From http://www.tcpdump.org/linktypes.html
Upvotes: 4
Related Questions
- Meaning ofsequence number (raw) in wireshark
- Are raw data provided by tshark full?
- Wireshark: what is the difference between "TCP payload" and "TCP segment data"?
- How to extract raw data from TCP packets using Wireshark
- What's [TCP ACKed unseen segment] & etc in Wireshark?
- what does this wireshark info refer to
- Wireshark Packets 'Data' Format
- Tcp packet of 60 bytes sent with no data
- Data payload in a TCP ack
- What's the redundant data in TCP packet?