user16105342
Reputation:
filter the packets Wireshark with size
I am trying to solve the below question: filter the UDP packets having a size equal to 242 bytes.
I looked to this answer udp.length==209 set a filter of packet length in wireshark, but instead of getting packets with length 209 bytes I get packets with length 243 bytes.
screenshot. can anyone explain?
Upvotes: 0
Views: 2522
Answers (1)
Ross Jacobs
Reputation: 3186
Your image shows a packet like
Frame 243 bytes
'-> Ethernet
'-> IPv4
'-> UDP
'-> Dropbox LAN Sync
Ethernet will be 14 bytes with 6 per src/dst MAC address and 2 bytes for Ethertype. The IPv4 header will be a minimum of 20 bytes, but could be more with options. It just so happens to be 20 here.
Eth 14 bytes + IP 20 bytes = 34 bytes
243 bytes - 34 bytes of Eth/IP = 209 bytes of UDP data
Upvotes: 1
Related Questions
- wireshark capture filter for specific UDP bytes
- How to use filters in the wireshark?
- set a filter of packet length in wireshark
- Advanced filtering in wireshark
- How to filter package content in wireshark?
- Wireshark filter syntax needed
- How to filter TCP option with wireshark?
- How to filter wireshark to display only packets between a server and a client?
- How to filter packet on wireshark
- How can i limit the packet size when i am capturing with Tshark using command line